Necesito ayuda con Ransomvare extensión .nesa

DR WEB

Total 1747311008850 bytes in 1052160 files scanned (1234435 objects) Total 1052135 files (1234228 objects) are clean Total 8 files are infected Total 195 files are raised error condition Scan time is 04:03:23.132

Start curing

Ahora realiza de nuevo un análisis con Frst y me pegas los dos logs

NO puedo

Cuando le doy a ejecutar me sale un mensaje qu se actualizo(Update) y enseguida un mensaje de que si le permito ejecutarlo, le digo que si y vuelve a actualizarse y salir el mensaje de ejecutarse y asi en un ciclo sin fin(si le digo que no se me cierra totalmente)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2019
Ran by enike (03-10-2019 16:18:36)
Running from C:\Users\enike\Desktop
Windows 10 Home Version 1803 17134.950 (X64) (2018-09-16 02:32:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1972068837-1164276130-3522050345-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1972068837-1164276130-3522050345-503 - Limited - Disabled)
enike (S-1-5-21-1972068837-1164276130-3522050345-1001 - Administrator - Enabled) => C:\Users\enike
Invitado (S-1-5-21-1972068837-1164276130-3522050345-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1972068837-1164276130-3522050345-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\uTorrent) (Version: 3.5.5.45341 - BitTorrent Inc.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Actualización de NVIDIA 31.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.2.0.0 - NVIDIA Corporation) Hidden
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Application Verifier x64 External Package (HKLM\...\{D9908CED-5ABB-FEE9-FC84-743F4D38637C}) (Version: 10.1.16299.15 - Microsoft) Hidden
Asistente para actualización a Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
ATOM RPG MULTi2 - ElAmigos version 1.067 (HKLM-x32\...\{226712C0-0C70-418D-BB03-AD5089E3302B}_is1) (Version: 1.067 - AtomTeam)
ATOM RPG v.1.107 (HKLM-x32\...\ATOM RPG_is1) (Version:  - )
BATTLETECH (HKLM-x32\...\1482783682_is1) (Version: 1.0.2-277r - GOG.com)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Combat Mission Afghanistan version 1.0 (HKLM-x32\...\{C17A399E-3AA0-4B68-9ED2-977A44AE12F4}_is1) (Version: 1.0 - GamersGate)
Combat Mission Afrika Korps (HKLM-x32\...\Combat Mission Afrika Korps v1.0_is1) (Version:  - Battlefront.com, Inc.)
Combat Mission Barbarossa to Berlin (HKLM-x32\...\Combat Mission Barbarossa to Berlin v1.3_is1) (Version:  - Battlefront.com, Inc.)
Combat Mission Battle for Normandy (HKLM-x32\...\CMBN10_is1) (Version:  - Battlefront.com)
Combat Mission Shock Force (HKLM-x32\...\Combat Mission Shock Force_is1) (Version:  - Battlefront.com)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.0948 - Disc Soft Ltd)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.36 - NVIDIA Corporation) Hidden
Divinity Original Sin 2 MULTi5 (HKLM-x32\...\Divinity Original Sin 2 MULTi5_is1) (Version:  - )
Dreadnought (HKLM-x32\...\Dreadnought) (Version: 1.0.1 - Grey Box)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Expeditions Viking Iron Man (HKLM-x32\...\Expeditions Viking Iron Man_is1) (Version:  - )
Field of Glory II (HKLM\...\SKIDROW - Field of Glory II) (Version:  - SKIDROW)
Gestor de cámara con sensor de profundidad Intel® RealSense™ SR300 (HKLM-x32\...\ARP_for_prd_dcm_runtime_sr300_3.3.27.5718) (Version: 3.3.27.5718 - Intel Corporation)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Audio Switch (HKLM\...\HPAudioSwitch) (Version: 1.0.105.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{b0ebf7ff-6b1a-4a92-9c85-6915be1962b9}) (Version: 5.1.19895 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8351.5556 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{E8FF0A82-0696-4347-B4AE-708DE306FFE9}) (Version: 12.12.32.3 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel RealSense Training (HKLM-x32\...\Intel RealSense Training) (Version: 1.16 - Intel)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1069 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{58853C0C-0E7D-4320-96AC-4D64027624FC}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® RealSense™ Depth Camera Manager Gold (x86): dptf_com (HKLM-x32\...\{8B2F7F6E-80C4-11E6-9806-2C44FD873B55}) (Version: 2.3.27.5718 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager SR300 Gold (x86): Intel® RealSense™ 3D camera SR300 IO module (HKLM-x32\...\{9631A4C0-80C4-11E6-AC2C-2C44FD873B55}) (Version: 3.3.27.5718 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager SR300 Gold (x86): Intel® RealSense™ Depth Camera Manager Service (HKLM-x32\...\{8FD07ECF-80C4-11E6-A604-2C44FD873B55}) (Version: 3.3.27.5718 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_v6_6.0.21.6598) (Version: 6.0.21.6598 - Intel Corporation)
Intel® RealSense™ SDK Runtime Gold (x86): Core (HKLM-x32\...\{EC8ABDF0-358B-11E5-82EB-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Data Collector (HKLM-x32\...\{E3A02E00-358B-11E5-81F8-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Hand Tracking (HKLM-x32\...\{D74B980F-358B-11E5-B6FE-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Hand Tracking: Models (HKLM-x32\...\{ED5C65CF-358B-11E5-9F51-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Jagged Alliance Rage MULTi10 - ElAmigos versión 1.0 (HKLM-x32\...\{D300C957-0271-429F-85C9-C526FDD6AD41}_is1) (Version: 1.0 - HandyGames)
Kits Configuration Installer (HKLM-x32\...\{86E59C8F-61D5-1782-A3CE-60AE7E4D7791}) (Version: 10.1.16299.15 - Microsoft) Hidden
Master of Orion - Retro Fleets (HKLM-x32\...\1436385130_is1) (Version: 2.12.0.20 - GOG.com)
Master of Orion - Terran Khanate (HKLM-x32\...\1240899991_is1) (Version: 2.12.0.20 - GOG.com)
Master of Orion (HKLM-x32\...\1441029515_is1) (Version: 2.15.0.23 - GOG.com)
Master of Orion (HKLM-x32\...\Master of Orion_is1) (Version:  - )
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.11929.20300 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27029 (HKLM-x32\...\{64ff2cb0-807c-4ee9-87ef-ec1b2ede0daf}) (Version: 14.16.27029.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27029 (HKLM-x32\...\{f50edb7e-c25e-47b4-bc4f-7ec4a4d256b1}) (Version: 14.16.27029.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1100.314 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x64 es-ES) (HKLM\...\Mozilla Firefox 61.0.1 (x64 es-ES)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
MSI Development Tools (HKLM-x32\...\{973CACA2-E018-065B-0580-F2784802E299}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Mutant Year Zero Road to Eden MULTi11 - ElAmigos versión 18.12.2018 (HKLM-x32\...\{F9F7F7EB-D4D1-4245-ABD1-357F42E566AB}_is1) (Version: 18.12.2018 - Funcom)
Mutant Year Zero Road to Eden Seed of Evil (HKLM-x32\...\Mutant Year Zero Road to Eden Seed of Evil_is1) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming)
NVIDIA Controlador de audio HD 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.14.0.139 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.0.139 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
OpenOffice 4.1.5 (HKLM-x32\...\{A93E0F8F-B3C1-4784-916D-15865808017B}) (Version: 4.15.9789 - Apache Software Foundation)
Opera Stable 63.0.3368.71 (HKLM-x32\...\Opera 63.0.3368.71) (Version: 63.0.3368.71 - Opera Software)
Overland (HKLM-x32\...\1429928925_is1) (Version: 600 - GOG.com)
paint.net (HKLM\...\{B998B716-4001-4919-BA90-BA14B51DFEB5}) (Version: 4.1.6 - dotPDN LLC)
Panel de control de NVIDIA 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 398.36 - NVIDIA Corporation) Hidden
Paquete de compatibilidad redirigido de documentación de Microsoft .NET Framework 4.7.1 (español) (HKLM-x32\...\{927FF4FD-8E47-4022-8545-22FD78FBC2AB}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
Peninsular War Battles (HKLM\...\cGVuaW5zdWxhcndhcmJhdHRsZXM_is1) (Version: 1 - )
President Yukino Uncencored (HKLM\...\DARKSiDERS - President Yukino Uncencored) (Version:  - DARKSiDERS)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21289 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.13.1223.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
SDK ARM Additions (HKLM-x32\...\{7922BB77-0B59-840A-AC80-D560A34D75C5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{C87DF65C-A672-7E08-A083-E7D48FE8DB70}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 4.15.4257.0 - Hi-Rez Studios)
Software Intel® PROSet/Wireless (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel(R) Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.9.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.9.1 - SteelSeries ApS)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
TextCrawler Free 3.0.3 (HKLM-x32\...\TextCrawler Free) (Version: 3.0.3 - DigitalVolcano Software Ltd)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Ultimate Epic Battle Simulator v1.5 (HKLM\...\dWx0aW1hdGVlcGljYmF0dGxlc2ltdWxhdG9y_is1) (Version: 1 - )
Ultimate General Civil War (HKLM-x32\...\Ultimate General Civil War_is1) (Version:  - )
Unity (HKLM-x32\...\Unity) (Version: 2019.1.0f2 - Unity Technologies ApS)
Unity Hub 1.6.1 (HKLM\...\Unity Technologies - Hub) (Version: 1.6.1 - Unity Technologies Inc.)
Universal CRT Extension SDK (HKLM-x32\...\{A5FA2886-1925-133F-0D41-B9A8ECEA0A2D}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{B739B4C5-EEEC-8E70-0276-38C4779AF398}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A9D6F52C-694E-3E41-7AB8-5BEB644742A5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{E053089E-7953-3219-814F-F485FC151C54}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{B9424F08-0617-C4F6-A798-5A9250C1A738}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{D261CEA1-AB8D-9CFA-4407-BCEFC78661AC}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Valkyria Chronicles (HKLM-x32\...\Valkyria Chronicles_is1) (Version:  - )
Valkyria Chronicles (HKLM-x32\...\Valkyria Chronicles_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Valkyria Chronicles 4 MULTi8 - ElAmigos versión 15.10.2018 (HKLM-x32\...\{21C30336-8486-4721-8B6D-2EC3784E612F}_is1) (Version: 15.10.2018 - SEGA)
vcpp_crt.redist.clickonce (HKLM-x32\...\{32DF9B1B-E622-4385-99E0-02461A428363}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Visual Studio Community 2017 (HKLM-x32\...\e3803192) (Version: 15.9.28307.586 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{340226AB-D0EF-4715-A331-AB3A416B5018}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{E70CC1B8-7ED5-4495-9C52-603FE87F38F4}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
Wargaming.net Game Center (HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Wargaming.net Game Center) (Version: 19.2.0.4533 - Wargaming.net)
Web Companion (HKLM-x32\...\{bc046938-66d1-48f3-bcad-394328e01dfc}) (Version: 4.0.1780.3335 - Lavasoft)
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
WeMod (HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\WeMod) (Version: 6.2.5 - WeMod)
WinAppDeploy (HKLM-x32\...\{9690D51C-4435-1C20-7819-66CCAB0F03F9}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{385A1387-A488-9E90-3635-086129610034}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{D7DD3171-DA58-52A1-95B2-4769640855AF}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7336279F-8F8F-5530-A543-3BE963846C0A}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E414A474-0A87-4F66-C409-A4D9857CFD34}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{CE760B86-975B-F514-5673-0ED4332B801B}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{5E67F8BE-D8D2-257F-CE19-419A2D5125C7}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{A2AA063E-AF50-A1F5-8925-A06EB1556644}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{7D4C7F4A-02A9-E434-6451-C8787DF28C1F}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{BC467065-9374-5345-DA3F-FCF073304A25}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
World of Tanks EU (HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\WOT.EU.PRODUCTION) (Version:  - Wargaming.net)
XCOM 2 War of the Chosen (HKLM-x32\...\XCOM 2 War of the Chosen_is1) (Version:  - )
Xenonauts 2 Demo (HKLM-x32\...\1497289938_is1) (Version: kickstarter demo - GOG.com)

Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.148.400.0_x86__kgqvnymyfvs32 [2019-09-25] (king.com)
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
File Viewer Plus -> C:\Program Files\WindowsApps\SharpenedProductions.FileViewerPlus_3.2.1.0_x86__xkt78gamzntbr [2019-09-25] (Sharpened Productions)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2019-09-25] (HP Inc.)
HP LOUNGE -> C:\Program Files\WindowsApps\UniversalMusicMobile.HPLOUNGE_2.1.1.0_x64__3ms5eyejfeart [2019-09-25] (Universal Music Mobile)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Microsoft News: Noticias destacadas en español -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Studios) [MS Ad]
MSN Deportes -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
MSN Dinero -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
MSN El Tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.94.574.0_x64__mcm4njqhnhss8 [2019-09-28] (Netflix, Inc.)
Teléfono Microsoft -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2019-09-25] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\juegos1\7zip\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => D:\programas\DAEMON Tools Lite\dtshl64.dll [2019-10-02] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => D:\programas\DAEMON Tools Lite\dtshl64.dll [2019-10-02] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\juegos1\7zip\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-06-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\juegos1\7zip\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-04-07 10:19 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] D:\juegos1\7zip\7-Zip\7-zip.dll
2017-09-28 18:41 - 2017-09-28 18:41 - 000266240 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys [2560]
AlternateDataStreams: C:\Users\All Users:gs5sys [2560]
AlternateDataStreams: C:\Users\enike:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Datos de programa:gs5sys [2560]
AlternateDataStreams: C:\Users\enike\Configuración local:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Plantillas:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local\Historial:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Archivos de usuario de paint.net:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Battlestations-Midway:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\FLiNGTrainer:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Imperium:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Jagged Alliance Rage:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Larian Studios:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Master of Orion:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\MEGA:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Nexus Mod Manager:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\SEGA:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Visual Studio 2017:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zam64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zamguard64.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2017-10-09 13:22 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 87.216.1.65 - 87.216.1.66
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "HP Audio Switch.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SteelSeries Engine 3.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealSense Training.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "hola"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F20F710A8B8C4569C38BB42E17F992F5"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "SysHelper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D4278134-21B8-4472-AF95-F89BF3895E3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6C125D0A-4D4E-4FCB-8396-D0228E1A84DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BAF0CA70-5A9A-447F-B42D-27D98703F4FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F0231167-DD85-4C86-947E-D52D0AA4CCDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B7BE8485-D2E2-4182-AE82-83C130C91B13}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{02B30A64-4BA6-441D-AFBF-94CAF93DEC5A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9C5104B2-561B-484C-A79B-AEEA7FEEB998}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Bug Reporter.exe No File
FirewallRules: [{16E3E9B0-D634-48C0-A6F0-929B5EA21E4E}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Bug Reporter.exe No File
FirewallRules: [{013D20FC-5E82-4E4D-8E0B-72E06F1870C6}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Ultimate General Multiplayer.exe No File
FirewallRules: [{4F91A69A-076F-459B-A5E3-96CEDDC7B696}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Ultimate General Multiplayer.exe No File
FirewallRules: [{6361E0CC-E1A0-42DA-B5FB-FD91BFC9E5D0}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Ultimate General Gettysburg.exe No File
FirewallRules: [{0A7597A3-C6FE-44EB-B838-DFCA37E4501F}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Ultimate General Gettysburg.exe No File
FirewallRules: [{D1FED389-FBD6-449E-A8A0-B93D91F26743}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{EFA59492-5843-4237-BC50-C6261CE23B2C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{6F5F1C20-E074-40F3-9AFD-1E846FDF8C4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{136C8D52-52F3-4C24-B42C-2049E4170660}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{71CBBF23-4FB0-4DD6-93D0-E590E3198635}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EAA4EC63-FC5A-4858-97EF-15B6EC78A5F0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8A58268B-EBED-44D0-A342-702D196AEAC0}] => (Allow) C:\Users\enike\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{AD747BF7-32EF-42AF-9FA1-DFCAC310E351}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{E53428CB-04F3-4BDD-80FC-FDCE396935B3}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{90F652E0-C634-46C8-996F-C52FB59542A8}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0C242A73-B723-4037-BF0E-5CC80F76833A}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6A4D9C06-9E00-42EB-8148-1003C31F6FCA}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{90463F38-EA97-4623-8B1D-AE2C6B967315}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D8A9F047-571A-4AE2-8D3B-3C92A39A68EB}] => (Allow) D:\juegos1\World of Tanks\WoTLauncher.exe No File
FirewallRules: [{58091C24-2BB7-4E82-AEFF-6F2B329E2525}] => (Allow) D:\juegos1\World of Tanks\WoTLauncher.exe No File
FirewallRules: [{AF75D871-7094-428F-92D2-501CD4CA9FA9}] => (Allow) D:\juegos1\World of Tanks\worldoftanks.exe No File
FirewallRules: [{1B007FD7-5597-4904-857E-050794FFA1E0}] => (Allow) D:\juegos1\World of Tanks\worldoftanks.exe No File
FirewallRules: [{48D05EF4-F3E0-4800-B6C3-5BCFD510994A}] => (Allow) D:\juegos1\Steam\Steam.exe No File
FirewallRules: [{1B073A39-9A1E-4249-9070-1AFBABAFF06C}] => (Allow) D:\juegos1\Steam\Steam.exe No File
FirewallRules: [{59637954-059B-4524-8421-C669C2D760FB}] => (Allow) D:\juegos1\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{248F135A-C230-4541-A9F0-287C524A7BCD}] => (Allow) D:\juegos1\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{A79AC657-0E19-4CC8-8BB6-AAF698838994}] => (Allow) D:\juegos1\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [{8DAC412C-AB0F-4AE6-9771-00637020CC13}] => (Allow) D:\juegos1\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [{16182DFF-8B3A-4492-91FB-D734905099C0}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{9085A07E-8EB4-404B-B5D9-8067FF495094}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{62F11FF9-DF66-499C-ADB3-00BF52BEC3DD}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C7F218F8-D612-4108-B2B1-844EDB83337A}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{370BAFD9-DCE6-4206-91B4-CD054CB35D03}D:\juegos1\divinity original sin 2 multi5\bin\eocapp.exe] => (Allow) D:\juegos1\divinity original sin 2 multi5\bin\eocapp.exe No File
FirewallRules: [UDP Query User{41458C23-C29E-4416-B2C8-0EC8F580BA1A}D:\juegos1\divinity original sin 2 multi5\bin\eocapp.exe] => (Allow) D:\juegos1\divinity original sin 2 multi5\bin\eocapp.exe No File
FirewallRules: [{0A1DAED1-74FE-4D73-B152-C8074D82D882}] => (Allow) C:\Users\enike\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{71757365-66AE-48E0-BDF1-0830C72ABEAA}] => (Allow) D:\juegos1\Divinity Original Sin 2 MULTi5\bin\Divinity Original Sin 2 V3.0.180.158 Trainer +14 MrAntiFun.EXE No File
FirewallRules: [{8E65C64B-BA6A-42E2-A664-74B6ADAFB6C1}] => (Allow) D:\juegos1\Divinity Original Sin 2 MULTi5\bin\Divinity Original Sin 2 V3.0.180.158 Trainer +14 MrAntiFun.EXE No File
FirewallRules: [{B7E48F24-E8EF-4C24-A259-5BDB7BA2C595}] => (Allow) D:\juegos1\Divinity Original Sin 2 MULTi5\bin\Divinity Original Sin 2 V3.0.180.158 Trainer +14 MrAntiFun.EXE No File
FirewallRules: [{3FB642BF-19E3-40EC-9531-B333D6D210B4}] => (Allow) D:\juegos1\Divinity Original Sin 2 MULTi5\bin\Divinity Original Sin 2 V3.0.180.158 Trainer +14 MrAntiFun.EXE No File
FirewallRules: [TCP Query User{02E7F50F-A8F5-4C0E-B052-8FE4A9D5D839}D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [UDP Query User{87F43A3D-CD38-46F2-BB6E-8B5FFC889E25}D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [TCP Query User{19AE086A-F237-43E5-B165-1675FA0452B5}D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [UDP Query User{D92847B2-2D62-4856-8C22-AF3F63262249}D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [{88AFD397-76BB-4D1F-ACDA-D4A503D03472}] => (Allow) D:\juegos1\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{863AA1C6-F72C-4DA1-8970-24175838A5B9}] => (Allow) D:\juegos1\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [TCP Query User{68779D13-6848-4681-819B-A162F3D0B314}D:\juegos1\wotc dlc\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\wotc dlc\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [UDP Query User{1C4CA52B-C73F-4DA5-82A8-2C788EE05C08}D:\juegos1\wotc dlc\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\wotc dlc\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [{2952B52E-E273-44FC-97FA-30F2C5F86E92}] => (Allow) D:\juegos1\Steam\steamapps\common\Battlestations Midway Multiplayer Demo\Battlestationsmidway.exe No File
FirewallRules: [{958C2A65-17C2-4871-B787-F0CD95CDCA98}] => (Allow) D:\juegos1\Steam\steamapps\common\Battlestations Midway Multiplayer Demo\Battlestationsmidway.exe No File
FirewallRules: [{B55E2442-96C7-4D02-B656-80DBCEB5CB00}] => (Allow) D:\juegos1\Steam\steamapps\common\Battlestations Midway Multiplayer Demo\Options.exe No File
FirewallRules: [{018B1017-C983-43F0-94A5-7D9F7988F930}] => (Allow) D:\juegos1\Steam\steamapps\common\Battlestations Midway Multiplayer Demo\Options.exe No File
FirewallRules: [TCP Query User{7FD4FBD6-D71E-48BC-8403-47E6D756877C}D:\juegos1\master of orion\masteroforion.exe] => (Allow) D:\juegos1\master of orion\masteroforion.exe No File
FirewallRules: [UDP Query User{C329E490-461C-41D7-B374-4B5CEBFD6712}D:\juegos1\master of orion\masteroforion.exe] => (Allow) D:\juegos1\master of orion\masteroforion.exe No File
FirewallRules: [TCP Query User{8FE7035D-1398-4112-AE35-187540EB4EDB}D:\juegos1\battletech\master of orion gog\masteroforion.exe] => (Allow) D:\juegos1\battletech\master of orion gog\masteroforion.exe No File
FirewallRules: [UDP Query User{F3E58CD0-8345-4A2C-803F-4A06C18C6BC9}D:\juegos1\battletech\master of orion gog\masteroforion.exe] => (Allow) D:\juegos1\battletech\master of orion gog\masteroforion.exe No File
FirewallRules: [TCP Query User{3908AC39-C8BC-453C-9372-DC4CF5FB2221}D:\juegos1\master of orion\masteroforion.exe] => (Allow) D:\juegos1\master of orion\masteroforion.exe No File
FirewallRules: [UDP Query User{8F5FB092-74C9-422C-8EFE-8CEB157E0D0F}D:\juegos1\master of orion\masteroforion.exe] => (Allow) D:\juegos1\master of orion\masteroforion.exe No File
FirewallRules: [{1149D0A1-C017-4FB1-A2DC-8BA4B1DAC3A5}] => (Allow) D:\juegos1\ATOM 1.083\ATOM.RPG.v1.083\Unity Hub\Unity Hub.exe No File
FirewallRules: [TCP Query User{FD4BF708-1C10-4D9C-B0F1-15A0258CC4AC}D:\juegos1\atom 1.083\atom.rpg.v1.083\unity hub\unity hub.exe] => (Allow) D:\juegos1\atom 1.083\atom.rpg.v1.083\unity hub\unity hub.exe No File
FirewallRules: [UDP Query User{C68B001E-932C-499C-8465-7CDD73ECA335}D:\juegos1\atom 1.083\atom.rpg.v1.083\unity hub\unity hub.exe] => (Allow) D:\juegos1\atom 1.083\atom.rpg.v1.083\unity hub\unity hub.exe No File
FirewallRules: [{611293EB-CEA5-4FC0-B226-EFBC1389700C}] => (Allow) C:\Program Files\Unity\Hub\Editor\2019.1.0f2\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{94E6F224-3B71-4B76-9894-8EF0F672AF2A}] => (Block) C:\Program Files\Unity\Hub\Editor\2019.1.0f2\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [TCP Query User{EF3050CF-A26F-4DBA-ACD4-7E67A3212D84}C:\program files\unity\hub\editor\2019.1.0f2\editor\unity.exe] => (Allow) C:\program files\unity\hub\editor\2019.1.0f2\editor\unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [UDP Query User{1459A321-2B9D-4E49-979D-067C0CB58598}C:\program files\unity\hub\editor\2019.1.0f2\editor\unity.exe] => (Allow) C:\program files\unity\hub\editor\2019.1.0f2\editor\unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [TCP Query User{25DB576C-C6F7-4275-BC27-99779BC7DCE4}D:\juegos1\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\juegos1\wargaming.net\gamecenter\wgc.exe No File
FirewallRules: [UDP Query User{43E629DA-85F7-441F-A08A-A88B0AB562A3}D:\juegos1\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\juegos1\wargaming.net\gamecenter\wgc.exe No File
FirewallRules: [{DCD1998C-1A0C-432D-A4A9-2ED81903DF4E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [TCP Query User{7EB57150-FAF5-41E6-B518-938654EF92A7}H:\emulador_ppssppwindows64\ppssppwindows64.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows64.exe No File
FirewallRules: [UDP Query User{83C7504F-FBCA-453A-B189-00C537A08425}H:\emulador_ppssppwindows64\ppssppwindows64.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows64.exe No File
FirewallRules: [TCP Query User{7B4E146C-E2C7-4EEA-A52B-C043CB4BFE8A}H:\emulador_ppssppwindows64\ppssppwindows64.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows64.exe No File
FirewallRules: [UDP Query User{6AEA4D08-F60D-4DEB-865D-751A43F90F82}H:\emulador_ppssppwindows64\ppssppwindows64.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows64.exe No File
FirewallRules: [TCP Query User{FA3FF63A-1C81-44A5-AC9C-90927CC5BDBB}H:\emulador_ppssppwindows64\ppssppwindows.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows.exe No File
FirewallRules: [UDP Query User{891FC294-1896-4CEC-8ECE-C54F5DACE64C}H:\emulador_ppssppwindows64\ppssppwindows.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows.exe No File
FirewallRules: [{5DA5A1BC-B492-4AE6-9277-C9E470E6EFBF}] => (Allow) C:\Programas\Opera\62.0.3331.116\opera.exe No File
FirewallRules: [{907A05BC-43FB-49CA-B1E6-B350E6029C6A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C3074C75-0E0C-40E7-9B6B-E41B84239CA5}] => (Allow) C:\Programas\Opera\63.0.3368.71\opera.exe No File
FirewallRules: [TCP Query User{043D9164-892E-43F0-8D09-6064CD6EF473}H:\torrent\acabadas\xenonauts 2\xenonauts2.exe] => (Allow) H:\torrent\acabadas\xenonauts 2\xenonauts2.exe () [File not signed]
FirewallRules: [UDP Query User{4CD2BB39-DA2F-427D-A194-88FC7684AA39}H:\torrent\acabadas\xenonauts 2\xenonauts2.exe] => (Allow) H:\torrent\acabadas\xenonauts 2\xenonauts2.exe () [File not signed]
FirewallRules: [TCP Query User{BDDD9B38-03A5-4849-86F3-CDFBA6C50D03}H:\juegos1\phoenixpointbackerbuild\phoenixpointbackerbuild\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild\phoenixpointbackerbuild\phoenixpointwin64.exe () [File not signed]
FirewallRules: [UDP Query User{31121234-5FC2-4B8F-80AE-F9F0A577D74E}H:\juegos1\phoenixpointbackerbuild\phoenixpointbackerbuild\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild\phoenixpointbackerbuild\phoenixpointwin64.exe () [File not signed]
FirewallRules: [TCP Query User{1758818E-61E4-4A59-8D49-0A284A9088D8}H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe No File
FirewallRules: [UDP Query User{24B00BDC-084F-46C1-8BF3-4DA6623C94A3}H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe No File
FirewallRules: [TCP Query User{C8B5E8A7-E6EA-45F0-A625-D2B3B72FC0AD}H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe No File
FirewallRules: [UDP Query User{6BF208B8-763E-4CE4-A8CF-55691DC717A8}H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe No File
FirewallRules: [TCP Query User{9F3A186C-0FD1-466A-8C14-91338E033D3F}H:\torrent\acabadas\xenonauts 2\xenonauts2.exe] => (Allow) H:\torrent\acabadas\xenonauts 2\xenonauts2.exe () [File not signed]
FirewallRules: [UDP Query User{246994A2-9147-423D-B909-9BA98DE61035}H:\torrent\acabadas\xenonauts 2\xenonauts2.exe] => (Allow) H:\torrent\acabadas\xenonauts 2\xenonauts2.exe () [File not signed]
FirewallRules: [{59825BA0-71CA-4D24-9CDD-D25D03F04195}] => (Allow) D:\programas\DAEMON Tools Lite\DiscSoftBusServiceLite.exe No File
FirewallRules: [{6A52B213-7682-4AE5-BAA4-17FE5A821C5C}] => (Allow) D:\programas\DAEMON Tools Lite\DiscSoftBusServiceLite.exe No File
FirewallRules: [{650AAD21-BE83-40F8-8B0B-123EAEC33212}] => (Allow) H:\JUEGOS1\STEAM2\Steam.exe No File
FirewallRules: [{AC485DA0-CC25-416B-9513-BF04F3CC9C8A}] => (Allow) H:\JUEGOS1\STEAM2\Steam.exe No File
FirewallRules: [{43F12193-ABF9-4A0B-8F9D-2D50A0431BC7}] => (Allow) H:\JUEGOS1\STEAM2\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{47092DE9-D604-4902-BBBE-13B8A23EC52D}] => (Allow) H:\JUEGOS1\STEAM2\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{22C5D93B-695D-45C9-9C47-A0B5E68D92F5}] => (Allow) E:\OMERTA2\steamapps\common\Omerta\OmertaSteam.exe No File
FirewallRules: [{16C1BE52-15BC-4AC7-9A4C-F470A957A453}] => (Allow) E:\OMERTA2\steamapps\common\Omerta\OmertaSteam.exe No File
FirewallRules: [{E582A81F-6840-405D-999D-81B61DD450B6}] => (Allow) H:\JUEGOS1\steam3\Steam.exe No File
FirewallRules: [{EBD32684-56F0-46BE-9158-88486C50696C}] => (Allow) H:\JUEGOS1\steam3\Steam.exe No File

