Necesito ayuda con Ransomvare extensión .nesa

Me ha infectado el virus nasa que es un ransomware, al instalarme una actualizacion de windows10 y varias actualizaciones que no queria. Lo primero que hice fue volver a una copia de seguridad de antes de la infeccion, pero no se como seguir ni si he eliminado el virus. Agradeceria cualquier ayuda.

Hola

Las actualizaciones de windows no traen rasonware, por lo que el problema seria por alguna otra descarga de sitios dudosos o de sofware pirata, o archivos adjuntos.

Entra en el siguiente enlace y comprueba el resultado y nos lo comenta

Pega la URL del navegador con el resultado que te salga. ten en cuenta que muchos casos no es posible desencriptar los archivos.

Copias de seguridad en discos externos o estraibles o en la nube son algo fundamental sobre todo si se trata de información importante

hola y gracias por responder. no se si copie bien la respuesta, ahí va https://id-ransomware.malwarehunterteam.com/identify.php?case=963ae2d8146a23d2c8c571243a9562682e37591a gracias de nuevo

hola de nuevo te explico lo que he hecho hasta ahora 1 cuando me di cuenta de la infeccion, restaure una recuperacion anterior pues tenia ademas de la acutualizacio de windows 10 cuatro actualizaciones mas que se instalaron por su cuenta

2 me descargue el spyhunter5 y el malwarebyte y los pase, pero el malware lo he desisnstalado pq no deja de bloquearme las descargas, ademas los dos solo me analizaron el disco c, y tengo tres discos el c que es hdd y donde solo tengo windows, el d que es el disco normal y cuando se lleno tuve que instalar un externo E que es donde me ha hecho un desastre. 3 siguiendo lo que lei en internet, antes habia cargado windows en modo a prueba de fallos con internet, pero en el registro no encontre el virus nasa, puede que siga ahi pero yo soy muy torpe y no supe hallarlo

3 pase el zemana portable que tengo y que me permite scanear los 3 discos duros. hasta ali todo lo que he hecho gracias de antemano

Primeramente ,tienes archivos que necesites encriptados??

luego si restaurante con una copia anterior que tenías ,entiendo una imagen completa del sistema, el virus habrá desaparecido, pero no ha sido otros posibles virus que tuvieses en el momento de la copia claro.

coméntame este punto de cómo hiciste la restauración a una copia anterior es decir si usaste una imagen creada por Windows O por otro programa o solo restauraste ciertos archivos

por otro lado spyHunter está considerado un falso antivirus por lo tanto desinstalarlo inmediatamente

gracias por responder tan rapido el problema es que me ha fastidiado todos los exe de programas q suelo utilizar: paint.net, el open office, etc restaure a una copia del dia 20/9/2019 que me hizo automaticamente windows

Vale,lo que hiciste fue usar la opcion “restaurar sistema”, lo que no es lo mismo que restaura desde una copia que hubieses echo, es decir, una imagen, cuya opción windows 10 nos da, y es lo mejor de todo.

En este caso, restaurar, por lo que me dices, no ha solucionado los errores de los exe, y no se si tienes documentos encriptados que necesites, pues eso te lo pregunte, pero la respuesta no es clara.

Si tus exe estan dañados y restaurar sistema no lo ha solucionado, y no tienes imagen del sistema, solo te queda reinstalar esos programas.

Aquellos que no puedas reinstalar sobre el que tienes, que suele ser posible, deberás desinstalar antes y luego reinstalar.

Pega esto para revisar ese pc

  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

FRST.txt

**Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-09-2019**
**Ran by** enike (administrator) on LAPTOP-2K7O7TJC (HP OMEN by HP Laptop) (28-09-2019 11:42:21)
Running from D:\explorerdescargas
Loaded Profiles: enike (Available Profiles: enike)
Platform: Windows 10 Home Version 1803 17134.950 (X64) Language: Español (España, internacional)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] H:\JUEGOS1\PhoenixPointBackerBuild2\PhoenixPointWin64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\enike\AppData\Roaming\uTorrent\helper\helper.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\enike\AppData\Roaming\uTorrent\updates\3.5.5_45341\utorrentie.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\enike\AppData\Roaming\uTorrent\updates\3.5.5_45341\utorrentie.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe
(Cheat Engine -> Cheat Engine) H:\PROGRAMASS\cheatengine 6.3 bis\Cheat Engine 6.3\cheatengine-x86_64.exe
(Cheat Engine -> Cheat Engine) H:\PROGRAMASS\cheatengine 6.3 bis\Cheat Engine 6.3\cheatengine-x86_64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Hi-Rez Studios) [File not signed] D:\juegos1\Hi rez\HiPatchService.exe
(HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Software Development Products -> Intel(R) Corporation) C:\Program Files (x86)\Common Files\Intel\RSDCM_SR300\bin\win32\RealSenseDCMSR300.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lavasoft Software Canada -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\enike\AppData\Local\Microsoft\OneDrive\19.152.0801.0009\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\enike\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\windows nt\accessories\wordpad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\FileHistory.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\OpenWith.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\OpenWith.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\OpenWith.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\OpenWith.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe
    (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Unity Technologies Aps -> ) H:\JUEGOS1\PhoenixPointBackerBuild2\UnityCrashHandler64.exe
    (win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
    (win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
    (win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc. -> HP Inc.)
    HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [DAEMON Tools Lite Automount] => "D:\programas\DAEMON Tools Lite\DTAgent.exe" -autorun
    HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [Chromium] => c:\users\enike\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed]
    HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [Wargaming.net Game Center] => "D:\juegos1\Wargaming.net\GameCenter\wgc.exe" --background ''
    HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [Steam] => "D:\juegos1\Steam\steam.exe" -silent
    HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7704168 2017-12-25] (Lavasoft Software Canada -> Lavasoft)
    HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [GoogleChromeAutoLaunch_F20F710A8B8C4569C38BB42E17F992F5] => C:\Users\enike\AppData\Local\chromium\Application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed]
    HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [GalaxyClient] => D:\GOG Galaxy\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart
    HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\enike\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
    HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\enike\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
    HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\RunOnce: [Uninstall 19.152.0801.0008\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\enike\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64"
    HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\RunOnce: [Uninstall 19.152.0801.0008] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\enike\AppData\Local\Microsoft\OneDrive\19.152.0801.0008"
    HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\MountPoints2: {730157da-4602-11e9-b94d-d0577b73a928} - "K:\autorun.exe" 
    HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\MountPoints2: {f2025a90-4a7f-11e8-b922-d0577b73a928} - "G:\setup.exe" 
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Audio Switch.lnk [2016-08-01]
    ShortcutTarget: HP Audio Switch.lnk -> C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitchLC.vbs () [File not signed]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealSense Training.lnk [2016-12-25]
    ShortcutTarget: RealSense Training.lnk -> C:\Program Files (x86)\Intel\Intel RealSense Training F200\Intel RealSense F200 Tray\Intel RealSense F200 Tray.exe (Intel(R) Software Development Products -> )
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-08-24]
    ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
    Startup: C:\Users\enike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-01-08]
    ShortcutTarget: MEGAsync.lnk -> C:\Users\enike\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00C96341-8DF1-43E9-B079-F9B7F675A8FE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
    Task: {07B403A6-E893-4994-9332-97F1598AC726} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
    Task: {0884B878-9C79-4FE1-88D2-88C52D16A069} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [249720 2019-08-19] (HP Inc. -> HP Inc.)
    Task: {0DE46EF2-D8BE-4430-A11D-0BFAB8FB56B9} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1356008 2016-01-21] (Hewlett-Packard Company -> HP Development Company, L.P.)
    Task: {19AE6118-8066-4ACD-8432-0327F7015F23} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
    Task: {19F82E8E-D394-4DFC-B3F9-9729C37A426C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-23] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {2329952B-2482-4393-8349-823C0BA1D439} - System32\Tasks\HPCeeScheduleForenike => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99392 2016-05-12] (Hewlett-Packard Company -> HP Development Company, L.P.)
    Task: {33E7EB40-C441-4DE6-9D28-93C1A82F7996} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {357038A2-1453-4132-9768-FBC888B7B4D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
    Task: {3E8FC64C-6457-4F0D-9DB0-90CE252C0762} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3298088 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {60E4ED05-0A8C-47A3-ACAB-B4E2A28F8097} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [982824 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {70DB636B-2B16-4290-A166-E2D551022356} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [655144 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {7E772095-46FA-4D4B-B1EC-AF9855A33524} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1972068837-1164276130-3522050345-1001 => C:\Users\enike\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-02-19] (Mega Limited -> Mega Limited)
    Task: {7FECC4E1-E721-4C51-9F46-C2D2B1B6D6E3} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [935208 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {86E390DD-8019-44E7-9ED4-FB0B04D3582F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [857384 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {87626427-1643-4516-81F7-14789CFA7CDB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
    Task: {982E95F6-E598-4BBE-B073-BE5F24C2C6B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-08-21] (HP Inc. -> HP Inc.)
    Task: {9BAA2B90-9CCB-49D3-8335-DF48612BDC2A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\MpCmdRun.exe [467880 2019-09-20] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {9CCFC51B-F534-47A3-9AA9-B6B73EB10FC8} - System32\Tasks\Opera scheduled Autoupdate 1503518456 => C:\Programas\Opera\launcher.exe [1520152 2019-09-03] (Opera Software AS -> Opera Software)
    Task: {AA1C2DBD-433B-4AA5-A7DC-E7A41E0A3459} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [935208 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {ACB53B67-423A-4753-A1D5-B32620AA2EAF} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-23] (HP Inc. -> )
    Task: {ADB56A7C-96FB-4DFB-898B-08ECC2942376} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
    Task: {B23A8D10-A9B8-4B26-8923-37FF7CB8587F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\MpCmdRun.exe [467880 2019-09-20] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {C30F6DFF-C209-4733-B69F-B4E3028AFE7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
    Task: {CA2F52E3-19EE-4DB7-90CF-3FE7A5806118} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
    Task: {CF4E6FD5-E991-41EA-9372-F9CBCAF91D56} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [935208 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {D1AE8DD5-4E44-48EE-8E69-7BE708B09AE6} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc -> )
    Task: {D265172A-8618-49F8-A635-7F1731F7E132} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
    Task: {D3AAC29E-A137-4400-92AB-78162EB6B092} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\MpCmdRun.exe [467880 2019-09-20] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {D577C9BB-B7A6-412B-A619-766308A5E247} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {E22D2AE0-A663-4F59-8D73-4CB7BF318073} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
    Task: {E7A3E289-A92E-4EA4-8C9B-419F21748E8D} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1285328 2015-06-05] (Intel(R) Software -> Intel Corporation)
    Task: {E9495FD4-9855-4DC6-98AC-424A9F7A392B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
    Task: {EB63F379-E91D-4F2E-95B9-1930E17EABF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-08-21] (HP Inc. -> HP Inc.)
    Task: {EC7A87EA-8E44-4890-9A31-B3A283E9AE52} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    Task: {EDB617D4-0F9E-4D0A-936D-FAB303F224A3} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [935208 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {F58AE588-BFF6-41B3-AF5F-0043C790F223} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-07-28] (HP Inc. -> )
    Task: {F6B75AC4-0676-4D52-AE04-CAA8879E3232} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [857384 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {F924C6D0-1C28-4EE8-B681-D39CE33DA581} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\MpCmdRun.exe [467880 2019-09-20] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {FEE3F398-97F7-436C-AF85-94E02CD43C97} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-23] (Dropbox, Inc -> Dropbox, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForenike.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 87.216.1.65 87.216.1.66
    Tcpip\..\Interfaces\{874cbc17-cbf6-407b-af5a-253645796b77}: [DhcpNameServer] 87.216.1.65 87.216.1.66
    Tcpip\..\Interfaces\{a5af10f8-7dc2-4616-a49a-ba27384ad5f2}: [DhcpNameServer] 87.216.1.65 87.216.1.66