==================== Codecs (Whitelisted) ==================


==================== Restore Points =========================

25-09-2019 05:35:02 Operación de restauración
02-10-2019 01:03:08 Removed Bonjour

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2019 04:13:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: 3109749928.exe, versión: 1.0.0.4, marca de tiempo: 0x5d4a84c4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x04006800
Identificador del proceso con errores: 0x162c
Hora de inicio de la aplicación con errores: 0x01d579f49355938e
Ruta de acceso de la aplicación con errores: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: b8d05317-7fd1-4e2c-9e4c-7f251d311a59
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/03/2019 04:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: 3109749928.exe, versión: 1.0.0.4, marca de tiempo: 0x5d4a84c4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x04006800
Identificador del proceso con errores: 0x162c
Hora de inicio de la aplicación con errores: 0x01d579f49355938e
Ruta de acceso de la aplicación con errores: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: ca2e5c1b-1cfe-4c09-8839-f9b8466cb914
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/03/2019 04:12:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: 3109749928.exe, versión: 1.0.0.4, marca de tiempo: 0x5d4a84c4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x04006800
Identificador del proceso con errores: 0x162c
Hora de inicio de la aplicación con errores: 0x01d579f49355938e
Ruta de acceso de la aplicación con errores: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 41deb334-e798-4e74-8877-3ffef4d03efa
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/03/2019 04:12:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: 3109749928.exe, versión: 1.0.0.4, marca de tiempo: 0x5d4a84c4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x04006800
Identificador del proceso con errores: 0x162c
Hora de inicio de la aplicación con errores: 0x01d579f49355938e
Ruta de acceso de la aplicación con errores: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: c6d43d86-aeed-438e-b13e-4c772aa5f93d
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/03/2019 04:12:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: 3109749928.exe, versión: 1.0.0.4, marca de tiempo: 0x5d4a84c4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x04006800
Identificador del proceso con errores: 0x162c
Hora de inicio de la aplicación con errores: 0x01d579f49355938e
Ruta de acceso de la aplicación con errores: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: be207f88-cc40-4ae4-bf87-fe482901fc08
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/03/2019 04:12:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: 3109749928.exe, versión: 1.0.0.4, marca de tiempo: 0x5d4a84c4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x04006800
Identificador del proceso con errores: 0x162c
Hora de inicio de la aplicación con errores: 0x01d579f49355938e
Ruta de acceso de la aplicación con errores: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 7c9a61fe-7bfd-4038-a3ee-fadb8f8c2f34
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/03/2019 04:12:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: 3109749928.exe, versión: 1.0.0.4, marca de tiempo: 0x5d4a84c4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x04006800
Identificador del proceso con errores: 0x162c
Hora de inicio de la aplicación con errores: 0x01d579f49355938e
Ruta de acceso de la aplicación con errores: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 66e2c43b-457b-446d-8955-10a788a03846
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/03/2019 04:12:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: 3109749928.exe, versión: 1.0.0.4, marca de tiempo: 0x5d4a84c4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x04006800
Identificador del proceso con errores: 0x162c
Hora de inicio de la aplicación con errores: 0x01d579f49355938e
Ruta de acceso de la aplicación con errores: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: ddb2a9fe-54ba-41d2-bbf1-502c588adb5b
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:


System errors:
=============
Error: (10/03/2019 02:41:04 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-2K7O7TJC)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 y APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 al usuario LAPTOP-2K7O7TJC\enike con SID (S-1-5-21-1972068837-1164276130-3522050345-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/03/2019 02:29:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/03/2019 02:27:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/03/2019 02:27:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/03/2019 02:27:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/03/2019 02:27:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/03/2019 02:25:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/03/2019 02:25:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2019-10-03 14:29:44.011
Description: 
El acceso controlado a carpetas impidió que C:\Program Files\HP\HP Touchpoint Analytics Client\Provider Data Sources\_Shared\DiskCheck\ETD_GetSMART.exe realizara cambios en la memoria.
Tiempo de detección: 2019-10-03T12:29:44.011Z
Usuario: NT AUTHORITY\SYSTEM
Ruta de acceso: \Device\Harddisk0\DR0
Nombre del proceso: C:\Program Files\HP\HP Touchpoint Analytics Client\Provider Data Sources\_Shared\DiskCheck\ETD_GetSMART.exe
Versión de la firma: 1.303.753.0
Versión del motor: 1.1.16400.2
Versión del producto: 4.18.1909.6

Date: 2019-10-03 12:20:06.859
Description: 
El acceso controlado a carpetas impidió que C:\Windows\System32\msconfig.exe realizara cambios en la memoria.
Tiempo de detección: 2019-10-03T10:20:06.858Z
Usuario: LAPTOP-2K7O7TJC\enike
Ruta de acceso: \Device\HarddiskVolume3
Nombre del proceso: C:\Windows\System32\msconfig.exe
Versión de la firma: 1.303.753.0
Versión del motor: 1.1.16400.2
Versión del producto: 4.18.1909.6

Date: 2019-10-03 12:17:53.475
Description: 
El acceso controlado a carpetas bloqueó C:\Users\enike\AppData\Local\Temp\is-4AFJN.tmp\CheatEngine64 (4).tmp para que no pueda modificar %userprofile%\OneDrive\Documents\My Cheat Tables.
Hora de detección: 2019-10-03T10:17:53.475Z
Usuario: LAPTOP-2K7O7TJC\enike
Ruta de acceso: %userprofile%\OneDrive\Documents\My Cheat Tables
Nombre del proceso: C:\Users\enike\AppData\Local\Temp\is-4AFJN.tmp\CheatEngine64 (4).tmp
Versión de la firma: 1.303.753.0
Versión del motor: 1.1.16400.2
Versión del producto: 4.18.1909.6

Date: 2019-10-03 12:09:53.919
Description: 
El acceso controlado a carpetas bloqueó C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe para que no pueda modificar %desktopdirectory%\.
Hora de detección: 2019-10-03T10:09:53.919Z
Usuario: LAPTOP-2K7O7TJC\enike
Ruta de acceso: %desktopdirectory%\
Nombre del proceso: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Versión de la firma: 1.303.753.0
Versión del motor: 1.1.16400.2
Versión del producto: 4.18.1909.6

Date: 2019-10-03 12:03:50.497
Description: 
El acceso controlado a carpetas bloqueó C:\Users\enike\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\SteamSetup (3).exe para que no pueda modificar %common_desktop%\.
Hora de detección: 2019-10-03T10:03:50.497Z
Usuario: LAPTOP-2K7O7TJC\enike
Ruta de acceso: %common_desktop%\
Nombre del proceso: C:\Users\enike\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\SteamSetup (3).exe
Versión de la firma: 1.303.753.0
Versión del motor: 1.1.16400.2
Versión del producto: 4.18.1909.6

Date: 2019-10-03 12:52:29.357
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.303.753.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16400.2
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 

Date: 2019-10-03 12:42:27.667
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-10-03 12:31:10.736
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.303.753.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16400.2
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 

Date: 2019-10-03 12:21:09.020
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-10-03 06:35:13.430
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.303.728.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16400.2
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

CodeIntegrity:
===================================

Date: 2019-10-03 06:25:17.664
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2019-10-03 06:15:01.275
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2019-10-03 06:04:45.184
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2019-10-03 05:54:28.127
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2019-10-03 05:44:01.795
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2019-10-03 05:33:45.862
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2019-10-03 05:23:38.525
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2019-10-03 05:13:15.022
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: Insyde F.23 10/13/2016
Motherboard: HP 8260
Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 59%
Total physical RAM: 16345.78 MB
Available physical RAM: 6651.98 MB
Total Virtual: 29145.78 MB
Available Virtual: 14020.08 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:236.5 GB) (Free:78.9 GB) NTFS
Drive d: (DATA) (Fixed) (Total:919.2 GB) (Free:96.78 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:12.31 GB) (Free:0.15 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (Elements) (Fixed) (Total:2794.49 GB) (Free:2193 GB) NTFS

\\?\Volume{e7fec484-f968-441e-875b-de736c3a8e60}\ () (Fixed) (Total:1.7 GB) (Free:0.99 GB) NTFS
\\?\Volume{263c4778-2e8e-48c9-ae27-7f01dcb8c88c}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 82165C24)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: F37ECA01)

Partition: GPT.

========================================================
Disk: 2 (Size: 2794.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2019
Ran by enike (administrator) on LAPTOP-2K7O7TJC (HP OMEN by HP Laptop) (03-10-2019 16:17:18)
Running from C:\Users\enike\Desktop
Loaded Profiles: enike (Available Profiles: enike)
Platform: Windows 10 Home Version 1803 17134.950 (X64) Language: Español (España, internacional)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Hi-Rez Studios) [File not signed] D:\juegos1\Hi rez\HiPatchService.exe
(HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Software Development Products -> Intel(R) Corporation) C:\Program Files (x86)\Common Files\Intel\RSDCM_SR300\bin\win32\RealSenseDCMSR300.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Keee SOFT) [File not signed] C:\ProgramData\WIFIService\WIFIService.exe
(Lavasoft Software Canada -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msconfig.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [Chromium] => c:\users\enike\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed]
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [Wargaming.net Game Center] => "D:\juegos1\Wargaming.net\GameCenter\wgc.exe" --background ''
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [Steam] => "H:\JUEGOS1\steam3\steam.exe" -silent
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7704168 2017-12-25] (Lavasoft Software Canada -> Lavasoft)
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [GoogleChromeAutoLaunch_F20F710A8B8C4569C38BB42E17F992F5] => C:\Users\enike\AppData\Local\chromium\Application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed]
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [GalaxyClient] => D:\GOG Galaxy\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [DAEMON Tools Lite Automount] => "D:\programas\DAEMON Tools Lite\DTAgent.exe" -autorun
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [SysHelper] => C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe [1204736 2019-10-03] () [File not signed]
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\MountPoints2: {730157da-4602-11e9-b94d-d0577b73a928} - "K:\autorun.exe" 
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\MountPoints2: {f2025a90-4a7f-11e8-b922-d0577b73a928} - "G:\setup.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Audio Switch.lnk [2016-08-01]
ShortcutTarget: HP Audio Switch.lnk -> C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitchLC.vbs () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealSense Training.lnk [2016-12-25]
ShortcutTarget: RealSense Training.lnk -> C:\Program Files (x86)\Intel\Intel RealSense Training F200\Intel RealSense F200 Tray\Intel RealSense F200 Tray.exe (Intel(R) Software Development Products -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-08-24]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
Startup: C:\Users\enike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-01-08]
ShortcutTarget: MEGAsync.lnk -> C:\Users\enike\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C96341-8DF1-43E9-B079-F9B7F675A8FE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {07B403A6-E893-4994-9332-97F1598AC726} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {0884B878-9C79-4FE1-88D2-88C52D16A069} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [249720 2019-08-19] (HP Inc. -> HP Inc.)
Task: {0DE46EF2-D8BE-4430-A11D-0BFAB8FB56B9} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1356008 2016-01-21] (Hewlett-Packard Company -> HP Development Company, L.P.)
Task: {19AE6118-8066-4ACD-8432-0327F7015F23} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {19F82E8E-D394-4DFC-B3F9-9729C37A426C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-23] (Dropbox, Inc -> Dropbox, Inc.)
Task: {22B25E37-9DF8-4126-9C86-3CFC4CB7147A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2329952B-2482-4393-8349-823C0BA1D439} - System32\Tasks\HPCeeScheduleForenike => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99392 2016-05-12] (Hewlett-Packard Company -> HP Development Company, L.P.)
Task: {33E7EB40-C441-4DE6-9D28-93C1A82F7996} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {357038A2-1453-4132-9768-FBC888B7B4D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [143736 2019-09-12] (HP Inc. -> HP Inc.)
Task: {3E8FC64C-6457-4F0D-9DB0-90CE252C0762} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3298088 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5D7B3B69-900F-4B8E-B1BB-E0BF5C5E9CCD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
Task: {60E4ED05-0A8C-47A3-ACAB-B4E2A28F8097} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [982824 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {67203C18-32C0-4C46-97B7-07FFAF32146D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {70DB636B-2B16-4290-A166-E2D551022356} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [655144 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7E772095-46FA-4D4B-B1EC-AF9855A33524} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1972068837-1164276130-3522050345-1001 => C:\Users\enike\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-02-19] (Mega Limited -> Mega Limited)
Task: {7FECC4E1-E721-4C51-9F46-C2D2B1B6D6E3} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [935208 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {86E390DD-8019-44E7-9ED4-FB0B04D3582F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [857384 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {87626427-1643-4516-81F7-14789CFA7CDB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {92F74D71-32B3-46EC-87FF-3C843B8D624C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {982E95F6-E598-4BBE-B073-BE5F24C2C6B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-08-21] (HP Inc. -> HP Inc.)
Task: {9CCFC51B-F534-47A3-9AA9-B6B73EB10FC8} - System32\Tasks\Opera scheduled Autoupdate 1503518456 => C:\Programas\Opera\launcher.exe
Task: {AA1C2DBD-433B-4AA5-A7DC-E7A41E0A3459} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [935208 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ACB53B67-423A-4753-A1D5-B32620AA2EAF} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-23] (HP Inc. -> )
Task: {ADB56A7C-96FB-4DFB-898B-08ECC2942376} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {BFD64764-E38C-400D-B3DC-F7480FE7D9CD} - System32\Tasks\Time Trigger Task => C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe [1204736 2019-10-03] () [File not signed]
Task: {C30F6DFF-C209-4733-B69F-B4E3028AFE7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {CA2F52E3-19EE-4DB7-90CF-3FE7A5806118} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {CD19E664-28BA-443D-91A5-19256CDAE667} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF4E6FD5-E991-41EA-9372-F9CBCAF91D56} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [935208 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D1AE8DD5-4E44-48EE-8E69-7BE708B09AE6} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc -> )
Task: {D265172A-8618-49F8-A635-7F1731F7E132} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {D577C9BB-B7A6-412B-A619-766308A5E247} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E22D2AE0-A663-4F59-8D73-4CB7BF318073} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {E7A3E289-A92E-4EA4-8C9B-419F21748E8D} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1285328 2015-06-05] (Intel(R) Software -> Intel Corporation)
Task: {E9495FD4-9855-4DC6-98AC-424A9F7A392B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {EB63F379-E91D-4F2E-95B9-1930E17EABF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-08-21] (HP Inc. -> HP Inc.)
Task: {EC7A87EA-8E44-4890-9A31-B3A283E9AE52} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {EDB617D4-0F9E-4D0A-936D-FAB303F224A3} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [935208 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F58AE588-BFF6-41B3-AF5F-0043C790F223} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-07-28] (HP Inc. -> )
Task: {F6B75AC4-0676-4D52-AE04-CAA8879E3232} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [857384 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FEE3F398-97F7-436C-AF85-94E02CD43C97} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-23] (Dropbox, Inc -> Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForenike.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 87.216.1.65 87.216.1.66
Tcpip\..\Interfaces\{874cbc17-cbf6-407b-af5a-253645796b77}: [DhcpNameServer] 87.216.1.65 87.216.1.66
Tcpip\..\Interfaces\{a5af10f8-7dc2-4616-a49a-ba27384ad5f2}: [DhcpNameServer] 87.216.1.65 87.216.1.66