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-07-02] (Microsoft Corporation -> Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-04] (Microsoft Corporation -> Microsoft Corporation)

    Edge: 
    ======
    DownloadDir: D:\explorerdescargas

    FireFox:
    ========
    FF DefaultProfile: 9pz9zpkd.default
    FF ProfilePath: C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default [2019-09-25]
    FF DownloadDir: H:\firefoxdescargas
    FF Homepage: Mozilla\Firefox\Profiles\9pz9zpkd.default -> hxxp://www.google.es/
    FF Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2019-09-04]
    FF Extension: (OneTab) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2018-08-07]
    FF Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\jid1-4[email protected] [2019-09-20]
    FF Extension: (Suspend Tab) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2017-08-23] [Legacy]
    FF Extension: (Tab Session Manager) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2019-09-20]
    FF Extension: (Google Translator for Firefox) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2018-12-09]
    FF Extension: (Administrador de sesiones) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-08-23] [Legacy]
    FF Extension: (Mozilla Official) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\{14553439-2741-4e9d-b474-784f336f58c9} [2019-09-25] [not signed]
    FF Extension: (NoScript) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-09-04]
    FF Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-09-04]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-29] (Adobe Systems Incorporated -> )
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-29] (Adobe Systems Incorporated -> )
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> D:\programas\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
Opera: 
=======
OPR DownloadDir: H:\OPERADESCARGAS2
OPR Extension: (Tab Suspender (memory saver)) - C:\Users\enike\AppData\Roaming\Opera Software\Opera Stable\Extensions\addjmbadpahepkjjlmfjoeinlcbfcbhd [2019-03-17]
OPR Extension: (AdBlock) - C:\Users\enike\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2017-08-23]
StartMenuInternet: (HKLM) OperaStable - C:\Programas\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11568144 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-23] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-23] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-07-14] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2017-08-24] (Intel Corporation - pGFX -> Intel Corporation)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7170632 2019-09-20] (GOG Sp. z o.o. -> GOG.com)
U2 HiPatchService; D:\juegos1\Hi rez\HiPatchService.exe [9728 2017-07-11] (Hi-Rez Studios) [File not signed]
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [356728 2019-06-12] (HP Inc. -> HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-23] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc. -> HP Inc.)
R2 ibtsiva; C:\WINDOWS\System32\ibtsiva.exe [529912 2018-12-21] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [758552 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [719640 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RealSenseDCMSR300; C:\Program Files (x86)\Common Files\Intel\RSDCM_SR300\bin\win32\RealSenseDCMSR300.exe [3898096 2016-09-22] (Intel(R) Software Development Products -> Intel(R) Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [360872 2018-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [187904 2017-09-28] (Microsoft Corporation) [File not signed]
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2017-12-25] (Lavasoft Software Canada -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\NisSrv.exe [3630832 2019-09-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\MsMpEng.exe [103168 2019-09-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
S2 0315221537364018mcinstcleanup; C:\WINDOWS\TEMP\031522~1.EXE -cleanup -nolog [X]
S3 Disc Soft Lite Bus Service; "D:\programas\DAEMON Tools Lite\DiscSoftBusServiceLite.exe" [X]
S3 GalaxyClientService; "D:\GOG Galaxy\GOG Galaxy\GalaxyClientService.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [53904 2019-07-22] (HP Inc. -> HP)
R3 DCMCamera; C:\WINDOWS\system32\DRIVERS\RealSenseDcmDynamicDriver.sys [72280 2016-09-22] (Intel(R) Software Development Products -> Intel(R) Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2017-08-24] (Intel Corporation -> Intel Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-08-23] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-08-23] (Disc Soft Ltd -> Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2017-08-24] (Intel Corporation -> Intel Corporation)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [41104 2019-07-22] (HP Inc. -> HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 IntelDFUACPI; C:\WINDOWS\System32\drivers\IntelDFUACPI.sys [37888 2015-12-01] (Intel(R) Software Development Products -> Intel(R) Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8723648 2018-10-12] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_35284c26eeac82cf\nvlddmkm.sys [17200392 2018-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
R0 nvpciflt; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_35284c26eeac82cf\nvpciflt.sys [48040 2018-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31016 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [68112 2018-06-24] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RealSenseDCMBus; C:\WINDOWS\System32\drivers\RealSenseDCMBus.sys [36952 2016-09-22] (Intel(R) Software Development Products -> Intel(R) Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-03-21] (Realtek Semiconductor Corp -> Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [777944 2016-03-21] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [60008 2016-07-27] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55400 2018-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [41104 2016-10-18] (SteelSeries ApS -> SteelSeries ApS)
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [51400 2016-05-27] (SteelSeries ApS -> SteelSeries ApS)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-09-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [346336 2019-09-20] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-09-20] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2019-08-06] (HP Inc. -> HP)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2019-09-25] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-09-25] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-28 11:41 - 2019-09-28 11:42 - 000000000 ____D C:\FRST
2019-09-28 11:37 - 2019-09-28 11:37 - 000000000 ___HD C:\OneDriveTemp
2019-09-28 01:48 - 2019-09-28 01:48 - 001388448 _____ C:\Users\Public\ASR.dat
2019-09-25 09:32 - 2019-09-28 11:43 - 000399948 _____ C:\WINDOWS\ZAM.krnl.trace
2019-09-25 09:32 - 2019-09-28 11:43 - 000382489 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-09-25 09:32 - 2019-09-25 09:32 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2019-09-25 09:32 - 2019-09-25 09:32 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2019-09-25 09:32 - 2019-09-25 09:32 - 000000000 ____D C:\Users\enike\AppData\Local\Zemana
2019-09-25 09:14 - 2019-09-25 09:14 - 000000000 ____D C:\Users\enike\AppData\Local\mbam
2019-09-25 09:13 - 2019-09-25 09:13 - 000000000 ____D C:\Users\enike\AppData\Local\mbamtray
2019-09-25 06:19 - 2019-09-25 06:19 - 000000000 ____D C:\WINDOWS\pss
2019-09-25 05:02 - 2019-09-25 05:47 - 000000004 _____ C:\ProgramData\lock.dat
2019-09-25 05:02 - 2019-09-25 05:32 - 000000008 _____ C:\ProgramData\irw.atsd
2019-09-25 05:02 - 2019-09-25 05:02 - 000000008 _____ C:\ProgramData\ts.dat
2019-09-25 04:56 - 2019-09-28 01:52 - 000000000 ____D C:\Users\enike\AppData\LocalLow\uTorrent
2019-09-25 04:49 - 2019-09-25 04:49 - 000000000 ____D C:\Users\enike\AppData\LocalLow\Unknown Vendor
2019-09-25 03:53 - 2019-09-25 03:53 - 000001113 _____ C:\Users\enike\_readme.txt
2019-09-25 03:53 - 2019-09-25 03:53 - 000001113 _____ C:\Program Files\_readme.txt
2019-09-25 03:53 - 2019-09-25 03:53 - 000001113 _____ C:\_readme.txt
2019-09-25 03:52 - 2019-09-25 03:52 - 000000000 ____D C:\Users\enike\AppData\Local\Google
2019-09-25 03:43 - 2019-09-25 03:43 - 000000000 ____D C:\ProgramData\7FK4NT5PQSLFT6M7BRT0VVZDU
2019-09-25 03:42 - 2019-09-25 03:43 - 000000000 ____D C:\Users\enike\AppData\Local\5fab4e27-31da-4cad-a5a4-5466971cbde8
2019-09-25 03:42 - 2019-09-25 03:42 - 000000000 ____D C:\Users\enike\AppData\Roaming\InstallPack
2019-09-25 03:42 - 2019-09-25 03:42 - 000000000 ____D C:\SystemID
2019-09-25 03:41 - 2019-09-25 05:47 - 000000000 ____D C:\Users\enike\AppData\Roaming\view
2019-09-25 03:41 - 2019-09-25 05:47 - 000000000 ____D C:\Program Files (x86)\InlogOptimizer
2019-09-25 03:41 - 2019-09-25 03:41 - 000133858 _____ C:\Users\enike\OneDrive\Documents\phoenix-point-v0_5_48354.torrent
2019-09-20 20:26 - 2019-09-20 20:26 - 000000000 ____D C:\Users\enike\AppData\LocalLow\Snapshot Games Inc
2019-09-20 02:50 - 2019-09-20 02:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-09-13 06:37 - 2019-03-28 11:11 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2019-09-13 06:37 - 2019-03-28 11:11 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2019-09-13 06:37 - 2019-03-28 11:09 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2019-09-13 06:37 - 2019-03-28 11:09 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2019-09-13 06:37 - 2019-03-28 08:35 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll
2019-09-13 06:37 - 2019-03-28 08:35 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll
2019-09-13 06:37 - 2019-03-28 08:35 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll
2019-09-13 06:37 - 2019-03-28 08:35 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll
2019-09-13 06:37 - 2019-03-28 08:35 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll
2019-09-13 06:37 - 2019-03-28 08:35 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll
2019-09-05 21:09 - 2019-09-14 04:31 - 000000000 ____D C:\Users\enike\AppData\Roaming\WeMod
2019-09-05 21:09 - 2019-09-05 21:09 - 000002164 _____ C:\Users\enike\Desktop\WeMod.lnk
2019-09-05 21:09 - 2019-09-05 21:09 - 000000000 ____D C:\Users\enike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod
2019-09-05 21:09 - 2019-09-05 21:09 - 000000000 ____D C:\Users\enike\AppData\Local\WeMod
2019-09-05 21:09 - 2019-09-05 21:09 - 000000000 ____D C:\Users\enike\AppData\Local\SquirrelTemp
2019-09-05 14:48 - 2019-09-05 14:48 - 000001185 _____ C:\Users\enike\Desktop\Mutant Year Zero Road to Eden Seed of Evil.lnk
2019-09-05 14:48 - 2019-09-05 14:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mutant Year Zero Road to Eden Seed of Evil
2019-09-04 10:00 - 2019-09-04 10:00 - 000000000 ____D C:\Users\enike\AppData\Local\CrashReportClient
2019-09-04 08:34 - 2019-09-04 08:34 - 000000000 ____D C:\Users\enike\AppData\Roaming\CPY_SAVES
2019-09-04 08:34 - 2019-09-04 08:34 - 000000000 ____D C:\Users\enike\AppData\Local\ZoneUE4
2019-09-04 08:34 - 2019-09-04 08:34 - 000000000 ____D C:\Users\enike\AppData\Local\UnrealEngine
2019-09-04 08:27 - 2019-09-04 08:27 - 000001698 _____ C:\Users\Public\Desktop\Mutant Year Zero Road to Eden.lnk
2019-09-04 08:27 - 2019-09-04 08:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mutant Year Zero Road to Eden