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-07-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-04] (Microsoft Corporation -> Microsoft Corporation)

Edge: 
======
DownloadDir: D:\explorerdescargas

FireFox:
========
FF DefaultProfile: 9pz9zpkd.default
FF ProfilePath: C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default [2019-10-03]
FF DownloadDir: H:\firefoxdescargas
FF Homepage: Mozilla\Firefox\Profiles\9pz9zpkd.default -> hxxp://www.google.es/
FF Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2019-09-04]
FF Extension: (OneTab) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2018-08-07]
FF Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2019-09-20]
FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2019-10-02]
FF Extension: (Suspend Tab) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2017-08-23] [Legacy]
FF Extension: (Tab Session Manager) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2019-09-20]
FF Extension: (Google Translator for Firefox) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2018-12-09]
FF Extension: (Avast Online Security) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2019-10-02]
FF Extension: (Administrador de sesiones) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-08-23] [Legacy]
FF Extension: (Mozilla Official) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\{14553439-2741-4e9d-b474-784f336f58c9} [2019-09-25] [not signed]
FF Extension: (NoScript) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-09-04]
FF Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-09-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-29] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-29] (Adobe Systems Incorporated -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> D:\programas\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [hcjdanpjacpeeppdjkppebobilhaglfo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lecopdllcadfbliodgfpfbhgoaohmlfe] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR DownloadDir: H:\OPERADESCARGAS2
OPR Extension: (Tab Suspender (memory saver)) - C:\Users\enike\AppData\Roaming\Opera Software\Opera Stable\Extensions\addjmbadpahepkjjlmfjoeinlcbfcbhd [2019-03-17]
OPR Extension: (AdBlock) - C:\Users\enike\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2017-08-23]
StartMenuInternet: (HKLM) OperaStable - C:\Programas\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11568144 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-23] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-23] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-07-14] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2017-08-24] (Intel Corporation - pGFX -> Intel Corporation)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7170632 2019-09-20] (GOG Sp. z o.o. -> GOG.com)
U2 HiPatchService; D:\juegos1\Hi rez\HiPatchService.exe [9728 2017-07-11] (Hi-Rez Studios) [File not signed]
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [358264 2019-08-07] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-23] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc. -> HP Inc.)
R2 ibtsiva; C:\WINDOWS\System32\ibtsiva.exe [529912 2018-12-21] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [758552 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [719640 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RealSenseDCMSR300; C:\Program Files (x86)\Common Files\Intel\RSDCM_SR300\bin\win32\RealSenseDCMSR300.exe [3898096 2016-09-22] (Intel(R) Software Development Products -> Intel(R) Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [360872 2018-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [187904 2017-09-28] (Microsoft Corporation) [File not signed]
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2017-12-25] (Lavasoft Software Canada -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WIFIService; C:\ProgramData\WIFIService\WIFIService.exe [1257472 2019-10-03] (Keee SOFT) [File not signed] <==== ATTENTION
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
S2 0315221537364018mcinstcleanup; C:\WINDOWS\TEMP\031522~1.EXE -cleanup -nolog [X]
S3 Disc Soft Lite Bus Service; "D:\programas\DAEMON Tools Lite\DiscSoftBusServiceLite.exe" [X]
S3 GalaxyClientService; "D:\GOG Galaxy\GOG Galaxy\GalaxyClientService.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

Me repetiste parte del Addition,txtx, pero falta parte del frst.txt, a partir de “one month created”

hola los repito de nuevo pq no encuentro ese “one month created”

FRST1
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2019
Ran by enike (administrator) on LAPTOP-2K7O7TJC (HP OMEN by HP Laptop) (03-10-2019 16:17:18)
Running from C:\Users\enike\Desktop
Loaded Profiles: enike (Available Profiles: enike)
Platform: Windows 10 Home Version 1803 17134.950 (X64) Language: Español (España, internacional)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Hi-Rez Studios) [File not signed] D:\juegos1\Hi rez\HiPatchService.exe
(HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Software Development Products -> Intel(R) Corporation) C:\Program Files (x86)\Common Files\Intel\RSDCM_SR300\bin\win32\RealSenseDCMSR300.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Keee SOFT) [File not signed] C:\ProgramData\WIFIService\WIFIService.exe
(Lavasoft Software Canada -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msconfig.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [Chromium] => c:\users\enike\appdata\local\chromium\application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed]
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [Wargaming.net Game Center] => "D:\juegos1\Wargaming.net\GameCenter\wgc.exe" --background ''
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [Steam] => "H:\JUEGOS1\steam3\steam.exe" -silent
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7704168 2017-12-25] (Lavasoft Software Canada -> Lavasoft)
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [GoogleChromeAutoLaunch_F20F710A8B8C4569C38BB42E17F992F5] => C:\Users\enike\AppData\Local\chromium\Application\chrome.exe [828416 2017-01-21] (The Chromium Authors) [File not signed]
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [GalaxyClient] => D:\GOG Galaxy\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [DAEMON Tools Lite Automount] => "D:\programas\DAEMON Tools Lite\DTAgent.exe" -autorun
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Run: [SysHelper] => C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe [1204736 2019-10-03] () [File not signed]
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\MountPoints2: {730157da-4602-11e9-b94d-d0577b73a928} - "K:\autorun.exe" 
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\MountPoints2: {f2025a90-4a7f-11e8-b922-d0577b73a928} - "G:\setup.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Audio Switch.lnk [2016-08-01]
ShortcutTarget: HP Audio Switch.lnk -> C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitchLC.vbs () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealSense Training.lnk [2016-12-25]
ShortcutTarget: RealSense Training.lnk -> C:\Program Files (x86)\Intel\Intel RealSense Training F200\Intel RealSense F200 Tray\Intel RealSense F200 Tray.exe (Intel(R) Software Development Products -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-08-24]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
Startup: C:\Users\enike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-01-08]
ShortcutTarget: MEGAsync.lnk -> C:\Users\enike\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C96341-8DF1-43E9-B079-F9B7F675A8FE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {07B403A6-E893-4994-9332-97F1598AC726} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {0884B878-9C79-4FE1-88D2-88C52D16A069} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [249720 2019-08-19] (HP Inc. -> HP Inc.)
Task: {0DE46EF2-D8BE-4430-A11D-0BFAB8FB56B9} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1356008 2016-01-21] (Hewlett-Packard Company -> HP Development Company, L.P.)
Task: {19AE6118-8066-4ACD-8432-0327F7015F23} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {19F82E8E-D394-4DFC-B3F9-9729C37A426C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-23] (Dropbox, Inc -> Dropbox, Inc.)
Task: {22B25E37-9DF8-4126-9C86-3CFC4CB7147A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2329952B-2482-4393-8349-823C0BA1D439} - System32\Tasks\HPCeeScheduleForenike => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99392 2016-05-12] (Hewlett-Packard Company -> HP Development Company, L.P.)
Task: {33E7EB40-C441-4DE6-9D28-93C1A82F7996} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {357038A2-1453-4132-9768-FBC888B7B4D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [143736 2019-09-12] (HP Inc. -> HP Inc.)
Task: {3E8FC64C-6457-4F0D-9DB0-90CE252C0762} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3298088 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5D7B3B69-900F-4B8E-B1BB-E0BF5C5E9CCD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
Task: {60E4ED05-0A8C-47A3-ACAB-B4E2A28F8097} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [982824 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {67203C18-32C0-4C46-97B7-07FFAF32146D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {70DB636B-2B16-4290-A166-E2D551022356} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [655144 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7E772095-46FA-4D4B-B1EC-AF9855A33524} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1972068837-1164276130-3522050345-1001 => C:\Users\enike\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-02-19] (Mega Limited -> Mega Limited)
Task: {7FECC4E1-E721-4C51-9F46-C2D2B1B6D6E3} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [935208 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {86E390DD-8019-44E7-9ED4-FB0B04D3582F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [857384 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {87626427-1643-4516-81F7-14789CFA7CDB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {92F74D71-32B3-46EC-87FF-3C843B8D624C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {982E95F6-E598-4BBE-B073-BE5F24C2C6B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-08-21] (HP Inc. -> HP Inc.)
Task: {9CCFC51B-F534-47A3-9AA9-B6B73EB10FC8} - System32\Tasks\Opera scheduled Autoupdate 1503518456 => C:\Programas\Opera\launcher.exe
Task: {AA1C2DBD-433B-4AA5-A7DC-E7A41E0A3459} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [935208 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {ACB53B67-423A-4753-A1D5-B32620AA2EAF} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-23] (HP Inc. -> )
Task: {ADB56A7C-96FB-4DFB-898B-08ECC2942376} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {BFD64764-E38C-400D-B3DC-F7480FE7D9CD} - System32\Tasks\Time Trigger Task => C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe [1204736 2019-10-03] () [File not signed]
Task: {C30F6DFF-C209-4733-B69F-B4E3028AFE7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {CA2F52E3-19EE-4DB7-90CF-3FE7A5806118} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {CD19E664-28BA-443D-91A5-19256CDAE667} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF4E6FD5-E991-41EA-9372-F9CBCAF91D56} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [935208 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D1AE8DD5-4E44-48EE-8E69-7BE708B09AE6} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc -> )
Task: {D265172A-8618-49F8-A635-7F1731F7E132} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {D577C9BB-B7A6-412B-A619-766308A5E247} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E22D2AE0-A663-4F59-8D73-4CB7BF318073} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {E7A3E289-A92E-4EA4-8C9B-419F21748E8D} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1285328 2015-06-05] (Intel(R) Software -> Intel Corporation)
Task: {E9495FD4-9855-4DC6-98AC-424A9F7A392B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {EB63F379-E91D-4F2E-95B9-1930E17EABF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-08-21] (HP Inc. -> HP Inc.)
Task: {EC7A87EA-8E44-4890-9A31-B3A283E9AE52} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {EDB617D4-0F9E-4D0A-936D-FAB303F224A3} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [935208 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F58AE588-BFF6-41B3-AF5F-0043C790F223} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-07-28] (HP Inc. -> )
Task: {F6B75AC4-0676-4D52-AE04-CAA8879E3232} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [857384 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FEE3F398-97F7-436C-AF85-94E02CD43C97} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-23] (Dropbox, Inc -> Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForenike.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 87.216.1.65 87.216.1.66
Tcpip\..\Interfaces\{874cbc17-cbf6-407b-af5a-253645796b77}: [DhcpNameServer] 87.216.1.65 87.216.1.66
Tcpip\..\Interfaces\{a5af10f8-7dc2-4616-a49a-ba27384ad5f2}: [DhcpNameServer] 87.216.1.65 87.216.1.66

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-07-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-04] (Microsoft Corporation -> Microsoft Corporation)