2019-08-29 23:10 - 2019-08-07 15:13 - 021389776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-29 23:10 - 2019-08-07 15:13 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-29 23:10 - 2019-08-07 15:13 - 001515904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-29 23:10 - 2019-08-07 15:13 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-29 23:10 - 2019-08-07 14:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-08-29 23:10 - 2019-08-07 14:58 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-08-29 23:10 - 2019-08-07 14:55 - 008626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-29 23:10 - 2019-08-07 14:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-08-29 23:10 - 2019-08-07 14:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-08-29 23:10 - 2019-08-07 14:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-29 23:10 - 2019-08-07 14:53 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-29 23:10 - 2019-08-07 14:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-08-29 23:10 - 2019-08-07 14:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-08-29 23:10 - 2019-08-07 14:52 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-29 23:10 - 2019-08-07 14:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-08-29 23:10 - 2019-08-07 14:43 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-29 23:10 - 2019-08-07 14:41 - 001322688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-29 23:10 - 2019-08-07 14:41 - 000662112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-29 23:10 - 2019-08-07 14:40 - 020384344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-29 23:10 - 2019-08-07 14:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-08-29 23:10 - 2019-08-07 14:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-08-29 23:10 - 2019-08-07 14:27 - 007990272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-29 23:10 - 2019-08-07 14:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-08-29 23:10 - 2019-08-07 14:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-08-29 23:10 - 2019-08-07 14:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-29 23:10 - 2019-08-07 14:24 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-29 23:10 - 2019-08-07 14:24 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-29 23:10 - 2019-08-07 14:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-08-29 23:10 - 2019-08-07 11:40 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-08-29 23:10 - 2019-08-07 10:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-29 23:10 - 2019-08-07 10:09 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-29 23:10 - 2019-08-07 10:09 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-08-29 23:10 - 2019-08-07 10:09 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-29 23:10 - 2019-08-07 10:09 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-29 23:10 - 2019-08-07 10:09 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-29 23:10 - 2019-08-07 10:09 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-29 23:10 - 2019-08-07 10:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-08-29 23:10 - 2019-08-07 10:09 - 000095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-29 23:10 - 2019-08-07 10:08 - 007435720 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-29 23:10 - 2019-08-07 10:08 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-29 23:10 - 2019-08-07 10:08 - 002470648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-08-29 23:10 - 2019-08-07 10:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-29 23:10 - 2019-08-07 10:08 - 001141712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-29 23:10 - 2019-08-07 10:08 - 000723216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-29 23:10 - 2019-08-07 10:08 - 000710232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-29 23:10 - 2019-08-07 10:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-29 23:10 - 2019-08-07 10:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-08-29 23:10 - 2019-08-07 10:08 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-08-29 23:10 - 2019-08-07 10:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-08-29 23:10 - 2019-08-07 10:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-29 23:10 - 2019-08-07 10:07 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-29 23:10 - 2019-08-07 10:07 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-29 23:10 - 2019-08-07 10:07 - 002719240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-29 23:10 - 2019-08-07 10:07 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-29 23:10 - 2019-08-07 10:07 - 001260992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-29 23:10 - 2019-08-07 10:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-29 23:10 - 2019-08-07 10:07 - 000984152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-29 23:10 - 2019-08-07 10:07 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-29 23:10 - 2019-08-07 10:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-29 23:10 - 2019-08-07 09:57 - 000081256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-29 23:10 - 2019-08-07 09:56 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-29 23:10 - 2019-08-07 09:56 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-29 23:10 - 2019-08-07 09:56 - 001993344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-29 23:10 - 2019-08-07 09:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-29 23:10 - 2019-08-07 09:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-29 23:10 - 2019-08-07 09:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-08-29 23:10 - 2019-08-07 09:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-08-29 23:10 - 2019-08-07 09:55 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-29 23:10 - 2019-08-07 09:49 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-29 23:10 - 2019-08-07 09:47 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-29 23:10 - 2019-08-07 09:44 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-08-29 23:10 - 2019-08-07 09:42 - 022717952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-29 23:10 - 2019-08-07 09:39 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-29 23:10 - 2019-08-07 09:38 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-29 23:10 - 2019-08-07 09:38 - 004385792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-29 23:10 - 2019-08-07 09:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-29 23:10 - 2019-08-07 09:38 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-08-29 23:10 - 2019-08-07 09:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-08-29 23:10 - 2019-08-07 09:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-08-29 23:10 - 2019-08-07 09:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-29 23:10 - 2019-08-07 09:36 - 007572480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-29 23:10 - 2019-08-07 09:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-29 23:10 - 2019-08-07 09:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-08-29 23:10 - 2019-08-07 09:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2019-08-29 23:10 - 2019-08-07 09:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-08-29 23:10 - 2019-08-07 09:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-08-29 23:10 - 2019-08-07 09:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-08-29 23:10 - 2019-08-07 09:35 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-08-29 23:10 - 2019-08-07 09:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-29 23:10 - 2019-08-07 09:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-29 23:10 - 2019-08-07 09:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-08-29 23:10 - 2019-08-07 09:35 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-29 23:10 - 2019-08-07 09:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-08-29 23:10 - 2019-08-07 09:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-29 23:10 - 2019-08-07 09:34 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-29 23:10 - 2019-08-07 09:34 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-08-29 23:10 - 2019-08-07 09:34 - 001680384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-29 23:10 - 2019-08-07 09:34 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-29 23:10 - 2019-08-07 09:34 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-29 23:10 - 2019-08-07 09:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-08-29 23:10 - 2019-08-07 09:34 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-29 23:10 - 2019-08-07 09:34 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-08-29 23:10 - 2019-08-07 09:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-29 23:10 - 2019-08-07 09:33 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-29 23:10 - 2019-08-07 09:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-08-29 23:10 - 2019-08-07 09:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-08-29 23:10 - 2019-08-07 09:32 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-08-29 23:10 - 2019-08-07 09:32 - 004516864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-08-29 23:10 - 2019-08-07 09:32 - 002165760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-29 23:10 - 2019-08-07 09:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-29 23:10 - 2019-08-07 09:32 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-29 23:10 - 2019-08-07 09:32 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-08-29 23:10 - 2019-08-07 09:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-29 23:10 - 2019-08-07 09:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-08-29 23:10 - 2019-08-07 09:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-29 23:10 - 2019-08-07 09:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-08-29 23:10 - 2019-08-07 09:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-08-29 23:10 - 2019-08-07 09:31 - 001110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-08-29 23:10 - 2019-08-07 09:31 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-29 23:10 - 2019-08-07 09:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-08-29 23:10 - 2019-08-07 09:31 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-08-29 23:10 - 2019-08-07 09:31 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-08-29 23:10 - 2019-08-07 09:31 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-29 23:10 - 2019-08-07 09:31 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-29 23:10 - 2019-08-07 09:31 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-29 23:10 - 2019-08-07 09:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-08-29 23:10 - 2019-08-07 08:15 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-08-29 23:10 - 2019-07-11 08:48 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-08-29 23:10 - 2019-07-11 03:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-08-29 23:10 - 2019-07-11 03:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-08-29 23:10 - 2019-07-11 03:30 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-08-29 23:10 - 2019-07-09 10:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-08-29 23:10 - 2019-07-09 10:04 - 000348664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-08-29 23:10 - 2019-07-09 10:01 - 004527792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-08-29 23:10 - 2019-07-09 10:00 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-08-29 23:10 - 2019-07-09 09:44 - 012757504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-29 23:10 - 2019-07-09 09:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-08-29 23:10 - 2019-07-09 09:43 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-08-29 23:10 - 2019-07-09 09:43 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-08-29 23:10 - 2019-07-09 09:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2019-08-29 23:10 - 2019-07-09 09:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-08-29 23:10 - 2019-07-09 09:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-08-29 23:10 - 2019-07-09 09:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2019-08-29 23:10 - 2019-07-09 09:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2019-08-29 23:10 - 2019-07-09 09:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-08-29 23:10 - 2019-07-09 09:38 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-08-29 23:10 - 2019-07-09 09:37 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-08-29 23:10 - 2019-07-09 09:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2019-08-29 23:10 - 2019-07-09 09:37 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-08-29 23:10 - 2019-07-09 09:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-08-29 23:10 - 2019-07-09 08:42 - 011943424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-29 23:10 - 2019-07-09 08:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-08-29 23:10 - 2019-07-09 08:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2019-08-29 23:10 - 2019-07-09 05:29 - 000375312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-08-29 23:10 - 2019-07-09 05:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2019-08-29 23:10 - 2019-07-09 05:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2019-08-29 23:10 - 2019-07-09 05:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-08-29 23:10 - 2019-07-09 05:23 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-08-29 23:10 - 2019-07-09 05:21 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-29 23:10 - 2019-07-09 05:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2019-08-29 23:10 - 2019-07-09 05:20 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-08-29 23:10 - 2019-07-09 05:20 - 000275512 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2019-08-29 23:10 - 2019-07-09 05:20 - 000227640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-08-29 23:10 - 2019-07-09 05:19 - 002769472 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-29 23:10 - 2019-07-09 05:19 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-08-29 23:10 - 2019-07-09 05:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-08-29 23:10 - 2019-07-09 05:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-08-29 23:10 - 2019-07-09 05:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-08-29 23:10 - 2019-07-09 05:19 - 000713488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-08-29 23:10 - 2019-07-09 05:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-08-29 23:10 - 2019-07-09 05:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2019-08-29 23:10 - 2019-07-09 05:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys
2019-08-29 23:10 - 2019-07-09 05:12 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-08-29 23:10 - 2019-07-09 05:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-08-29 23:10 - 2019-07-09 05:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-08-29 23:10 - 2019-07-09 05:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-08-29 23:10 - 2019-07-09 05:11 - 002257336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-29 23:10 - 2019-07-09 05:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-08-29 23:10 - 2019-07-09 05:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2019-08-29 23:10 - 2019-07-09 04:56 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-08-29 23:10 - 2019-07-09 04:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2019-08-29 23:10 - 2019-07-09 04:55 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-08-29 23:10 - 2019-07-09 04:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-08-29 23:10 - 2019-07-09 04:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-08-29 23:10 - 2019-07-09 04:53 - 003708416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-08-29 23:10 - 2019-07-09 04:53 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-08-29 23:10 - 2019-07-09 04:52 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-08-29 23:10 - 2019-07-09 04:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2019-08-29 23:10 - 2019-07-09 04:51 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-08-29 23:10 - 2019-07-09 04:51 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-29 23:10 - 2019-07-09 04:51 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-08-29 23:10 - 2019-07-09 04:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-08-29 23:10 - 2019-07-09 04:51 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-08-29 23:10 - 2019-07-09 04:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-08-29 23:10 - 2019-07-09 04:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-08-29 23:10 - 2019-07-09 04:51 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-08-29 23:10 - 2019-07-09 04:51 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-08-29 23:10 - 2019-07-09 04:50 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-08-29 23:10 - 2019-07-09 04:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-08-29 23:10 - 2019-07-09 04:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-08-29 23:10 - 2019-07-09 04:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-29 23:10 - 2019-07-09 04:50 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-08-29 23:10 - 2019-07-09 04:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-08-29 23:10 - 2019-07-09 04:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2019-08-29 23:10 - 2019-07-09 04:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2019-08-29 23:10 - 2019-07-09 04:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll
2019-08-29 23:10 - 2019-07-09 04:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-08-29 23:10 - 2019-07-09 04:49 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-08-29 23:10 - 2019-07-09 04:49 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-08-29 23:10 - 2019-07-09 04:49 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-08-29 23:10 - 2019-07-09 04:49 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2019-08-29 23:10 - 2019-07-09 04:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-29 23:10 - 2019-07-09 04:49 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-08-29 23:10 - 2019-07-09 04:49 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-08-29 23:10 - 2019-07-09 04:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2019-08-29 23:10 - 2019-07-09 04:48 - 003402240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-29 23:10 - 2019-07-09 04:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-08-29 23:10 - 2019-07-09 04:48 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-08-29 23:10 - 2019-07-09 04:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2019-08-29 23:10 - 2019-07-09 04:48 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-08-29 23:10 - 2019-07-09 04:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-08-29 23:10 - 2019-07-09 04:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-08-29 23:10 - 2019-07-09 04:47 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-08-29 23:10 - 2019-07-09 04:47 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-08-29 23:10 - 2019-07-09 04:47 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-08-29 23:10 - 2019-07-09 04:47 - 000928768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-29 23:10 - 2019-07-09 04:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-29 23:10 - 2019-07-09 04:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-29 23:10 - 2019-07-09 04:47 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-08-29 23:10 - 2019-07-09 04:46 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-08-29 23:10 - 2019-07-09 04:46 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-08-29 23:10 - 2019-07-09 04:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-08-29 23:10 - 2019-07-09 04:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-08-29 23:10 - 2019-07-09 04:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-08-29 23:10 - 2019-07-09 04:45 - 001218560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-08-29 23:10 - 2019-07-09 04:45 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-08-29 23:10 - 2019-07-09 04:45 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-08-29 23:10 - 2019-07-09 04:45 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2019-08-29 23:10 - 2019-07-09 04:44 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-08-29 23:10 - 2019-07-09 04:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-08-29 23:10 - 2019-07-09 04:44 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-08-29 23:10 - 2019-07-09 04:44 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-08-29 23:10 - 2019-07-09 04:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-08-29 23:10 - 2019-07-09 04:44 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-08-29 23:10 - 2019-07-09 04:44 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-08-29 23:10 - 2019-07-09 04:43 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-29 23:10 - 2019-07-09 04:43 - 001398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-08-29 23:10 - 2019-07-09 04:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-08-29 23:10 - 2019-07-09 04:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-08-29 23:10 - 2019-06-20 04:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-28 11:43 - 2017-08-23 22:52 - 000000000 ____D C:\Users\enike\AppData\Roaming\uTorrent
2019-09-28 11:37 - 2017-08-23 20:00 - 000000000 ___RD C:\Users\enike\OneDrive
2019-09-28 11:21 - 2018-09-16 04:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-09-28 11:21 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-09-28 11:21 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-28 05:27 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-09-28 05:27 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-09-28 01:52 - 2019-03-28 12:07 - 000000000 ____D C:\Users\enike\AppData\Local\BitTorrentHelper
2019-09-28 01:50 - 2019-06-20 16:22 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForenike.job
2019-09-28 01:50 - 2018-09-16 04:32 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForenike
2019-09-28 01:49 - 2018-09-16 04:32 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1972068837-1164276130-3522050345-1001
2019-09-28 01:49 - 2018-09-16 04:28 - 000002408 _____ C:\Users\enike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-27 23:01 - 2017-08-23 21:09 - 000000000 ____D C:\ProgramData\NVIDIA
2019-09-26 12:01 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-09-26 12:01 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-09-25 10:26 - 2017-08-24 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3
2019-09-25 10:26 - 2017-08-24 18:41 - 000000946 _____ C:\Users\enike\Desktop\Cheat Engine.lnk
2019-09-25 10:07 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-09-25 09:40 - 2017-08-23 22:40 - 000000000 _____ C:\Users\enike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2019-09-25 09:34 - 2018-09-16 04:28 - 000000000 ____D C:\Users\enike
2019-09-25 09:26 - 2017-08-23 22:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-09-25 09:06 - 2017-08-23 22:09 - 000000000 ____D C:\Users\enike\AppData\LocalLow\Mozilla
2019-09-25 08:30 - 2018-09-16 04:31 - 001924202 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-09-25 08:30 - 2018-04-12 18:18 - 000829430 _____ C:\WINDOWS\system32\perfh00A.dat
2019-09-25 08:30 - 2018-04-12 18:18 - 000174964 _____ C:\WINDOWS\system32\perfc00A.dat
2019-09-25 08:23 - 2018-09-16 04:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-09-25 08:23 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-09-25 07:06 - 2018-02-16 02:34 - 000000000 ____D C:\Users\enike\AppData\Local\ElevatedDiagnostics
2019-09-25 07:00 - 2018-07-08 22:17 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-09-25 06:03 - 2018-09-21 11:26 - 000000000 ____D C:\Users\enike\AppData\Local\D3DSCache
2019-09-25 05:47 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-09-25 05:47 - 2017-08-23 22:38 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2019-09-25 05:47 - 2017-08-23 21:44 - 000000000 ____D C:\Users\enike\AppData\Local\ConnectedDevicesPlatform
2019-09-25 05:47 - 2016-12-25 15:44 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2019-09-25 05:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-09-25 05:36 - 2018-09-16 03:31 - 000000000 ____D C:\inetpub
2019-09-25 05:36 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\registration
2019-09-25 05:36 - 2017-08-23 22:38 - 000000000 ____D C:\Users\enike\AppData\Roaming\DAEMON Tools Lite
2019-09-25 05:36 - 2017-08-23 22:00 - 000000000 ____D C:\Programas
2019-09-25 05:36 - 2016-07-30 20:33 - 000000000 ___HD C:\hp
2019-09-25 05:36 - 2016-07-20 02:09 - 000000000 ___HD C:\SYSTEM.SAV
2019-09-25 05:36 - 2016-07-20 02:09 - 000000000 ____D C:\SWSETUP
2019-09-22 10:21 - 2019-05-16 04:31 - 000000000 ____D C:\WINDOWS\Panther
2019-09-22 10:15 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-09-22 10:09 - 2019-03-19 14:34 - 000000000 ___HD C:\$WINDOWS.~BT
2019-09-20 19:19 - 2017-08-23 22:18 - 000000000 ____D C:\Users\enike\AppData\Roaming\vlc
2019-09-20 12:55 - 2019-01-04 23:20 - 000000000 ____D C:\Users\enike\AppData\Local\tyranoscript
2019-09-20 12:41 - 2018-09-16 04:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-09-20 02:50 - 2019-08-25 16:50 - 000002538 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-09-20 02:50 - 2019-08-25 16:50 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-09-20 02:50 - 2019-08-25 16:50 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-09-20 02:50 - 2019-08-25 16:50 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-09-20 02:50 - 2019-08-25 16:50 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-09-20 02:50 - 2019-08-25 16:50 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-09-20 02:50 - 2019-08-25 16:50 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-09-20 02:50 - 2016-08-01 02:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-09-14 04:32 - 2016-08-01 02:53 - 000001032 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-09-14 04:32 - 2016-08-01 02:53 - 000001028 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-09-11 04:31 - 2018-09-16 04:32 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1503518456
2019-09-11 04:31 - 2017-08-23 22:00 - 000000937 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2019-09-04 08:40 - 2018-09-16 04:32 - 000004092 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2019-09-04 08:40 - 2018-09-16 04:32 - 000003860 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2019-08-30 04:43 - 2017-12-09 19:53 - 000000000 ___RD C:\Users\enike\3D Objects
2019-08-30 04:43 - 2015-11-02 20:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-08-30 04:42 - 2019-08-06 10:09 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
2019-08-30 04:42 - 2018-09-16 04:26 - 000516880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-30 04:41 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-08-30 04:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-08-30 04:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-30 04:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-08-30 04:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-08-30 04:41 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-29 23:12 - 2018-04-12 01:34 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-08-29 23:10 - 2017-08-23 23:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-29 23:08 - 2017-08-23 23:46 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-29 23:04 - 2018-07-08 21:28 - 000000000 ____D C:\Program Files\rempl

==================== Files in the root of some directories ================

2019-09-25 05:02 - 2019-09-25 05:47 - 000000004 _____ () C:\ProgramData\lock.dat
2019-09-25 05:02 - 2019-09-25 05:02 - 000000008 _____ () C:\ProgramData\ts.dat
2019-09-28 01:48 - 2019-09-28 01:48 - 001388448 _____ () C:\Users\Public\ASR.dat
2019-09-25 03:53 - 2019-09-25 03:53 - 000001113 _____ () C:\Program Files\_readme.txt
2017-08-24 02:08 - 2017-10-22 00:39 - 000000328 _____ () C:\Users\enike\AppData\Roaming\WB.CFG
2018-07-08 22:50 - 2018-07-08 22:50 - 000000017 _____ () C:\Users\enike\AppData\Local\resmon.resmoncfg
2017-12-13 10:39 - 2017-12-13 10:39 - 000000068 _____ () C:\Users\enike\AppData\Local\yjUzkVAfQv
2017-12-17 12:39 - 2017-12-17 12:39 - 000000068 _____ () C:\Users\enike\AppData\Local\zuNMvflzFm

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2019
Ran by enike (28-09-2019 11:43:50)
Running from D:\explorerdescargas
Windows 10 Home Version 1803 17134.950 (X64) (2018-09-16 02:32:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1972068837-1164276130-3522050345-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1972068837-1164276130-3522050345-503 - Limited - Disabled)
enike (S-1-5-21-1972068837-1164276130-3522050345-1001 - Administrator - Enabled) => C:\Users\enike
Invitado (S-1-5-21-1972068837-1164276130-3522050345-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1972068837-1164276130-3522050345-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\uTorrent) (Version: 3.5.5.45341 - BitTorrent Inc.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Actualización de NVIDIA 31.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.2.0.0 - NVIDIA Corporation) Hidden
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Application Verifier x64 External Package (HKLM\...\{D9908CED-5ABB-FEE9-FC84-743F4D38637C}) (Version: 10.1.16299.15 - Microsoft) Hidden
Asistente para actualización a Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
ATOM RPG MULTi2 - ElAmigos version 1.067 (HKLM-x32\...\{226712C0-0C70-418D-BB03-AD5089E3302B}_is1) (Version: 1.067 - AtomTeam)
BATTLETECH (HKLM-x32\...\1482783682_is1) (Version: 1.0.2-277r - GOG.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Combat Mission Afghanistan version 1.0 (HKLM-x32\...\{C17A399E-3AA0-4B68-9ED2-977A44AE12F4}_is1) (Version: 1.0 - GamersGate)
Combat Mission Afrika Korps (HKLM-x32\...\Combat Mission Afrika Korps v1.0_is1) (Version:  - Battlefront.com, Inc.)
Combat Mission Barbarossa to Berlin (HKLM-x32\...\Combat Mission Barbarossa to Berlin v1.3_is1) (Version:  - Battlefront.com, Inc.)
Combat Mission Battle for Normandy (HKLM-x32\...\CMBN10_is1) (Version:  - Battlefront.com)
Combat Mission Shock Force (HKLM-x32\...\Combat Mission Shock Force_is1) (Version:  - Battlefront.com)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.36 - NVIDIA Corporation) Hidden
Divinity Original Sin 2 MULTi5 (HKLM-x32\...\Divinity Original Sin 2 MULTi5_is1) (Version:  - )
Dreadnought (HKLM-x32\...\Dreadnought) (Version: 1.0.1 - Grey Box)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Expeditions Viking Iron Man (HKLM-x32\...\Expeditions Viking Iron Man_is1) (Version:  - )
Field of Glory II (HKLM\...\SKIDROW - Field of Glory II) (Version:  - SKIDROW)
Gestor de cámara con sensor de profundidad Intel® RealSense™ SR300 (HKLM-x32\...\ARP_for_prd_dcm_runtime_sr300_3.3.27.5718) (Version: 3.3.27.5718 - Intel Corporation)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Audio Switch (HKLM\...\HPAudioSwitch) (Version: 1.0.105.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{b0ebf7ff-6b1a-4a92-9c85-6915be1962b9}) (Version: 5.1.19895 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8351.5556 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{E8FF0A82-0696-4347-B4AE-708DE306FFE9}) (Version: 12.11.24.11 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel RealSense Training (HKLM-x32\...\Intel RealSense Training) (Version: 1.16 - Intel)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1069 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{58853C0C-0E7D-4320-96AC-4D64027624FC}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® RealSense™ Depth Camera Manager Gold (x86): dptf_com (HKLM-x32\...\{8B2F7F6E-80C4-11E6-9806-2C44FD873B55}) (Version: 2.3.27.5718 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager SR300 Gold (x86): Intel® RealSense™ 3D camera SR300 IO module (HKLM-x32\...\{9631A4C0-80C4-11E6-AC2C-2C44FD873B55}) (Version: 3.3.27.5718 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager SR300 Gold (x86): Intel® RealSense™ Depth Camera Manager Service (HKLM-x32\...\{8FD07ECF-80C4-11E6-A604-2C44FD873B55}) (Version: 3.3.27.5718 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_v6_6.0.21.6598) (Version: 6.0.21.6598 - Intel Corporation)
Intel® RealSense™ SDK Runtime Gold (x86): Core (HKLM-x32\...\{EC8ABDF0-358B-11E5-82EB-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Data Collector (HKLM-x32\...\{E3A02E00-358B-11E5-81F8-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Hand Tracking (HKLM-x32\...\{D74B980F-358B-11E5-B6FE-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Hand Tracking: Models (HKLM-x32\...\{ED5C65CF-358B-11E5-9F51-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Jagged Alliance Rage MULTi10 - ElAmigos versión 1.0 (HKLM-x32\...\{D300C957-0271-429F-85C9-C526FDD6AD41}_is1) (Version: 1.0 - HandyGames)
Kits Configuration Installer (HKLM-x32\...\{86E59C8F-61D5-1782-A3CE-60AE7E4D7791}) (Version: 10.1.16299.15 - Microsoft) Hidden
Master of Orion - Retro Fleets (HKLM-x32\...\1436385130_is1) (Version: 2.12.0.20 - GOG.com)
Master of Orion - Terran Khanate (HKLM-x32\...\1240899991_is1) (Version: 2.12.0.20 - GOG.com)
Master of Orion (HKLM-x32\...\1441029515_is1) (Version: 2.15.0.23 - GOG.com)
Master of Orion (HKLM-x32\...\Master of Orion_is1) (Version:  - )
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.11929.20300 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27029 (HKLM-x32\...\{64ff2cb0-807c-4ee9-87ef-ec1b2ede0daf}) (Version: 14.16.27029.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27029 (HKLM-x32\...\{f50edb7e-c25e-47b4-bc4f-7ec4a4d256b1}) (Version: 14.16.27029.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1100.314 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x64 es-ES) (HKLM\...\Mozilla Firefox 61.0.1 (x64 es-ES)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
MSI Development Tools (HKLM-x32\...\{973CACA2-E018-065B-0580-F2784802E299}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Mutant Year Zero Road to Eden MULTi11 - ElAmigos versión 18.12.2018 (HKLM-x32\...\{F9F7F7EB-D4D1-4245-ABD1-357F42E566AB}_is1) (Version: 18.12.2018 - Funcom)
Mutant Year Zero Road to Eden Seed of Evil (HKLM-x32\...\Mutant Year Zero Road to Eden Seed of Evil_is1) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming)
NVIDIA Controlador de audio HD 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.14.0.139 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.0.139 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
OpenOffice 4.1.5 (HKLM-x32\...\{A93E0F8F-B3C1-4784-916D-15865808017B}) (Version: 4.15.9789 - Apache Software Foundation)
Opera Stable 63.0.3368.71 (HKLM-x32\...\Opera 63.0.3368.71) (Version: 63.0.3368.71 - Opera Software)
paint.net (HKLM\...\{B998B716-4001-4919-BA90-BA14B51DFEB5}) (Version: 4.1.6 - dotPDN LLC)
Panel de control de NVIDIA 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 398.36 - NVIDIA Corporation) Hidden
Paquete de compatibilidad redirigido de documentación de Microsoft .NET Framework 4.7.1 (español) (HKLM-x32\...\{927FF4FD-8E47-4022-8545-22FD78FBC2AB}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
Peninsular War Battles (HKLM\...\cGVuaW5zdWxhcndhcmJhdHRsZXM_is1) (Version: 1 - )
President Yukino Uncencored (HKLM\...\DARKSiDERS - President Yukino Uncencored) (Version:  - DARKSiDERS)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21289 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.13.1223.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
SDK ARM Additions (HKLM-x32\...\{7922BB77-0B59-840A-AC80-D560A34D75C5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{C87DF65C-A672-7E08-A083-E7D48FE8DB70}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 4.15.4257.0 - Hi-Rez Studios)
Software Intel® PROSet/Wireless (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel(R) Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.9.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.9.1 - SteelSeries ApS)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
TextCrawler Free 3.0.3 (HKLM-x32\...\TextCrawler Free) (Version: 3.0.3 - DigitalVolcano Software Ltd)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Ultimate Epic Battle Simulator v1.5 (HKLM\...\dWx0aW1hdGVlcGljYmF0dGxlc2ltdWxhdG9y_is1) (Version: 1 - )
Ultimate General Civil War (HKLM-x32\...\Ultimate General Civil War_is1) (Version:  - )
Unity (HKLM-x32\...\Unity) (Version: 2019.1.0f2 - Unity Technologies ApS)
Unity Hub 1.6.1 (HKLM\...\Unity Technologies - Hub) (Version: 1.6.1 - Unity Technologies Inc.)
Universal CRT Extension SDK (HKLM-x32\...\{A5FA2886-1925-133F-0D41-B9A8ECEA0A2D}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{B739B4C5-EEEC-8E70-0276-38C4779AF398}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A9D6F52C-694E-3E41-7AB8-5BEB644742A5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{E053089E-7953-3219-814F-F485FC151C54}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{B9424F08-0617-C4F6-A798-5A9250C1A738}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{D261CEA1-AB8D-9CFA-4407-BCEFC78661AC}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Valkyria Chronicles (HKLM-x32\...\Valkyria Chronicles_is1) (Version:  - )
Valkyria Chronicles (HKLM-x32\...\Valkyria Chronicles_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Valkyria Chronicles 4 MULTi8 - ElAmigos versión 15.10.2018 (HKLM-x32\...\{21C30336-8486-4721-8B6D-2EC3784E612F}_is1) (Version: 15.10.2018 - SEGA)
vcpp_crt.redist.clickonce (HKLM-x32\...\{32DF9B1B-E622-4385-99E0-02461A428363}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Visual Studio Community 2017 (HKLM-x32\...\e3803192) (Version: 15.9.28307.586 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{340226AB-D0EF-4715-A331-AB3A416B5018}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{E70CC1B8-7ED5-4495-9C52-603FE87F38F4}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
Wargaming.net Game Center (HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Wargaming.net Game Center) (Version: 19.2.0.4533 - Wargaming.net)
Web Companion (HKLM-x32\...\{bc046938-66d1-48f3-bcad-394328e01dfc}) (Version: 4.0.1780.3335 - Lavasoft)
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
WeMod (HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\WeMod) (Version: 6.2.5 - WeMod)
WinAppDeploy (HKLM-x32\...\{9690D51C-4435-1C20-7819-66CCAB0F03F9}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{385A1387-A488-9E90-3635-086129610034}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{D7DD3171-DA58-52A1-95B2-4769640855AF}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7336279F-8F8F-5530-A543-3BE963846C0A}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E414A474-0A87-4F66-C409-A4D9857CFD34}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{CE760B86-975B-F514-5673-0ED4332B801B}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{5E67F8BE-D8D2-257F-CE19-419A2D5125C7}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{A2AA063E-AF50-A1F5-8925-A06EB1556644}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{7D4C7F4A-02A9-E434-6451-C8787DF28C1F}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{BC467065-9374-5345-DA3F-FCF073304A25}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
World of Tanks EU (HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\WOT.EU.PRODUCTION) (Version:  - Wargaming.net)
XCOM 2 War of the Chosen (HKLM-x32\...\XCOM 2 War of the Chosen_is1) (Version:  - )
Xenonauts 2 Demo (HKLM-x32\...\1497289938_is1) (Version: kickstarter demo - GOG.com)

Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.148.400.0_x86__kgqvnymyfvs32 [2019-09-25] (king.com)
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
File Viewer Plus -> C:\Program Files\WindowsApps\SharpenedProductions.FileViewerPlus_3.2.1.0_x86__xkt78gamzntbr [2019-09-25] (Sharpened Productions)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2019-09-25] (HP Inc.)
HP LOUNGE -> C:\Program Files\WindowsApps\UniversalMusicMobile.HPLOUNGE_2.1.1.0_x64__3ms5eyejfeart [2019-09-25] (Universal Music Mobile)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Microsoft News: Noticias destacadas en español -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Studios) [MS Ad]
MSN Deportes -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
MSN Dinero -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
MSN El Tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.94.574.0_x64__mcm4njqhnhss8 [2019-09-28] (Netflix, Inc.)
Teléfono Microsoft -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2019-09-25] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\juegos1\7zip\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\juegos1\7zip\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-06-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\juegos1\7zip\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-09-18 13:25 - 2019-09-18 13:25 - 000160256 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\546848131343b19d25a0870783a9b2cf\BRIDGECommon.ni.dll
2019-09-18 13:26 - 2019-09-18 13:26 - 000120832 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\1f76df02bd5bdeeef821ea5f211e2824\BridgeExtension.ni.dll
2019-09-18 13:26 - 2019-09-18 13:26 - 000348160 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\30ba87f6a7823bfd74c732afca9fad27\CleanStartController.ni.dll
2019-09-25 09:47 - 2019-03-29 18:05 - 002188288 _____ () [File not signed] H:\JUEGOS1\PhoenixPointBackerBuild2\PhoenixPointWin64_Data\Plugins\AkSoundEngine.dll
2019-09-25 09:47 - 2019-03-29 18:05 - 001277952 _____ () [File not signed] H:\JUEGOS1\PhoenixPointBackerBuild2\PhoenixPointWin64_Data\Plugins\ncoproxy.dll
2019-09-18 13:26 - 2019-09-18 13:26 - 000134656 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\260b8c25be938a9b1340fc28b1e60c4b\CommonPortable.ni.dll
2019-04-07 10:19 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] D:\juegos1\7zip\7-Zip\7-zip.dll
2017-09-28 18:41 - 2017-09-28 18:41 - 000266240 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys [2560]
AlternateDataStreams: C:\Users\All Users:gs5sys [2560]
AlternateDataStreams: C:\Users\enike:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Datos de programa:gs5sys [2560]
AlternateDataStreams: C:\Users\enike\Configuración local:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Plantillas:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local\Historial:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Archivos de usuario de paint.net:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Battlestations-Midway:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\FLiNGTrainer:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Imperium:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Jagged Alliance Rage:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Larian Studios:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Master of Orion:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\MEGA:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Nexus Mod Manager:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\SEGA:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Visual Studio 2017:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zam64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zamguard64.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2017-10-09 13:22 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 87.216.1.65 - 87.216.1.66
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "HP Audio Switch.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SteelSeries Engine 3.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealSense Training.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "hola"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F20F710A8B8C4569C38BB42E17F992F5"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "GalaxyClient"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D4278134-21B8-4472-AF95-F89BF3895E3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6C125D0A-4D4E-4FCB-8396-D0228E1A84DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BAF0CA70-5A9A-447F-B42D-27D98703F4FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F0231167-DD85-4C86-947E-D52D0AA4CCDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B7BE8485-D2E2-4182-AE82-83C130C91B13}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{02B30A64-4BA6-441D-AFBF-94CAF93DEC5A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9C5104B2-561B-484C-A79B-AEEA7FEEB998}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Bug Reporter.exe No File
FirewallRules: [{16E3E9B0-D634-48C0-A6F0-929B5EA21E4E}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Bug Reporter.exe No File
FirewallRules: [{013D20FC-5E82-4E4D-8E0B-72E06F1870C6}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Ultimate General Multiplayer.exe No File
FirewallRules: [{4F91A69A-076F-459B-A5E3-96CEDDC7B696}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Ultimate General Multiplayer.exe No File
FirewallRules: [{6361E0CC-E1A0-42DA-B5FB-FD91BFC9E5D0}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Ultimate General Gettysburg.exe No File
FirewallRules: [{0A7597A3-C6FE-44EB-B838-DFCA37E4501F}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Ultimate General Gettysburg.exe No File
FirewallRules: [{D1FED389-FBD6-449E-A8A0-B93D91F26743}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EFA59492-5843-4237-BC50-C6261CE23B2C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6F5F1C20-E074-40F3-9AFD-1E846FDF8C4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{136C8D52-52F3-4C24-B42C-2049E4170660}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{71CBBF23-4FB0-4DD6-93D0-E590E3198635}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EAA4EC63-FC5A-4858-97EF-15B6EC78A5F0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8A58268B-EBED-44D0-A342-702D196AEAC0}] => (Allow) C:\Users\enike\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{AD747BF7-32EF-42AF-9FA1-DFCAC310E351}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{E53428CB-04F3-4BDD-80FC-FDCE396935B3}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{90F652E0-C634-46C8-996F-C52FB59542A8}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0C242A73-B723-4037-BF0E-5CC80F76833A}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6A4D9C06-9E00-42EB-8148-1003C31F6FCA}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{90463F38-EA97-4623-8B1D-AE2C6B967315}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D8A9F047-571A-4AE2-8D3B-3C92A39A68EB}] => (Allow) D:\juegos1\World of Tanks\WoTLauncher.exe No File
FirewallRules: [{58091C24-2BB7-4E82-AEFF-6F2B329E2525}] => (Allow) D:\juegos1\World of Tanks\WoTLauncher.exe No File
FirewallRules: [{AF75D871-7094-428F-92D2-501CD4CA9FA9}] => (Allow) D:\juegos1\World of Tanks\worldoftanks.exe No File
FirewallRules: [{1B007FD7-5597-4904-857E-050794FFA1E0}] => (Allow) D:\juegos1\World of Tanks\worldoftanks.exe No File
FirewallRules: [{48D05EF4-F3E0-4800-B6C3-5BCFD510994A}] => (Allow) D:\juegos1\Steam\Steam.exe No File
FirewallRules: [{1B073A39-9A1E-4249-9070-1AFBABAFF06C}] => (Allow) D:\juegos1\Steam\Steam.exe No File
FirewallRules: [{59637954-059B-4524-8421-C669C2D760FB}] => (Allow) D:\juegos1\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{248F135A-C230-4541-A9F0-287C524A7BCD}] => (Allow) D:\juegos1\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{A79AC657-0E19-4CC8-8BB6-AAF698838994}] => (Allow) D:\juegos1\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [{8DAC412C-AB0F-4AE6-9771-00637020CC13}] => (Allow) D:\juegos1\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [{16182DFF-8B3A-4492-91FB-D734905099C0}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{9085A07E-8EB4-404B-B5D9-8067FF495094}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{62F11FF9-DF66-499C-ADB3-00BF52BEC3DD}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C7F218F8-D612-4108-B2B1-844EDB83337A}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{370BAFD9-DCE6-4206-91B4-CD054CB35D03}D:\juegos1\divinity original sin 2 multi5\bin\eocapp.exe] => (Allow) D:\juegos1\divinity original sin 2 multi5\bin\eocapp.exe No File