Edge: 
======
DownloadDir: D:\explorerdescargas

FireFox:
========
FF DefaultProfile: 9pz9zpkd.default
FF ProfilePath: C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default [2019-10-03]
FF DownloadDir: H:\firefoxdescargas
FF Homepage: Mozilla\Firefox\Profiles\9pz9zpkd.default -> hxxp://www.google.es/
FF Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2019-09-04]
FF Extension: (OneTab) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2018-08-07]
FF Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2019-09-20]
FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2019-10-02]
FF Extension: (Suspend Tab) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2017-08-23] [Legacy]
FF Extension: (Tab Session Manager) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2019-09-20]
FF Extension: (Google Translator for Firefox) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2018-12-09]
FF Extension: (Avast Online Security) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\[email protected] [2019-10-02]
FF Extension: (Administrador de sesiones) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-08-23] [Legacy]
FF Extension: (Mozilla Official) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\{14553439-2741-4e9d-b474-784f336f58c9} [2019-09-25] [not signed]
FF Extension: (NoScript) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-09-04]
FF Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\enike\AppData\Roaming\Mozilla\Firefox\Profiles\9pz9zpkd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-09-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-29] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-29] (Adobe Systems Incorporated -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> D:\programas\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [hcjdanpjacpeeppdjkppebobilhaglfo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lecopdllcadfbliodgfpfbhgoaohmlfe] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR DownloadDir: H:\OPERADESCARGAS2
OPR Extension: (Tab Suspender (memory saver)) - C:\Users\enike\AppData\Roaming\Opera Software\Opera Stable\Extensions\addjmbadpahepkjjlmfjoeinlcbfcbhd [2019-03-17]
OPR Extension: (AdBlock) - C:\Users\enike\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2017-08-23]
StartMenuInternet: (HKLM) OperaStable - C:\Programas\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11568144 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-23] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-23] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-07-14] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2017-08-24] (Intel Corporation - pGFX -> Intel Corporation)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7170632 2019-09-20] (GOG Sp. z o.o. -> GOG.com)
U2 HiPatchService; D:\juegos1\Hi rez\HiPatchService.exe [9728 2017-07-11] (Hi-Rez Studios) [File not signed]
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [358264 2019-08-07] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-23] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc. -> HP Inc.)
R2 ibtsiva; C:\WINDOWS\System32\ibtsiva.exe [529912 2018-12-21] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [758552 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [719640 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764712 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RealSenseDCMSR300; C:\Program Files (x86)\Common Files\Intel\RSDCM_SR300\bin\win32\RealSenseDCMSR300.exe [3898096 2016-09-22] (Intel(R) Software Development Products -> Intel(R) Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [360872 2018-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [187904 2017-09-28] (Microsoft Corporation) [File not signed]
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2017-12-25] (Lavasoft Software Canada -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WIFIService; C:\ProgramData\WIFIService\WIFIService.exe [1257472 2019-10-03] (Keee SOFT) [File not signed] <==== ATTENTION
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
S2 0315221537364018mcinstcleanup; C:\WINDOWS\TEMP\031522~1.EXE -cleanup -nolog [X]
S3 Disc Soft Lite Bus Service; "D:\programas\DAEMON Tools Lite\DiscSoftBusServiceLite.exe" [X]
S3 GalaxyClientService; "D:\GOG Galaxy\GOG Galaxy\GalaxyClientService.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [53904 2019-07-22] (HP Inc. -> HP)
R3 DCMCamera; C:\WINDOWS\system32\DRIVERS\RealSenseDcmDynamicDriver.sys [72280 2016-09-22] (Intel(R) Software Development Products -> Intel(R) Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2017-08-24] (Intel Corporation -> Intel Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-10-02] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-10-02] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2017-08-24] (Intel Corporation -> Intel Corporation)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [41104 2019-07-22] (HP Inc. -> HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 IntelDFUACPI; C:\WINDOWS\System32\drivers\IntelDFUACPI.sys [37888 2015-12-01] (Intel(R) Software Development Products -> Intel(R) Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8723648 2018-10-12] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_35284c26eeac82cf\nvlddmkm.sys [17200392 2018-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
R0 nvpciflt; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_35284c26eeac82cf\nvpciflt.sys [48040 2018-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31016 2018-05-20] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [68112 2018-06-24] (NVIDIA Corporation -> NVIDIA Corporation)
R3 RealSenseDCMBus; C:\WINDOWS\System32\drivers\RealSenseDCMBus.sys [36952 2016-09-22] (Intel(R) Software Development Products -> Intel(R) Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-03-21] (Realtek Semiconductor Corp -> Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [777944 2016-03-21] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [60008 2016-07-27] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55400 2018-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [41104 2016-10-18] (SteelSeries ApS -> SteelSeries ApS)
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [51400 2016-05-27] (SteelSeries ApS -> SteelSeries ApS)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46688 2019-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [350136 2019-10-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-03] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2019-08-06] (HP Inc. -> HP)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2019-09-25] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-09-25] (Zemana Ltd. -> Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-03 16:17 - 2019-10-03 16:18 - 000045716 _____ C:\Users\enike\Desktop\FRST.txt
2019-10-03 16:16 - 2019-10-03 16:16 - 001615360 _____ (Farbar) C:\Users\enike\Desktop\FRST64.exe
2019-10-03 16:08 - 2019-10-03 16:08 - 000005154 _____ C:\Users\enike\Desktop\fixlist.txt
2019-10-03 16:00 - 2019-10-03 16:02 - 000000247 _____ C:\Users\enike\Desktop\DelFix1.txt
2019-10-03 15:59 - 2019-10-03 15:59 - 000000247 _____ C:\DelFix.txt
2019-10-03 15:59 - 2019-10-03 15:59 - 000000000 ____D C:\WINDOWS\ERUNT
2019-10-03 15:58 - 2019-10-03 16:06 - 000798094 _____ C:\Users\enike\Desktop\delfix.exe.kuub
2019-10-03 15:30 - 2019-10-03 16:06 - 000075885 _____ C:\Users\enike\Desktop\Addition.txt.kuub
2019-10-03 15:29 - 2019-10-03 16:06 - 000111075 _____ C:\Users\enike\Desktop\FRST.txt.kuub
2019-10-03 15:27 - 2019-10-03 16:06 - 001615694 _____ C:\Users\enike\Desktop\FRST64.exe.kuub
2019-10-03 14:28 - 2019-10-03 14:28 - 001388448 _____ C:\Users\Public\ASR.dat
2019-10-03 13:41 - 2019-10-03 13:41 - 000000193 _____ C:\WINDOWS\WORDPAD.INI
2019-10-03 12:17 - 2019-10-03 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2019-10-03 11:13 - 2019-10-03 16:17 - 000139471 _____ C:\WINDOWS\ZAM.krnl.trace
2019-10-03 11:13 - 2019-10-03 16:17 - 000104723 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-10-03 02:03 - 2019-10-03 02:03 - 000000000 ____D C:\Users\enike\AppData\LocalLow\ARoberti
2019-10-03 01:58 - 2019-10-03 02:01 - 000000000 ____D C:\Users\enike\AppData\LocalLow\uTorrent
2019-10-03 01:52 - 2019-10-03 14:23 - 000000000 ____D C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7
2019-10-03 01:52 - 2019-10-03 01:53 - 000000000 ____D C:\Users\enike\AppData\Local\f1aba65a-55c1-427d-a2d3-e1d320e79872
2019-10-03 01:52 - 2019-10-03 01:53 - 000000000 ____D C:\ProgramData\5E3WH5UQ9WUV9U4ZOG08E968N
2019-10-03 01:52 - 2019-10-03 01:52 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-10-03 01:52 - 2019-10-03 01:52 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-10-03 01:52 - 2019-10-03 01:52 - 000003770 _____ C:\WINDOWS\system32\Tasks\Time Trigger Task
2019-10-03 01:51 - 2019-10-03 01:51 - 000000000 ____D C:\ProgramData\WIFIService
2019-10-03 01:51 - 2019-10-03 01:51 - 000000000 ____D C:\ProgramData\Garbage Cleaner
2019-10-03 01:49 - 2019-10-03 06:26 - 003702881 _____ C:\Users\enike\Downloads\a-legionarys-life-darkzer0_85d2ef53.zip.kuub
2019-10-02 23:18 - 2019-10-02 23:18 - 000000000 ____D C:\Users\enike\AppData\LocalLow\Finji
2019-10-02 23:14 - 2019-10-02 23:14 - 000000932 _____ C:\Users\Public\Desktop\Overland.lnk
2019-10-02 23:14 - 2019-10-02 23:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overland [GOG.com]
2019-10-02 22:25 - 2019-10-02 22:25 - 000000000 ____D C:\Users\enike\AppData\Roaming\Omerta
2019-10-02 22:22 - 2019-10-03 16:06 - 000000545 _____ C:\Users\enike\Desktop\Omerta - City of Gangsters.url.kuub
2019-10-02 01:43 - 2019-10-02 01:43 - 000000898 _____ C:\Users\enike\Desktop\ATOM RPG.lnk
2019-10-02 01:43 - 2019-10-02 01:43 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2019-10-02 01:43 - 2019-10-02 01:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2019-10-02 01:13 - 2019-10-03 11:41 - 000000000 ____D C:\Program Files (x86)\bookingDesktopApp
2019-10-02 01:12 - 2019-10-02 01:12 - 000059360 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2019-10-02 01:12 - 2019-10-02 01:12 - 000042256 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2019-10-02 01:12 - 2019-10-02 01:12 - 000000706 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2019-10-02 01:12 - 2019-10-02 01:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\DAEMON Tools Lite
2019-10-02 00:22 - 2019-10-02 23:11 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2019-10-02 00:22 - 2019-10-02 00:22 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-10-02 00:21 - 2019-10-03 11:13 - 000000000 ____D C:\ProgramData\AVAST Software
2019-09-28 11:51 - 2019-09-28 11:51 - 000000000 ____D C:\Users\enike\AppData\Local\OneDrive
2019-09-28 11:51 - 2019-09-28 11:51 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2019-09-28 11:41 - 2019-10-03 16:17 - 000000000 ____D C:\FRST
2019-09-28 11:37 - 2019-10-03 02:02 - 000000000 ___HD C:\OneDriveTemp
2019-09-25 21:00 - 2019-10-03 16:06 - 000278193 _____ C:\Users\enike\OneDrive\Documents\ransomwarenasa1.png.kuub
2019-09-25 09:32 - 2019-09-25 09:32 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2019-09-25 09:32 - 2019-09-25 09:32 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2019-09-25 09:32 - 2019-09-25 09:32 - 000000000 ____D C:\Users\enike\AppData\Local\Zemana
2019-09-25 09:14 - 2019-09-25 09:14 - 000000000 ____D C:\Users\enike\AppData\Local\mbam
2019-09-25 09:13 - 2019-09-25 09:13 - 000000000 ____D C:\Users\enike\AppData\Local\mbamtray
2019-09-25 07:17 - 2019-10-03 16:06 - 000000601 _____ C:\Users\enike\OneDrive\Documents\RTHDVCPL.rtf.kuub
2019-09-25 07:17 - 2019-10-03 16:06 - 000000601 _____ C:\Users\enike\Desktop\RTHDVCPL.rtf.kuub
2019-09-25 06:19 - 2019-09-25 06:19 - 000000000 ____D C:\WINDOWS\pss
2019-09-25 05:02 - 2019-10-03 15:08 - 000000004 _____ C:\ProgramData\lock.dat
2019-09-25 05:02 - 2019-10-03 14:28 - 000000024 _____ C:\ProgramData\irw.atsd
2019-09-25 05:02 - 2019-09-25 05:02 - 000000008 _____ C:\ProgramData\ts.dat
2019-09-25 04:49 - 2019-09-25 04:49 - 000000000 ____D C:\Users\enike\AppData\LocalLow\Unknown Vendor
2019-09-25 03:53 - 2019-09-25 03:53 - 000001113 _____ C:\Users\enike\_readme.txt
2019-09-25 03:53 - 2019-09-25 03:53 - 000001113 _____ C:\Program Files\_readme.txt
2019-09-25 03:53 - 2019-09-25 03:53 - 000001113 _____ C:\_readme.txt
2019-09-25 03:52 - 2019-09-25 03:52 - 000000000 ____D C:\Users\enike\AppData\Local\Google
2019-09-25 03:43 - 2019-09-25 03:43 - 000000000 ____D C:\ProgramData\7FK4NT5PQSLFT6M7BRT0VVZDU
2019-09-25 03:42 - 2019-09-25 03:43 - 000000000 ____D C:\Users\enike\AppData\Local\5fab4e27-31da-4cad-a5a4-5466971cbde8
2019-09-25 03:42 - 2019-09-25 03:42 - 000000000 ____D C:\Users\enike\AppData\Roaming\InstallPack
2019-09-25 03:42 - 2019-09-25 03:42 - 000000000 ____D C:\SystemID
2019-09-25 03:41 - 2019-10-03 16:06 - 000134192 _____ C:\Users\enike\OneDrive\Documents\phoenix-point-v0_5_48354.torrent.kuub
2019-09-25 03:41 - 2019-09-25 05:47 - 000000000 ____D C:\Users\enike\AppData\Roaming\view
2019-09-20 20:26 - 2019-09-20 20:26 - 000000000 ____D C:\Users\enike\AppData\LocalLow\Snapshot Games Inc
2019-09-20 02:50 - 2019-09-20 02:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-09-13 06:37 - 2019-03-28 11:11 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2019-09-13 06:37 - 2019-03-28 11:11 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2019-09-13 06:37 - 2019-03-28 11:09 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2019-09-13 06:37 - 2019-03-28 11:09 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2019-09-13 06:37 - 2019-03-28 08:35 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll
2019-09-13 06:37 - 2019-03-28 08:35 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll
2019-09-13 06:37 - 2019-03-28 08:35 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll
2019-09-13 06:37 - 2019-03-28 08:35 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll
2019-09-13 06:37 - 2019-03-28 08:35 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll
2019-09-13 06:37 - 2019-03-28 08:35 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll
2019-09-05 21:09 - 2019-09-14 04:31 - 000000000 ____D C:\Users\enike\AppData\Roaming\WeMod
2019-09-05 21:09 - 2019-09-05 21:09 - 000002164 _____ C:\Users\enike\Desktop\WeMod.lnk
2019-09-05 21:09 - 2019-09-05 21:09 - 000000000 ____D C:\Users\enike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod
2019-09-05 21:09 - 2019-09-05 21:09 - 000000000 ____D C:\Users\enike\AppData\Local\WeMod
2019-09-05 21:09 - 2019-09-05 21:09 - 000000000 ____D C:\Users\enike\AppData\Local\SquirrelTemp
2019-09-05 14:48 - 2019-09-05 14:48 - 000001185 _____ C:\Users\enike\Desktop\Mutant Year Zero Road to Eden Seed of Evil.lnk
2019-09-05 14:48 - 2019-09-05 14:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mutant Year Zero Road to Eden Seed of Evil
2019-09-04 10:00 - 2019-09-04 10:00 - 000000000 ____D C:\Users\enike\AppData\Local\CrashReportClient
2019-09-04 08:34 - 2019-09-04 08:34 - 000000000 ____D C:\Users\enike\AppData\Roaming\CPY_SAVES
2019-09-04 08:34 - 2019-09-04 08:34 - 000000000 ____D C:\Users\enike\AppData\Local\ZoneUE4
2019-09-04 08:34 - 2019-09-04 08:34 - 000000000 ____D C:\Users\enike\AppData\Local\UnrealEngine
2019-09-04 08:27 - 2019-09-04 08:27 - 000001698 _____ C:\Users\Public\Desktop\Mutant Year Zero Road to Eden.lnk
2019-09-04 08:27 - 2019-09-04 08:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mutant Year Zero Road to Eden