FirewallRules: [UDP Query User{41458C23-C29E-4416-B2C8-0EC8F580BA1A}D:\juegos1\divinity original sin 2 multi5\bin\eocapp.exe] => (Allow) D:\juegos1\divinity original sin 2 multi5\bin\eocapp.exe No File
FirewallRules: [{0A1DAED1-74FE-4D73-B152-C8074D82D882}] => (Allow) C:\Users\enike\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{71757365-66AE-48E0-BDF1-0830C72ABEAA}] => (Allow) D:\juegos1\Divinity Original Sin 2 MULTi5\bin\Divinity Original Sin 2 V3.0.180.158 Trainer +14 MrAntiFun.EXE No File
FirewallRules: [{8E65C64B-BA6A-42E2-A664-74B6ADAFB6C1}] => (Allow) D:\juegos1\Divinity Original Sin 2 MULTi5\bin\Divinity Original Sin 2 V3.0.180.158 Trainer +14 MrAntiFun.EXE No File
FirewallRules: [{B7E48F24-E8EF-4C24-A259-5BDB7BA2C595}] => (Allow) D:\juegos1\Divinity Original Sin 2 MULTi5\bin\Divinity Original Sin 2 V3.0.180.158 Trainer +14 MrAntiFun.EXE No File
FirewallRules: [{3FB642BF-19E3-40EC-9531-B333D6D210B4}] => (Allow) D:\juegos1\Divinity Original Sin 2 MULTi5\bin\Divinity Original Sin 2 V3.0.180.158 Trainer +14 MrAntiFun.EXE No File
FirewallRules: [TCP Query User{02E7F50F-A8F5-4C0E-B052-8FE4A9D5D839}D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [UDP Query User{87F43A3D-CD38-46F2-BB6E-8B5FFC889E25}D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [TCP Query User{19AE086A-F237-43E5-B165-1675FA0452B5}D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [UDP Query User{D92847B2-2D62-4856-8C22-AF3F63262249}D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [{88AFD397-76BB-4D1F-ACDA-D4A503D03472}] => (Allow) D:\juegos1\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{863AA1C6-F72C-4DA1-8970-24175838A5B9}] => (Allow) D:\juegos1\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [TCP Query User{68779D13-6848-4681-819B-A162F3D0B314}D:\juegos1\wotc dlc\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\wotc dlc\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [UDP Query User{1C4CA52B-C73F-4DA5-82A8-2C788EE05C08}D:\juegos1\wotc dlc\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\wotc dlc\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [{2952B52E-E273-44FC-97FA-30F2C5F86E92}] => (Allow) D:\juegos1\Steam\steamapps\common\Battlestations Midway Multiplayer Demo\Battlestationsmidway.exe No File
FirewallRules: [{958C2A65-17C2-4871-B787-F0CD95CDCA98}] => (Allow) D:\juegos1\Steam\steamapps\common\Battlestations Midway Multiplayer Demo\Battlestationsmidway.exe No File
FirewallRules: [{B55E2442-96C7-4D02-B656-80DBCEB5CB00}] => (Allow) D:\juegos1\Steam\steamapps\common\Battlestations Midway Multiplayer Demo\Options.exe No File
FirewallRules: [{018B1017-C983-43F0-94A5-7D9F7988F930}] => (Allow) D:\juegos1\Steam\steamapps\common\Battlestations Midway Multiplayer Demo\Options.exe No File
FirewallRules: [TCP Query User{7FD4FBD6-D71E-48BC-8403-47E6D756877C}D:\juegos1\master of orion\masteroforion.exe] => (Allow) D:\juegos1\master of orion\masteroforion.exe No File
FirewallRules: [UDP Query User{C329E490-461C-41D7-B374-4B5CEBFD6712}D:\juegos1\master of orion\masteroforion.exe] => (Allow) D:\juegos1\master of orion\masteroforion.exe No File
FirewallRules: [TCP Query User{8FE7035D-1398-4112-AE35-187540EB4EDB}D:\juegos1\battletech\master of orion gog\masteroforion.exe] => (Allow) D:\juegos1\battletech\master of orion gog\masteroforion.exe No File
FirewallRules: [UDP Query User{F3E58CD0-8345-4A2C-803F-4A06C18C6BC9}D:\juegos1\battletech\master of orion gog\masteroforion.exe] => (Allow) D:\juegos1\battletech\master of orion gog\masteroforion.exe No File
FirewallRules: [TCP Query User{3908AC39-C8BC-453C-9372-DC4CF5FB2221}D:\juegos1\master of orion\masteroforion.exe] => (Allow) D:\juegos1\master of orion\masteroforion.exe No File
FirewallRules: [UDP Query User{8F5FB092-74C9-422C-8EFE-8CEB157E0D0F}D:\juegos1\master of orion\masteroforion.exe] => (Allow) D:\juegos1\master of orion\masteroforion.exe No File
FirewallRules: [{1149D0A1-C017-4FB1-A2DC-8BA4B1DAC3A5}] => (Allow) D:\juegos1\ATOM 1.083\ATOM.RPG.v1.083\Unity Hub\Unity Hub.exe No File
FirewallRules: [TCP Query User{FD4BF708-1C10-4D9C-B0F1-15A0258CC4AC}D:\juegos1\atom 1.083\atom.rpg.v1.083\unity hub\unity hub.exe] => (Allow) D:\juegos1\atom 1.083\atom.rpg.v1.083\unity hub\unity hub.exe No File
FirewallRules: [UDP Query User{C68B001E-932C-499C-8465-7CDD73ECA335}D:\juegos1\atom 1.083\atom.rpg.v1.083\unity hub\unity hub.exe] => (Allow) D:\juegos1\atom 1.083\atom.rpg.v1.083\unity hub\unity hub.exe No File
FirewallRules: [{611293EB-CEA5-4FC0-B226-EFBC1389700C}] => (Allow) C:\Program Files\Unity\Hub\Editor\2019.1.0f2\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{94E6F224-3B71-4B76-9894-8EF0F672AF2A}] => (Block) C:\Program Files\Unity\Hub\Editor\2019.1.0f2\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [TCP Query User{EF3050CF-A26F-4DBA-ACD4-7E67A3212D84}C:\program files\unity\hub\editor\2019.1.0f2\editor\unity.exe] => (Allow) C:\program files\unity\hub\editor\2019.1.0f2\editor\unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [UDP Query User{1459A321-2B9D-4E49-979D-067C0CB58598}C:\program files\unity\hub\editor\2019.1.0f2\editor\unity.exe] => (Allow) C:\program files\unity\hub\editor\2019.1.0f2\editor\unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [TCP Query User{25DB576C-C6F7-4275-BC27-99779BC7DCE4}D:\juegos1\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\juegos1\wargaming.net\gamecenter\wgc.exe No File
FirewallRules: [UDP Query User{43E629DA-85F7-441F-A08A-A88B0AB562A3}D:\juegos1\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\juegos1\wargaming.net\gamecenter\wgc.exe No File
FirewallRules: [{DCD1998C-1A0C-432D-A4A9-2ED81903DF4E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [TCP Query User{7EB57150-FAF5-41E6-B518-938654EF92A7}H:\emulador_ppssppwindows64\ppssppwindows64.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows64.exe No File
FirewallRules: [UDP Query User{83C7504F-FBCA-453A-B189-00C537A08425}H:\emulador_ppssppwindows64\ppssppwindows64.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows64.exe No File
FirewallRules: [TCP Query User{7B4E146C-E2C7-4EEA-A52B-C043CB4BFE8A}H:\emulador_ppssppwindows64\ppssppwindows64.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows64.exe No File
FirewallRules: [UDP Query User{6AEA4D08-F60D-4DEB-865D-751A43F90F82}H:\emulador_ppssppwindows64\ppssppwindows64.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows64.exe No File
FirewallRules: [TCP Query User{FA3FF63A-1C81-44A5-AC9C-90927CC5BDBB}H:\emulador_ppssppwindows64\ppssppwindows.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows.exe No File
FirewallRules: [UDP Query User{891FC294-1896-4CEC-8ECE-C54F5DACE64C}H:\emulador_ppssppwindows64\ppssppwindows.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows.exe No File
FirewallRules: [{5DA5A1BC-B492-4AE6-9277-C9E470E6EFBF}] => (Allow) C:\Programas\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{907A05BC-43FB-49CA-B1E6-B350E6029C6A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C3074C75-0E0C-40E7-9B6B-E41B84239CA5}] => (Allow) C:\Programas\Opera\63.0.3368.71\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{043D9164-892E-43F0-8D09-6064CD6EF473}H:\torrent\acabadas\xenonauts 2\xenonauts2.exe] => (Allow) H:\torrent\acabadas\xenonauts 2\xenonauts2.exe () [File not signed]
FirewallRules: [UDP Query User{4CD2BB39-DA2F-427D-A194-88FC7684AA39}H:\torrent\acabadas\xenonauts 2\xenonauts2.exe] => (Allow) H:\torrent\acabadas\xenonauts 2\xenonauts2.exe () [File not signed]
FirewallRules: [TCP Query User{BDDD9B38-03A5-4849-86F3-CDFBA6C50D03}H:\juegos1\phoenixpointbackerbuild\phoenixpointbackerbuild\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild\phoenixpointbackerbuild\phoenixpointwin64.exe () [File not signed]
FirewallRules: [UDP Query User{31121234-5FC2-4B8F-80AE-F9F0A577D74E}H:\juegos1\phoenixpointbackerbuild\phoenixpointbackerbuild\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild\phoenixpointbackerbuild\phoenixpointwin64.exe () [File not signed]
FirewallRules: [TCP Query User{1758818E-61E4-4A59-8D49-0A284A9088D8}H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe () [File not signed]
FirewallRules: [UDP Query User{24B00BDC-084F-46C1-8BF3-4DA6623C94A3}H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe () [File not signed]
FirewallRules: [TCP Query User{C8B5E8A7-E6EA-45F0-A625-D2B3B72FC0AD}H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe () [File not signed]
FirewallRules: [UDP Query User{6BF208B8-763E-4CE4-A8CF-55691DC717A8}H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe () [File not signed]