FRST2

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-03 16:13 - 2018-07-09 02:39 - 000000000 ____D C:\Users\enike\AppData\Local\CrashDumps
2019-10-03 16:06 - 2019-04-30 13:23 - 000000000 ____D C:\Users\enike\OneDrive\Documents\Jagged Alliance Rage
2019-10-03 16:06 - 2019-03-28 12:24 - 000000694 _____ C:\Users\enike\OneDrive\Documents\■■■■ virus.rtf.kuub
2019-10-03 16:06 - 2019-02-01 13:03 - 000000469 _____ C:\Users\enike\Desktop\Battlestations Midway Multiplayer Demo.url.kuub
2019-10-03 16:06 - 2018-10-15 11:46 - 000000000 ____D C:\Users\enike\OneDrive\Documents\Nexus Mod Manager
2019-10-03 16:06 - 2018-10-07 01:01 - 000001202 _____ C:\Users\enike\OneDrive\Documents\soldiers.txt.kuub
2019-10-03 16:06 - 2018-07-08 03:10 - 000000000 ____D C:\Users\enike\OneDrive\Documents\Imperium
2019-10-03 16:06 - 2018-06-19 08:31 - 000000560 _____ C:\Users\enike\Desktop\battletech Battletech Enhanced - More Gear More Options Mharius 13,789 160.URL.kuub
2019-10-03 16:06 - 2018-05-05 02:59 - 000000544 _____ C:\Users\enike\Desktop\Ultimate General Gettysburg.url.kuub
2019-10-03 16:06 - 2018-04-30 19:33 - 000000000 ____D C:\Users\enike\OneDrive\Documents\FLiNGTrainer
2019-10-03 16:06 - 2017-08-31 20:35 - 000000541 _____ C:\Users\enike\Desktop\Counter-Strike Global Offensive.url.kuub
2019-10-03 16:06 - 2017-08-23 19:58 - 000000000 ____D C:\Users\enike\AppData\Local\VirtualStore
2019-10-03 15:25 - 2018-09-16 04:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-10-03 14:34 - 2018-09-16 04:31 - 001924202 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-10-03 14:34 - 2018-04-12 18:18 - 000829430 _____ C:\WINDOWS\system32\perfh00A.dat
2019-10-03 14:34 - 2018-04-12 18:18 - 000174964 _____ C:\WINDOWS\system32\perfc00A.dat
2019-10-03 14:34 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-10-03 14:32 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-03 14:31 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-10-03 14:29 - 2017-08-23 21:09 - 000000000 ____D C:\ProgramData\NVIDIA
2019-10-03 14:27 - 2018-09-16 04:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-10-03 14:26 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-10-03 14:07 - 2018-07-08 22:17 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-10-03 13:37 - 2019-05-16 04:31 - 000000000 ____D C:\WINDOWS\Panther
2019-10-03 12:31 - 2018-02-16 02:34 - 000000000 ____D C:\Users\enike\AppData\Local\ElevatedDiagnostics
2019-10-03 11:24 - 2018-09-16 04:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-10-03 11:14 - 2018-09-16 04:28 - 000000000 ____D C:\Users\enike
2019-10-03 11:14 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-10-03 11:13 - 2019-06-20 16:22 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForenike.job
2019-10-03 11:13 - 2016-08-01 02:53 - 000001032 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-10-03 11:13 - 2016-08-01 02:53 - 000001028 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-10-03 06:26 - 2019-03-28 14:22 - 000000000 ____D C:\Users\enike\AppData\LocalLow\AtomTeam
2019-10-03 06:26 - 2018-07-08 23:08 - 000000000 ____D C:\Users\enike\.oracle_jre_usage
2019-10-03 06:26 - 2018-07-08 08:15 - 966787406 _____ C:\Users\enike\Downloads\bttletch103g.part1.rar.kuub
2019-10-03 06:26 - 2017-08-23 20:00 - 000000000 ___RD C:\Users\enike\OneDrive
2019-10-03 06:26 - 2016-07-20 02:09 - 000000000 ___HD C:\SYSTEM.SAV
2019-10-03 02:01 - 2017-08-23 22:52 - 000000000 ____D C:\Users\enike\AppData\Roaming\uTorrent
2019-10-03 01:58 - 2019-03-28 12:07 - 000000000 ____D C:\Users\enike\AppData\Local\BitTorrentHelper
2019-10-02 23:11 - 2018-09-16 04:32 - 000003546 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2019-10-02 23:11 - 2018-09-16 04:32 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-02 23:11 - 2018-09-16 04:32 - 000003322 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2019-10-02 23:11 - 2018-09-16 04:32 - 000003306 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1503518456
2019-10-02 23:11 - 2018-09-16 04:32 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-02 23:11 - 2018-09-16 04:32 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-02 23:11 - 2018-09-16 04:32 - 000003016 _____ C:\WINDOWS\system32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-02 23:11 - 2018-09-16 04:32 - 000003016 _____ C:\WINDOWS\system32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-02 23:11 - 2018-09-16 04:32 - 000003016 _____ C:\WINDOWS\system32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-02 23:11 - 2018-09-16 04:32 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-02 23:11 - 2018-09-16 04:32 - 000002956 _____ C:\WINDOWS\system32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-02 23:11 - 2018-09-16 04:32 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-02 23:11 - 2018-09-16 04:32 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1972068837-1164276130-3522050345-1001
2019-10-02 23:11 - 2018-09-16 04:32 - 000002856 _____ C:\WINDOWS\system32\Tasks\HPJumpStartLaunch
2019-10-02 23:11 - 2018-09-16 04:32 - 000002838 _____ C:\WINDOWS\system32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-02 23:11 - 2018-09-16 04:32 - 000002802 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForenike
2019-10-02 23:11 - 2018-09-16 04:32 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-02 23:11 - 2018-09-16 04:32 - 000002566 _____ C:\WINDOWS\system32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-10-02 23:11 - 2018-09-16 04:32 - 000002502 _____ C:\WINDOWS\system32\Tasks\HPEA3JOBS
2019-10-02 23:11 - 2018-09-16 04:32 - 000002262 _____ C:\WINDOWS\system32\Tasks\DropboxOEM
2019-10-02 22:47 - 2017-08-23 22:09 - 000000000 ____D C:\Users\enike\AppData\LocalLow\Mozilla
2019-10-02 22:22 - 2017-08-31 20:35 - 000000000 ____D C:\Users\enike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-10-02 21:57 - 2017-08-31 20:27 - 000000674 _____ C:\Users\Public\Desktop\Steam.lnk
2019-10-02 00:26 - 2017-08-23 22:38 - 000000000 ____D C:\Users\enike\AppData\Roaming\DAEMON Tools Lite
2019-10-02 00:22 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-10-02 00:21 - 2018-04-21 22:41 - 000000000 ____D C:\Users\enike\AppData\Local\Disc_Soft_Ltd
2019-10-02 00:05 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-02 00:05 - 2017-12-24 11:32 - 000000000 ____D C:\Users\enike\AppData\Local\Packages
2019-09-29 03:53 - 2018-09-16 04:28 - 000002408 _____ C:\Users\enike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-28 11:51 - 2018-09-16 06:17 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-09-26 12:01 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-09-25 10:26 - 2017-08-24 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3
2019-09-25 10:26 - 2017-08-24 18:41 - 000000946 _____ C:\Users\enike\Desktop\Cheat Engine.lnk
2019-09-25 09:40 - 2017-08-23 22:40 - 000000000 _____ C:\Users\enike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2019-09-25 09:26 - 2017-08-23 22:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-09-25 06:03 - 2018-09-21 11:26 - 000000000 ____D C:\Users\enike\AppData\Local\D3DSCache
2019-09-25 05:47 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-09-25 05:47 - 2017-08-23 22:38 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2019-09-25 05:47 - 2017-08-23 21:44 - 000000000 ____D C:\Users\enike\AppData\Local\ConnectedDevicesPlatform
2019-09-25 05:47 - 2016-12-25 15:44 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2019-09-25 05:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-09-25 05:36 - 2018-09-16 03:31 - 000000000 ____D C:\inetpub
2019-09-25 05:36 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\registration
2019-09-25 05:36 - 2017-08-23 22:00 - 000000000 ____D C:\Programas
2019-09-25 05:36 - 2016-07-30 20:33 - 000000000 ___HD C:\hp
2019-09-25 05:36 - 2016-07-20 02:09 - 000000000 ____D C:\SWSETUP
2019-09-22 10:15 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-09-22 10:09 - 2019-03-19 14:34 - 000000000 ___HD C:\$WINDOWS.~BT
2019-09-20 19:19 - 2017-08-23 22:18 - 000000000 ____D C:\Users\enike\AppData\Roaming\vlc
2019-09-20 12:55 - 2019-01-04 23:20 - 000000000 ____D C:\Users\enike\AppData\Local\tyranoscript
2019-09-20 02:50 - 2019-08-25 16:50 - 000002538 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-09-20 02:50 - 2019-08-25 16:50 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-09-20 02:50 - 2019-08-25 16:50 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-09-20 02:50 - 2019-08-25 16:50 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-09-20 02:50 - 2019-08-25 16:50 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-09-20 02:50 - 2019-08-25 16:50 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-09-20 02:50 - 2019-08-25 16:50 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-09-20 02:50 - 2016-08-01 02:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-09-11 04:31 - 2017-08-23 22:00 - 000000937 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk

==================== Files in the root of some directories ================

2019-09-25 05:02 - 2019-10-03 15:08 - 000000004 _____ () C:\ProgramData\lock.dat
2019-10-03 01:52 - 2019-10-03 01:52 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-10-03 01:52 - 2019-10-03 01:52 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-09-25 05:02 - 2019-09-25 05:02 - 000000008 _____ () C:\ProgramData\ts.dat
2019-10-03 14:28 - 2019-10-03 14:28 - 001388448 _____ () C:\Users\Public\ASR.dat
2019-09-25 03:53 - 2019-09-25 03:53 - 000001113 _____ () C:\Program Files\_readme.txt
2017-08-24 02:08 - 2017-10-22 00:39 - 000000328 _____ () C:\Users\enike\AppData\Roaming\WB.CFG
2018-07-08 22:50 - 2018-07-08 22:50 - 000000017 _____ () C:\Users\enike\AppData\Local\resmon.resmoncfg
2017-12-13 10:39 - 2017-12-13 10:39 - 000000068 _____ () C:\Users\enike\AppData\Local\yjUzkVAfQv
2017-12-17 12:39 - 2017-12-17 12:39 - 000000068 _____ () C:\Users\enike\AppData\Local\zuNMvflzFm

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


==================== BCD ================================

Administrador de arranque de firmware
-----------------------------------
Identificador           {fwbootmgr}
displayorder            {bootmgr}
                        {30b36b63-882c-11e7-b911-806e6f6e6963}
                        {cf00dca1-caf9-11e6-bf13-c8d3ffe1dcbd}
timeout                 0

Administrador de arranque de Windows
----------------------------------
Identificador           {bootmgr}
device                  partition=\Device\HarddiskVolume3
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  es-ES
inherit                 {globalsettings}
default                 {current}
resumeobject            {fa9fcefe-b0cb-11e8-b941-d0577b73a928}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Aplicaci�n de firmware (101fffff)
---------------------------------
Identificador           {30b36b63-882c-11e7-b911-806e6f6e6963}
description             Internal Hard Disk or Solid State Disk

Aplicaci�n de firmware (101fffff)
---------------------------------
Identificador           {cf00dca1-caf9-11e6-bf13-c8d3ffe1dcbd}
description             EFI USB Device

Cargador de arranque de Windows
-----------------------------
Identificador           {ec6594d4-caab-11e6-b90d-d0577b73a928}
device                  ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{ec6594d5-caab-11e6-b90d-d0577b73a928}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  es-ES
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{ec6594d5-caab-11e6-b90d-d0577b73a928}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Cargador de arranque de Windows
-----------------------------
Identificador           {fa517b0e-b957-11e8-80fe-9a60aa5f0e3e}
device                  ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{fa517b0f-b957-11e8-80fe-9a60aa5f0e3e}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  es-ES
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{fa517b0f-b957-11e8-80fe-9a60aa5f0e3e}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Cargador de arranque de Windows
-----------------------------
Identificador           {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 10
locale                  es-ES
inherit                 {bootloadersettings}
recoverysequence        {fa517b0e-b957-11e8-80fe-9a60aa5f0e3e}
displaymessageoverride  Recovery
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {fa9fcefe-b0cb-11e8-b941-d0577b73a928}
nx                      OptIn
bootmenupolicy          Standard

Reanudar tras hibernaci�n
-------------------------
Identificador           {fa9fcefe-b0cb-11e8-b941-d0577b73a928}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  es-ES
inherit                 {resumeloadersettings}
recoverysequence        {fa517b0e-b957-11e8-80fe-9a60aa5f0e3e}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Herramienta de comprobaci�n de memoria de Windows
-------------------------------------------------
Identificador           {memdiag}
device                  partition=\Device\HarddiskVolume3
path                    \EFI\Microsoft\Boot\memtest.efi
description             Herramienta de diagn�stico de memoria de Windows
locale                  es-ES
inherit                 {globalsettings}
badmemoryaccess         Yes

Configuraci�n de EMS
--------------------
Identificador           {emssettings}
bootems                 No

Configuraci�n del depurador
---------------------------
Identificador           {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

Defectos de RAM
---------------
Identificador           {badmemory}

Configuraci�n global
--------------------
Identificador           {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Configuraci�n del cargador de arranque
------------------------------------
Identificador           {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Configuraci�n de hipervisor
-------------------
Identificador           {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Reanudar la configuraci�n del cargador
--------------------------------------
Identificador           {resumeloadersettings}
inherit                 {globalsettings}

Opciones de dispositivo
-----------------------
Identificador           {fa517b0f-b957-11e8-80fe-9a60aa5f0e3e}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume6
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