==================== Restore Points =========================
==================== Restore Points =========================

21-09-2019 14:33:31 Punto de control programado
25-09-2019 05:35:02 Operación de restauración

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/28/2019 11:21:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19858843

Error: (09/28/2019 11:21:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19858843

Error: (09/28/2019 11:21:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/28/2019 05:50:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7109

Error: (09/28/2019 05:50:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7109

Error: (09/28/2019 05:50:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/28/2019 05:50:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5250

Error: (09/28/2019 05:50:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5250


System errors:
=============
Error: (09/28/2019 11:21:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/28/2019 05:49:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/28/2019 01:48:40 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-2K7O7TJC)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 y APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 al usuario LAPTOP-2K7O7TJC\enike con SID (S-1-5-21-1972068837-1164276130-3522050345-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/27/2019 10:58:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/27/2019 06:02:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/27/2019 04:30:42 AM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk2\DR2.

Error: (09/26/2019 07:32:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Servicio biométrico de Windows se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (09/26/2019 11:41:56 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-2K7O7TJC)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 y APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 al usuario LAPTOP-2K7O7TJC\enike con SID (S-1-5-21-1972068837-1164276130-3522050345-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2019-09-26 12:04:27.818
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {8CCE7292-3EA5-48A2-A9E4-FC665338415A}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-09-25 09:40:33.300
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {74E8C134-CD35-4271-A2C5-653385E79FE2}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-09-25 03:42:45.275
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CryptInj.BA!MTB&threatid=2147742433&enterprise=0
Nombre: Trojan:Win32/CryptInj.BA!MTB
Id.: 2147742433
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\enike\AppData\Local\5fab4e27-31da-4cad-a5a4-5466971cbde8\4.exe; file:_C:\Users\enike\AppData\Local\Microsoft\Windows\INetCache\IE\JL1UVXMK\4[1].exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: LAPTOP-2K7O7TJC\enike
Nombre de proceso: C:\Users\enike\AppData\Local\Temp\4217764443.exe
Versión de firma: AV: 1.303.81.0, AS: 1.303.81.0, NIS: 1.303.81.0
Versión de motor: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-09-25 03:42:45.272
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CryptInj.BA!MTB&threatid=2147742433&enterprise=0
Nombre: Trojan:Win32/CryptInj.BA!MTB
Id.: 2147742433
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\enike\AppData\Local\5fab4e27-31da-4cad-a5a4-5466971cbde8\4.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: LAPTOP-2K7O7TJC\enike
Nombre de proceso: C:\Users\enike\AppData\Local\Temp\4217764443.exe
Versión de firma: AV: 1.303.81.0, AS: 1.303.81.0, NIS: 1.303.81.0
Versión de motor: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-09-18 00:37:00.759
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {C701B21C-4FDB-4066-9753-26C387504A15}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-09-27 23:08:21.163
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.303.195.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16400.2
Código de error: 0x8024402c
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-09-27 01:37:48.707
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.303.195.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16400.2
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-09-25 07:10:43.465
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.303.92.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16400.2
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 

Date: 2019-09-25 07:00:41.761
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-09-25 06:46:46.761
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

CodeIntegrity:
===================================

Date: 2019-09-25 09:20:28.740
Description: 
Windows blocked file \Device\HarddiskVolume5\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-09-25 09:20:18.406
Description: 
Windows blocked file \Device\HarddiskVolume5\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-09-25 09:19:58.537
Description: 
Windows blocked file \Device\HarddiskVolume5\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-09-25 09:19:58.531
Description: 
Windows blocked file \Device\HarddiskVolume5\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-09-25 09:19:58.518
Description: 
Windows blocked file \Device\HarddiskVolume5\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-09-25 09:19:58.481
Description: 
Windows blocked file \Device\HarddiskVolume5\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-09-25 09:19:58.476
Description: 
Windows blocked file \Device\HarddiskVolume5\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-09-25 09:19:58.470
Description: 
Windows blocked file \Device\HarddiskVolume5\Windows\System32\scrobj.dll which has been disallowed for protected processes.

==================== Memory info =========================== 

BIOS: Insyde F.23 10/13/2016
Motherboard: HP 8260
Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 71%
Total physical RAM: 16345.78 MB
Available physical RAM: 4696.99 MB
Total Virtual: 26073.78 MB
Available Virtual: 7422.16 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:236.5 GB) (Free:87.87 GB) NTFS
Drive d: (DATA) (Fixed) (Total:919.2 GB) (Free:99.48 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:12.31 GB) (Free:1.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (Elements) (Fixed) (Total:2794.49 GB) (Free:2214.48 GB) NTFS

\\?\Volume{e7fec484-f968-441e-875b-de736c3a8e60}\ () (Fixed) (Total:1.7 GB) (Free:0.99 GB) NTFS
\\?\Volume{263c4778-2e8e-48c9-ae27-7f01dcb8c88c}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 82165C24)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: F37ECA01)

Partition: GPT.

========================================================
Disk: 2 (Size: 2794.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==================== End of Addition.txt ============================

Lo primero,corta y pega Frst.exe,en el escritorio,pues se indicaba muy claro que se ejecutase desde ese lugar

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\MountPoints2: {730157da-4602-11e9-b94d-d0577b73a928} - "K:\autorun.exe" 
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\MountPoints2: {f2025a90-4a7f-11e8-b922-d0577b73a928} - "G:\setup.exe" 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
S2 0315221537364018mcinstcleanup; C:\WINDOWS\TEMP\031522~1.EXE -cleanup -nolog [X]
S3 Disc Soft Lite Bus Service; "D:\programas\DAEMON Tools Lite\DiscSoftBusServiceLite.exe" [X]
S3 GalaxyClientService; "D:\GOG Galaxy\GOG Galaxy\GalaxyClientService.exe" [X]
2019-09-25 03:43 - 2019-09-25 03:43 - 000000000 ____D C:\ProgramData\7FK4NT5PQSLFT6M7BRT0VVZDU
2019-09-25 03:42 - 2019-09-25 03:43 - 000000000 ____D C:\Users\enike\AppData\Local\5fab4e27-31da-4cad-a5a4-5466971cbde8
2017-12-13 10:39 - 2017-12-13 10:39 - 000000068 _____ () C:\Users\enike\AppData\Local\yjUzkVAfQv
2017-12-17 12:39 - 2017-12-17 12:39 - 000000068 _____ () C:\Users\enike\AppData\Local\zuNMvflzFm
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [Chromium] => c:\users\enike\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed]
AlternateDataStreams: C:\ProgramData:gs5sys [2560]
2019-09-25 09:40 - 2017-08-23 22:40 - 000000000 _____ C:\Users\enike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
c:\users\enike\appdata\local\chromium
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "Chromium"
AlternateDataStreams: C:\Users\All Users:gs5sys [2560]
AlternateDataStreams: C:\Users\enike:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Datos de programa:gs5sys [2560]
AlternateDataStreams: C:\Users\enike\Configuración local:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Plantillas:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local\Historial:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Archivos de usuario de paint.net:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Battlestations-Midway:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\FLiNGTrainer:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Imperium:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Jagged Alliance Rage:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Larian Studios:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Master of Orion:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\MEGA:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Nexus Mod Manager:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\SEGA:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Visual Studio 2017:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro (Aplicable a Windows 10)?, para trabajar desde ese modo de windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2)

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, ademas este otro log

perdona por no contestar pero es que sigo con el virus y me ha vuelto a infectar hora con la terminación .kuub. Me ha fastidiado todos los programas que me había bajado de nuevo-. Atentamente

Realizaste los pasos que te indique en mi última respuesta?

Es que si no lo realizaste no has terminado de desinfectar el PC…

O te descargaste algo nuevo???

hola no pude estuve ocupado bajandome programas que necesitaba urgentemente y cuando me disponia hacerlo, el kuub me fastidio hasta los archivos frst y adddition que me hizo el disclamer

de hecho he intentado bajarme algo ahora y rapidamente el kuub me los ha fastidiado. en el inicio tengo un archivo 31097499288.exe que me ha aparecido magicamente

lo he desabilitado. pero no se si pedo eliminarlo, no tiene anunciante y se me instalo poco antes de que empezara a convertir archivos koob

siguiendo los pasos para eliminarlo he encontrado en HKEY_CURRENT_USER…\RUN ESE 31097499288.EXE -AUTOSTART PERO NO SE SI BORRARLO ESTA EN UN REGISTRO DE SysHelper

HOLA ¿la copia de seguridad, la hago en modo a prueba de fallos o en modo normal?

tengo una copia de seguridad del dia 20/9, si la reinstalo me eliminara el virus?

Si no realizaste lo indicado, normal lo que te ha ocurrido …

Es importante realizar lo que se indica o ya ves las consecuencias.

Realiza lo que te indique y pon los logs

La copia del dia 20…si ya tenias el virus no serviría.

Y ademas,puede que descargando programas ,pudieses volver a infctarte,pues si no los descargaste de fuentes fiables…o tu sabrás que instalaste

El Delfix usalo en modo normal

Tienes que esperar a que yo te diga,antes de descargar ni instalar nada que no se indique

casi todo lo que me baje fue de paginas oficiales
 que es el delfix?
ahora no tengo internet en el otro ordenador, estoy en modo a prueba de fallos sin red, pues no me reconoce el wifi solo ethernet
y sobre el archivo

 
HKEY_CURRENT_USER…\RUN ESE 31097499288.EXE -AUTOSTART
[/quote] lo elimino y su entrada en el registro?

ademas en el ordenador infectado se me cierran las ventanas del explorador

Por favor,lee mi respuesta que te habia puesto,con los pasos para seguir desinfectando el pc.

Realizalos,me pones los logs y ya te indico

Espera que se indiquen los pasos…

tengo un problema el kuub no me creo fichero readme, ,sol,o, ,tengo, ,el ,del ,virus ,nasa