==================== End of FRST.txt ============================

ADDITION1
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2019
Ran by enike (03-10-2019 16:18:36)
Running from C:\Users\enike\Desktop
Windows 10 Home Version 1803 17134.950 (X64) (2018-09-16 02:32:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1972068837-1164276130-3522050345-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1972068837-1164276130-3522050345-503 - Limited - Disabled)
enike (S-1-5-21-1972068837-1164276130-3522050345-1001 - Administrator - Enabled) => C:\Users\enike
Invitado (S-1-5-21-1972068837-1164276130-3522050345-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1972068837-1164276130-3522050345-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\uTorrent) (Version: 3.5.5.45341 - BitTorrent Inc.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Actualización de NVIDIA 31.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.2.0.0 - NVIDIA Corporation) Hidden
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Application Verifier x64 External Package (HKLM\...\{D9908CED-5ABB-FEE9-FC84-743F4D38637C}) (Version: 10.1.16299.15 - Microsoft) Hidden
Asistente para actualización a Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
ATOM RPG MULTi2 - ElAmigos version 1.067 (HKLM-x32\...\{226712C0-0C70-418D-BB03-AD5089E3302B}_is1) (Version: 1.067 - AtomTeam)
ATOM RPG v.1.107 (HKLM-x32\...\ATOM RPG_is1) (Version:  - )
BATTLETECH (HKLM-x32\...\1482783682_is1) (Version: 1.0.2-277r - GOG.com)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Combat Mission Afghanistan version 1.0 (HKLM-x32\...\{C17A399E-3AA0-4B68-9ED2-977A44AE12F4}_is1) (Version: 1.0 - GamersGate)
Combat Mission Afrika Korps (HKLM-x32\...\Combat Mission Afrika Korps v1.0_is1) (Version:  - Battlefront.com, Inc.)
Combat Mission Barbarossa to Berlin (HKLM-x32\...\Combat Mission Barbarossa to Berlin v1.3_is1) (Version:  - Battlefront.com, Inc.)
Combat Mission Battle for Normandy (HKLM-x32\...\CMBN10_is1) (Version:  - Battlefront.com)
Combat Mission Shock Force (HKLM-x32\...\Combat Mission Shock Force_is1) (Version:  - Battlefront.com)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.0948 - Disc Soft Ltd)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.36 - NVIDIA Corporation) Hidden
Divinity Original Sin 2 MULTi5 (HKLM-x32\...\Divinity Original Sin 2 MULTi5_is1) (Version:  - )
Dreadnought (HKLM-x32\...\Dreadnought) (Version: 1.0.1 - Grey Box)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Expeditions Viking Iron Man (HKLM-x32\...\Expeditions Viking Iron Man_is1) (Version:  - )
Field of Glory II (HKLM\...\SKIDROW - Field of Glory II) (Version:  - SKIDROW)
Gestor de cámara con sensor de profundidad Intel® RealSense™ SR300 (HKLM-x32\...\ARP_for_prd_dcm_runtime_sr300_3.3.27.5718) (Version: 3.3.27.5718 - Intel Corporation)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Audio Switch (HKLM\...\HPAudioSwitch) (Version: 1.0.105.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{b0ebf7ff-6b1a-4a92-9c85-6915be1962b9}) (Version: 5.1.19895 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8351.5556 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{E8FF0A82-0696-4347-B4AE-708DE306FFE9}) (Version: 12.12.32.3 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel RealSense Training (HKLM-x32\...\Intel RealSense Training) (Version: 1.16 - Intel)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1069 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{58853C0C-0E7D-4320-96AC-4D64027624FC}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® RealSense™ Depth Camera Manager Gold (x86): dptf_com (HKLM-x32\...\{8B2F7F6E-80C4-11E6-9806-2C44FD873B55}) (Version: 2.3.27.5718 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager SR300 Gold (x86): Intel® RealSense™ 3D camera SR300 IO module (HKLM-x32\...\{9631A4C0-80C4-11E6-AC2C-2C44FD873B55}) (Version: 3.3.27.5718 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager SR300 Gold (x86): Intel® RealSense™ Depth Camera Manager Service (HKLM-x32\...\{8FD07ECF-80C4-11E6-A604-2C44FD873B55}) (Version: 3.3.27.5718 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_v6_6.0.21.6598) (Version: 6.0.21.6598 - Intel Corporation)
Intel® RealSense™ SDK Runtime Gold (x86): Core (HKLM-x32\...\{EC8ABDF0-358B-11E5-82EB-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Data Collector (HKLM-x32\...\{E3A02E00-358B-11E5-81F8-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Hand Tracking (HKLM-x32\...\{D74B980F-358B-11E5-B6FE-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Intel® RealSense™ SDK Runtime Gold (x86): Hand Tracking: Models (HKLM-x32\...\{ED5C65CF-358B-11E5-9F51-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden
Jagged Alliance Rage MULTi10 - ElAmigos versión 1.0 (HKLM-x32\...\{D300C957-0271-429F-85C9-C526FDD6AD41}_is1) (Version: 1.0 - HandyGames)
Kits Configuration Installer (HKLM-x32\...\{86E59C8F-61D5-1782-A3CE-60AE7E4D7791}) (Version: 10.1.16299.15 - Microsoft) Hidden
Master of Orion - Retro Fleets (HKLM-x32\...\1436385130_is1) (Version: 2.12.0.20 - GOG.com)
Master of Orion - Terran Khanate (HKLM-x32\...\1240899991_is1) (Version: 2.12.0.20 - GOG.com)
Master of Orion (HKLM-x32\...\1441029515_is1) (Version: 2.15.0.23 - GOG.com)
Master of Orion (HKLM-x32\...\Master of Orion_is1) (Version:  - )
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office 365 - es-es (HKLM\...\O365HomePremRetail - es-es) (Version: 16.0.11929.20300 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27029 (HKLM-x32\...\{64ff2cb0-807c-4ee9-87ef-ec1b2ede0daf}) (Version: 14.16.27029.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27029 (HKLM-x32\...\{f50edb7e-c25e-47b4-bc4f-7ec4a4d256b1}) (Version: 14.16.27029.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1100.314 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x64 es-ES) (HKLM\...\Mozilla Firefox 61.0.1 (x64 es-ES)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
MSI Development Tools (HKLM-x32\...\{973CACA2-E018-065B-0580-F2784802E299}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Mutant Year Zero Road to Eden MULTi11 - ElAmigos versión 18.12.2018 (HKLM-x32\...\{F9F7F7EB-D4D1-4245-ABD1-357F42E566AB}_is1) (Version: 18.12.2018 - Funcom)
Mutant Year Zero Road to Eden Seed of Evil (HKLM-x32\...\Mutant Year Zero Road to Eden Seed of Evil_is1) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming)
NVIDIA Controlador de audio HD 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.14.0.139 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.0.139 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11929.20300 - Microsoft Corporation) Hidden
OpenOffice 4.1.5 (HKLM-x32\...\{A93E0F8F-B3C1-4784-916D-15865808017B}) (Version: 4.15.9789 - Apache Software Foundation)
Opera Stable 63.0.3368.71 (HKLM-x32\...\Opera 63.0.3368.71) (Version: 63.0.3368.71 - Opera Software)
Overland (HKLM-x32\...\1429928925_is1) (Version: 600 - GOG.com)
paint.net (HKLM\...\{B998B716-4001-4919-BA90-BA14B51DFEB5}) (Version: 4.1.6 - dotPDN LLC)
Panel de control de NVIDIA 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 398.36 - NVIDIA Corporation) Hidden
Paquete de compatibilidad redirigido de documentación de Microsoft .NET Framework 4.7.1 (español) (HKLM-x32\...\{927FF4FD-8E47-4022-8545-22FD78FBC2AB}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
Peninsular War Battles (HKLM\...\cGVuaW5zdWxhcndhcmJhdHRsZXM_is1) (Version: 1 - )
President Yukino Uncencored (HKLM\...\DARKSiDERS - President Yukino Uncencored) (Version:  - DARKSiDERS)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21289 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.13.1223.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
SDK ARM Additions (HKLM-x32\...\{7922BB77-0B59-840A-AC80-D560A34D75C5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{C87DF65C-A672-7E08-A083-E7D48FE8DB70}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 4.15.4257.0 - Hi-Rez Studios)
Software Intel® PROSet/Wireless (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel(R) Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.9.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.9.1 - SteelSeries ApS)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
TextCrawler Free 3.0.3 (HKLM-x32\...\TextCrawler Free) (Version: 3.0.3 - DigitalVolcano Software Ltd)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Ultimate Epic Battle Simulator v1.5 (HKLM\...\dWx0aW1hdGVlcGljYmF0dGxlc2ltdWxhdG9y_is1) (Version: 1 - )
Ultimate General Civil War (HKLM-x32\...\Ultimate General Civil War_is1) (Version:  - )
Unity (HKLM-x32\...\Unity) (Version: 2019.1.0f2 - Unity Technologies ApS)
Unity Hub 1.6.1 (HKLM\...\Unity Technologies - Hub) (Version: 1.6.1 - Unity Technologies Inc.)
Universal CRT Extension SDK (HKLM-x32\...\{A5FA2886-1925-133F-0D41-B9A8ECEA0A2D}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{B739B4C5-EEEC-8E70-0276-38C4779AF398}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A9D6F52C-694E-3E41-7AB8-5BEB644742A5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{E053089E-7953-3219-814F-F485FC151C54}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{B9424F08-0617-C4F6-A798-5A9250C1A738}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{D261CEA1-AB8D-9CFA-4407-BCEFC78661AC}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Valkyria Chronicles (HKLM-x32\...\Valkyria Chronicles_is1) (Version:  - )
Valkyria Chronicles (HKLM-x32\...\Valkyria Chronicles_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Valkyria Chronicles 4 MULTi8 - ElAmigos versión 15.10.2018 (HKLM-x32\...\{21C30336-8486-4721-8B6D-2EC3784E612F}_is1) (Version: 15.10.2018 - SEGA)
vcpp_crt.redist.clickonce (HKLM-x32\...\{32DF9B1B-E622-4385-99E0-02461A428363}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Visual Studio Community 2017 (HKLM-x32\...\e3803192) (Version: 15.9.28307.586 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{340226AB-D0EF-4715-A331-AB3A416B5018}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{E70CC1B8-7ED5-4495-9C52-603FE87F38F4}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
Wargaming.net Game Center (HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\Wargaming.net Game Center) (Version: 19.2.0.4533 - Wargaming.net)
Web Companion (HKLM-x32\...\{bc046938-66d1-48f3-bcad-394328e01dfc}) (Version: 4.0.1780.3335 - Lavasoft)
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
WeMod (HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\WeMod) (Version: 6.2.5 - WeMod)
WinAppDeploy (HKLM-x32\...\{9690D51C-4435-1C20-7819-66CCAB0F03F9}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{385A1387-A488-9E90-3635-086129610034}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{D7DD3171-DA58-52A1-95B2-4769640855AF}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7336279F-8F8F-5530-A543-3BE963846C0A}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E414A474-0A87-4F66-C409-A4D9857CFD34}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{CE760B86-975B-F514-5673-0ED4332B801B}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{5E67F8BE-D8D2-257F-CE19-419A2D5125C7}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{A2AA063E-AF50-A1F5-8925-A06EB1556644}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{7D4C7F4A-02A9-E434-6451-C8787DF28C1F}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{BC467065-9374-5345-DA3F-FCF073304A25}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
World of Tanks EU (HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\WOT.EU.PRODUCTION) (Version:  - Wargaming.net)
XCOM 2 War of the Chosen (HKLM-x32\...\XCOM 2 War of the Chosen_is1) (Version:  - )
Xenonauts 2 Demo (HKLM-x32\...\1497289938_is1) (Version: kickstarter demo - GOG.com)

Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.148.400.0_x86__kgqvnymyfvs32 [2019-09-25] (king.com)
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
File Viewer Plus -> C:\Program Files\WindowsApps\SharpenedProductions.FileViewerPlus_3.2.1.0_x86__xkt78gamzntbr [2019-09-25] (Sharpened Productions)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2019-09-25] (HP Inc.)
HP LOUNGE -> C:\Program Files\WindowsApps\UniversalMusicMobile.HPLOUNGE_2.1.1.0_x64__3ms5eyejfeart [2019-09-25] (Universal Music Mobile)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Microsoft News: Noticias destacadas en español -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Studios) [MS Ad]
MSN Deportes -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
MSN Dinero -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
MSN El Tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.94.574.0_x64__mcm4njqhnhss8 [2019-09-28] (Netflix, Inc.)
Teléfono Microsoft -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2019-09-25] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\juegos1\7zip\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => D:\programas\DAEMON Tools Lite\dtshl64.dll [2019-10-02] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => D:\programas\DAEMON Tools Lite\dtshl64.dll [2019-10-02] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\juegos1\7zip\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\enike\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-19] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-06-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\juegos1\7zip\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-04-07 10:19 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] D:\juegos1\7zip\7-Zip\7-zip.dll
2017-09-28 18:41 - 2017-09-28 18:41 - 000266240 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys [2560]
AlternateDataStreams: C:\Users\All Users:gs5sys [2560]
AlternateDataStreams: C:\Users\enike:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Datos de programa:gs5sys [2560]
AlternateDataStreams: C:\Users\enike\Configuración local:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Plantillas:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local\Historial:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Archivos de usuario de paint.net:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Battlestations-Midway:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\FLiNGTrainer:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Imperium:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Jagged Alliance Rage:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Larian Studios:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Master of Orion:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\MEGA:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Nexus Mod Manager:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\SEGA:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Visual Studio 2017:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zam64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zamguard64.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2017-10-09 13:22 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 87.216.1.65 - 87.216.1.66
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "HP Audio Switch.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SteelSeries Engine 3.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealSense Training.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "hola"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F20F710A8B8C4569C38BB42E17F992F5"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\StartupApproved\Run: => "SysHelper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D4278134-21B8-4472-AF95-F89BF3895E3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6C125D0A-4D4E-4FCB-8396-D0228E1A84DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BAF0CA70-5A9A-447F-B42D-27D98703F4FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F0231167-DD85-4C86-947E-D52D0AA4CCDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B7BE8485-D2E2-4182-AE82-83C130C91B13}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{02B30A64-4BA6-441D-AFBF-94CAF93DEC5A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9C5104B2-561B-484C-A79B-AEEA7FEEB998}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Bug Reporter.exe No File
FirewallRules: [{16E3E9B0-D634-48C0-A6F0-929B5EA21E4E}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Bug Reporter.exe No File
FirewallRules: [{013D20FC-5E82-4E4D-8E0B-72E06F1870C6}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Ultimate General Multiplayer.exe No File
FirewallRules: [{4F91A69A-076F-459B-A5E3-96CEDDC7B696}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Ultimate General Multiplayer.exe No File
FirewallRules: [{6361E0CC-E1A0-42DA-B5FB-FD91BFC9E5D0}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Ultimate General Gettysburg.exe No File
FirewallRules: [{0A7597A3-C6FE-44EB-B838-DFCA37E4501F}] => (Allow) D:\juegos1\Steam\steamapps\common\Ultimate General Gettysburg\Ultimate General Gettysburg.exe No File
FirewallRules: [{D1FED389-FBD6-449E-A8A0-B93D91F26743}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{EFA59492-5843-4237-BC50-C6261CE23B2C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{6F5F1C20-E074-40F3-9AFD-1E846FDF8C4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{136C8D52-52F3-4C24-B42C-2049E4170660}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{71CBBF23-4FB0-4DD6-93D0-E590E3198635}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EAA4EC63-FC5A-4858-97EF-15B6EC78A5F0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8A58268B-EBED-44D0-A342-702D196AEAC0}] => (Allow) C:\Users\enike\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{AD747BF7-32EF-42AF-9FA1-DFCAC310E351}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{E53428CB-04F3-4BDD-80FC-FDCE396935B3}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{90F652E0-C634-46C8-996F-C52FB59542A8}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0C242A73-B723-4037-BF0E-5CC80F76833A}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6A4D9C06-9E00-42EB-8148-1003C31F6FCA}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{90463F38-EA97-4623-8B1D-AE2C6B967315}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D8A9F047-571A-4AE2-8D3B-3C92A39A68EB}] => (Allow) D:\juegos1\World of Tanks\WoTLauncher.exe No File
FirewallRules: [{58091C24-2BB7-4E82-AEFF-6F2B329E2525}] => (Allow) D:\juegos1\World of Tanks\WoTLauncher.exe No File
FirewallRules: [{AF75D871-7094-428F-92D2-501CD4CA9FA9}] => (Allow) D:\juegos1\World of Tanks\worldoftanks.exe No File
FirewallRules: [{1B007FD7-5597-4904-857E-050794FFA1E0}] => (Allow) D:\juegos1\World of Tanks\worldoftanks.exe No File
FirewallRules: [{48D05EF4-F3E0-4800-B6C3-5BCFD510994A}] => (Allow) D:\juegos1\Steam\Steam.exe No File
FirewallRules: [{1B073A39-9A1E-4249-9070-1AFBABAFF06C}] => (Allow) D:\juegos1\Steam\Steam.exe No File
FirewallRules: [{59637954-059B-4524-8421-C669C2D760FB}] => (Allow) D:\juegos1\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{248F135A-C230-4541-A9F0-287C524A7BCD}] => (Allow) D:\juegos1\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{A79AC657-0E19-4CC8-8BB6-AAF698838994}] => (Allow) D:\juegos1\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [{8DAC412C-AB0F-4AE6-9771-00637020CC13}] => (Allow) D:\juegos1\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [{16182DFF-8B3A-4492-91FB-D734905099C0}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{9085A07E-8EB4-404B-B5D9-8067FF495094}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{62F11FF9-DF66-499C-ADB3-00BF52BEC3DD}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C7F218F8-D612-4108-B2B1-844EDB83337A}] => (Allow) C:\Users\enike\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{370BAFD9-DCE6-4206-91B4-CD054CB35D03}D:\juegos1\divinity original sin 2 multi5\bin\eocapp.exe] => (Allow) D:\juegos1\divinity original sin 2 multi5\bin\eocapp.exe No File
FirewallRules: [UDP Query User{41458C23-C29E-4416-B2C8-0EC8F580BA1A}D:\juegos1\divinity original sin 2 multi5\bin\eocapp.exe] => (Allow) D:\juegos1\divinity original sin 2 multi5\bin\eocapp.exe No File
FirewallRules: [{0A1DAED1-74FE-4D73-B152-C8074D82D882}] => (Allow) C:\Users\enike\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{71757365-66AE-48E0-BDF1-0830C72ABEAA}] => (Allow) D:\juegos1\Divinity Original Sin 2 MULTi5\bin\Divinity Original Sin 2 V3.0.180.158 Trainer +14 MrAntiFun.EXE No File
FirewallRules: [{8E65C64B-BA6A-42E2-A664-74B6ADAFB6C1}] => (Allow) D:\juegos1\Divinity Original Sin 2 MULTi5\bin\Divinity Original Sin 2 V3.0.180.158 Trainer +14 MrAntiFun.EXE No File
FirewallRules: [{B7E48F24-E8EF-4C24-A259-5BDB7BA2C595}] => (Allow) D:\juegos1\Divinity Original Sin 2 MULTi5\bin\Divinity Original Sin 2 V3.0.180.158 Trainer +14 MrAntiFun.EXE No File
FirewallRules: [{3FB642BF-19E3-40EC-9531-B333D6D210B4}] => (Allow) D:\juegos1\Divinity Original Sin 2 MULTi5\bin\Divinity Original Sin 2 V3.0.180.158 Trainer +14 MrAntiFun.EXE No File
FirewallRules: [TCP Query User{02E7F50F-A8F5-4C0E-B052-8FE4A9D5D839}D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [UDP Query User{87F43A3D-CD38-46F2-BB6E-8B5FFC889E25}D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [TCP Query User{19AE086A-F237-43E5-B165-1675FA0452B5}D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [UDP Query User{D92847B2-2D62-4856-8C22-AF3F63262249}D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\xcom 2 war of the chosen\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [{88AFD397-76BB-4D1F-ACDA-D4A503D03472}] => (Allow) D:\juegos1\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [{863AA1C6-F72C-4DA1-8970-24175838A5B9}] => (Allow) D:\juegos1\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File
FirewallRules: [TCP Query User{68779D13-6848-4681-819B-A162F3D0B314}D:\juegos1\wotc dlc\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\wotc dlc\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [UDP Query User{1C4CA52B-C73F-4DA5-82A8-2C788EE05C08}D:\juegos1\wotc dlc\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\juegos1\wotc dlc\xcom2-warofthechosen\binaries\win64\xcom2.exe No File
FirewallRules: [{2952B52E-E273-44FC-97FA-30F2C5F86E92}] => (Allow) D:\juegos1\Steam\steamapps\common\Battlestations Midway Multiplayer Demo\Battlestationsmidway.exe No File
FirewallRules: [{958C2A65-17C2-4871-B787-F0CD95CDCA98}] => (Allow) D:\juegos1\Steam\steamapps\common\Battlestations Midway Multiplayer Demo\Battlestationsmidway.exe No File
FirewallRules: [{B55E2442-96C7-4D02-B656-80DBCEB5CB00}] => (Allow) D:\juegos1\Steam\steamapps\common\Battlestations Midway Multiplayer Demo\Options.exe No File
FirewallRules: [{018B1017-C983-43F0-94A5-7D9F7988F930}] => (Allow) D:\juegos1\Steam\steamapps\common\Battlestations Midway Multiplayer Demo\Options.exe No File
FirewallRules: [TCP Query User{7FD4FBD6-D71E-48BC-8403-47E6D756877C}D:\juegos1\master of orion\masteroforion.exe] => (Allow) D:\juegos1\master of orion\masteroforion.exe No File
FirewallRules: [UDP Query User{C329E490-461C-41D7-B374-4B5CEBFD6712}D:\juegos1\master of orion\masteroforion.exe] => (Allow) D:\juegos1\master of orion\masteroforion.exe No File
FirewallRules: [TCP Query User{8FE7035D-1398-4112-AE35-187540EB4EDB}D:\juegos1\battletech\master of orion gog\masteroforion.exe] => (Allow) D:\juegos1\battletech\master of orion gog\masteroforion.exe No File
FirewallRules: [UDP Query User{F3E58CD0-8345-4A2C-803F-4A06C18C6BC9}D:\juegos1\battletech\master of orion gog\masteroforion.exe] => (Allow) D:\juegos1\battletech\master of orion gog\masteroforion.exe No File
FirewallRules: [TCP Query User{3908AC39-C8BC-453C-9372-DC4CF5FB2221}D:\juegos1\master of orion\masteroforion.exe] => (Allow) D:\juegos1\master of orion\masteroforion.exe No File
FirewallRules: [UDP Query User{8F5FB092-74C9-422C-8EFE-8CEB157E0D0F}D:\juegos1\master of orion\masteroforion.exe] => (Allow) D:\juegos1\master of orion\masteroforion.exe No File
FirewallRules: [{1149D0A1-C017-4FB1-A2DC-8BA4B1DAC3A5}] => (Allow) D:\juegos1\ATOM 1.083\ATOM.RPG.v1.083\Unity Hub\Unity Hub.exe No File
FirewallRules: [TCP Query User{FD4BF708-1C10-4D9C-B0F1-15A0258CC4AC}D:\juegos1\atom 1.083\atom.rpg.v1.083\unity hub\unity hub.exe] => (Allow) D:\juegos1\atom 1.083\atom.rpg.v1.083\unity hub\unity hub.exe No File
FirewallRules: [UDP Query User{C68B001E-932C-499C-8465-7CDD73ECA335}D:\juegos1\atom 1.083\atom.rpg.v1.083\unity hub\unity hub.exe] => (Allow) D:\juegos1\atom 1.083\atom.rpg.v1.083\unity hub\unity hub.exe No File
FirewallRules: [{611293EB-CEA5-4FC0-B226-EFBC1389700C}] => (Allow) C:\Program Files\Unity\Hub\Editor\2019.1.0f2\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{94E6F224-3B71-4B76-9894-8EF0F672AF2A}] => (Block) C:\Program Files\Unity\Hub\Editor\2019.1.0f2\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [TCP Query User{EF3050CF-A26F-4DBA-ACD4-7E67A3212D84}C:\program files\unity\hub\editor\2019.1.0f2\editor\unity.exe] => (Allow) C:\program files\unity\hub\editor\2019.1.0f2\editor\unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [UDP Query User{1459A321-2B9D-4E49-979D-067C0CB58598}C:\program files\unity\hub\editor\2019.1.0f2\editor\unity.exe] => (Allow) C:\program files\unity\hub\editor\2019.1.0f2\editor\unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [TCP Query User{25DB576C-C6F7-4275-BC27-99779BC7DCE4}D:\juegos1\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\juegos1\wargaming.net\gamecenter\wgc.exe No File
FirewallRules: [UDP Query User{43E629DA-85F7-441F-A08A-A88B0AB562A3}D:\juegos1\wargaming.net\gamecenter\wgc.exe] => (Allow) D:\juegos1\wargaming.net\gamecenter\wgc.exe No File
FirewallRules: [{DCD1998C-1A0C-432D-A4A9-2ED81903DF4E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [TCP Query User{7EB57150-FAF5-41E6-B518-938654EF92A7}H:\emulador_ppssppwindows64\ppssppwindows64.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows64.exe No File
FirewallRules: [UDP Query User{83C7504F-FBCA-453A-B189-00C537A08425}H:\emulador_ppssppwindows64\ppssppwindows64.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows64.exe No File
FirewallRules: [TCP Query User{7B4E146C-E2C7-4EEA-A52B-C043CB4BFE8A}H:\emulador_ppssppwindows64\ppssppwindows64.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows64.exe No File
FirewallRules: [UDP Query User{6AEA4D08-F60D-4DEB-865D-751A43F90F82}H:\emulador_ppssppwindows64\ppssppwindows64.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows64.exe No File
FirewallRules: [TCP Query User{FA3FF63A-1C81-44A5-AC9C-90927CC5BDBB}H:\emulador_ppssppwindows64\ppssppwindows.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows.exe No File
FirewallRules: [UDP Query User{891FC294-1896-4CEC-8ECE-C54F5DACE64C}H:\emulador_ppssppwindows64\ppssppwindows.exe] => (Allow) H:\emulador_ppssppwindows64\ppssppwindows.exe No File
FirewallRules: [{5DA5A1BC-B492-4AE6-9277-C9E470E6EFBF}] => (Allow) C:\Programas\Opera\62.0.3331.116\opera.exe No File
FirewallRules: [{907A05BC-43FB-49CA-B1E6-B350E6029C6A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C3074C75-0E0C-40E7-9B6B-E41B84239CA5}] => (Allow) C:\Programas\Opera\63.0.3368.71\opera.exe No File
FirewallRules: [TCP Query User{043D9164-892E-43F0-8D09-6064CD6EF473}H:\torrent\acabadas\xenonauts 2\xenonauts2.exe] => (Allow) H:\torrent\acabadas\xenonauts 2\xenonauts2.exe () [File not signed]
FirewallRules: [UDP Query User{4CD2BB39-DA2F-427D-A194-88FC7684AA39}H:\torrent\acabadas\xenonauts 2\xenonauts2.exe] => (Allow) H:\torrent\acabadas\xenonauts 2\xenonauts2.exe () [File not signed]
FirewallRules: [TCP Query User{BDDD9B38-03A5-4849-86F3-CDFBA6C50D03}H:\juegos1\phoenixpointbackerbuild\phoenixpointbackerbuild\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild\phoenixpointbackerbuild\phoenixpointwin64.exe () [File not signed]
FirewallRules: [UDP Query User{31121234-5FC2-4B8F-80AE-F9F0A577D74E}H:\juegos1\phoenixpointbackerbuild\phoenixpointbackerbuild\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild\phoenixpointbackerbuild\phoenixpointwin64.exe () [File not signed]
FirewallRules: [TCP Query User{1758818E-61E4-4A59-8D49-0A284A9088D8}H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe No File
FirewallRules: [UDP Query User{24B00BDC-084F-46C1-8BF3-4DA6623C94A3}H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe No File
FirewallRules: [TCP Query User{C8B5E8A7-E6EA-45F0-A625-D2B3B72FC0AD}H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe No File
FirewallRules: [UDP Query User{6BF208B8-763E-4CE4-A8CF-55691DC717A8}H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe] => (Allow) H:\juegos1\phoenixpointbackerbuild2\phoenixpointwin64.exe No File
FirewallRules: [TCP Query User{9F3A186C-0FD1-466A-8C14-91338E033D3F}H:\torrent\acabadas\xenonauts 2\xenonauts2.exe] => (Allow) H:\torrent\acabadas\xenonauts 2\xenonauts2.exe () [File not signed]
FirewallRules: [UDP Query User{246994A2-9147-423D-B909-9BA98DE61035}H:\torrent\acabadas\xenonauts 2\xenonauts2.exe] => (Allow) H:\torrent\acabadas\xenonauts 2\xenonauts2.exe () [File not signed]
FirewallRules: [{59825BA0-71CA-4D24-9CDD-D25D03F04195}] => (Allow) D:\programas\DAEMON Tools Lite\DiscSoftBusServiceLite.exe No File
FirewallRules: [{6A52B213-7682-4AE5-BAA4-17FE5A821C5C}] => (Allow) D:\programas\DAEMON Tools Lite\DiscSoftBusServiceLite.exe No File
FirewallRules: [{650AAD21-BE83-40F8-8B0B-123EAEC33212}] => (Allow) H:\JUEGOS1\STEAM2\Steam.exe No File
FirewallRules: [{AC485DA0-CC25-416B-9513-BF04F3CC9C8A}] => (Allow) H:\JUEGOS1\STEAM2\Steam.exe No File
FirewallRules: [{43F12193-ABF9-4A0B-8F9D-2D50A0431BC7}] => (Allow) H:\JUEGOS1\STEAM2\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{47092DE9-D604-4902-BBBE-13B8A23EC52D}] => (Allow) H:\JUEGOS1\STEAM2\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{22C5D93B-695D-45C9-9C47-A0B5E68D92F5}] => (Allow) E:\OMERTA2\steamapps\common\Omerta\OmertaSteam.exe No File
FirewallRules: [{16C1BE52-15BC-4AC7-9A4C-F470A957A453}] => (Allow) E:\OMERTA2\steamapps\common\Omerta\OmertaSteam.exe No File
FirewallRules: [{E582A81F-6840-405D-999D-81B61DD450B6}] => (Allow) H:\JUEGOS1\steam3\Steam.exe No File
FirewallRules: [{EBD32684-56F0-46BE-9158-88486C50696C}] => (Allow) H:\JUEGOS1\steam3\Steam.exe No File

ADDITION2

==================== Codecs (Whitelisted) ==================


==================== Restore Points =========================

25-09-2019 05:35:02 Operación de restauración
02-10-2019 01:03:08 Removed Bonjour

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2019 04:13:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: 3109749928.exe, versión: 1.0.0.4, marca de tiempo: 0x5d4a84c4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x04006800
Identificador del proceso con errores: 0x162c
Hora de inicio de la aplicación con errores: 0x01d579f49355938e
Ruta de acceso de la aplicación con errores: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: b8d05317-7fd1-4e2c-9e4c-7f251d311a59
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/03/2019 04:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: 3109749928.exe, versión: 1.0.0.4, marca de tiempo: 0x5d4a84c4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x04006800
Identificador del proceso con errores: 0x162c
Hora de inicio de la aplicación con errores: 0x01d579f49355938e
Ruta de acceso de la aplicación con errores: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: ca2e5c1b-1cfe-4c09-8839-f9b8466cb914
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/03/2019 04:12:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: 3109749928.exe, versión: 1.0.0.4, marca de tiempo: 0x5d4a84c4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x04006800
Identificador del proceso con errores: 0x162c
Hora de inicio de la aplicación con errores: 0x01d579f49355938e
Ruta de acceso de la aplicación con errores: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 41deb334-e798-4e74-8877-3ffef4d03efa
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/03/2019 04:12:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: 3109749928.exe, versión: 1.0.0.4, marca de tiempo: 0x5d4a84c4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x04006800
Identificador del proceso con errores: 0x162c
Hora de inicio de la aplicación con errores: 0x01d579f49355938e
Ruta de acceso de la aplicación con errores: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: c6d43d86-aeed-438e-b13e-4c772aa5f93d
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/03/2019 04:12:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: 3109749928.exe, versión: 1.0.0.4, marca de tiempo: 0x5d4a84c4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x04006800
Identificador del proceso con errores: 0x162c
Hora de inicio de la aplicación con errores: 0x01d579f49355938e
Ruta de acceso de la aplicación con errores: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: be207f88-cc40-4ae4-bf87-fe482901fc08
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/03/2019 04:12:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: 3109749928.exe, versión: 1.0.0.4, marca de tiempo: 0x5d4a84c4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x04006800
Identificador del proceso con errores: 0x162c
Hora de inicio de la aplicación con errores: 0x01d579f49355938e
Ruta de acceso de la aplicación con errores: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 7c9a61fe-7bfd-4038-a3ee-fadb8f8c2f34
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/03/2019 04:12:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: 3109749928.exe, versión: 1.0.0.4, marca de tiempo: 0x5d4a84c4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x04006800
Identificador del proceso con errores: 0x162c
Hora de inicio de la aplicación con errores: 0x01d579f49355938e
Ruta de acceso de la aplicación con errores: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: 66e2c43b-457b-446d-8955-10a788a03846
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (10/03/2019 04:12:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: 3109749928.exe, versión: 1.0.0.4, marca de tiempo: 0x5d4a84c4
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x04006800
Identificador del proceso con errores: 0x162c
Hora de inicio de la aplicación con errores: 0x01d579f49355938e
Ruta de acceso de la aplicación con errores: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: ddb2a9fe-54ba-41d2-bbf1-502c588adb5b
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:


System errors:
=============
Error: (10/03/2019 02:41:04 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-2K7O7TJC)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 y APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 al usuario LAPTOP-2K7O7TJC\enike con SID (S-1-5-21-1972068837-1164276130-3522050345-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/03/2019 02:29:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/03/2019 02:27:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/03/2019 02:27:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/03/2019 02:27:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/03/2019 02:27:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/03/2019 02:25:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/03/2019 02:25:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2019-10-03 14:29:44.011
Description: 
El acceso controlado a carpetas impidió que C:\Program Files\HP\HP Touchpoint Analytics Client\Provider Data Sources\_Shared\DiskCheck\ETD_GetSMART.exe realizara cambios en la memoria.
Tiempo de detección: 2019-10-03T12:29:44.011Z
Usuario: NT AUTHORITY\SYSTEM
Ruta de acceso: \Device\Harddisk0\DR0
Nombre del proceso: C:\Program Files\HP\HP Touchpoint Analytics Client\Provider Data Sources\_Shared\DiskCheck\ETD_GetSMART.exe
Versión de la firma: 1.303.753.0
Versión del motor: 1.1.16400.2
Versión del producto: 4.18.1909.6

Date: 2019-10-03 12:20:06.859
Description: 
El acceso controlado a carpetas impidió que C:\Windows\System32\msconfig.exe realizara cambios en la memoria.
Tiempo de detección: 2019-10-03T10:20:06.858Z
Usuario: LAPTOP-2K7O7TJC\enike
Ruta de acceso: \Device\HarddiskVolume3
Nombre del proceso: C:\Windows\System32\msconfig.exe
Versión de la firma: 1.303.753.0
Versión del motor: 1.1.16400.2
Versión del producto: 4.18.1909.6

Date: 2019-10-03 12:17:53.475
Description: 
El acceso controlado a carpetas bloqueó C:\Users\enike\AppData\Local\Temp\is-4AFJN.tmp\CheatEngine64 (4).tmp para que no pueda modificar %userprofile%\OneDrive\Documents\My Cheat Tables.
Hora de detección: 2019-10-03T10:17:53.475Z
Usuario: LAPTOP-2K7O7TJC\enike
Ruta de acceso: %userprofile%\OneDrive\Documents\My Cheat Tables
Nombre del proceso: C:\Users\enike\AppData\Local\Temp\is-4AFJN.tmp\CheatEngine64 (4).tmp
Versión de la firma: 1.303.753.0
Versión del motor: 1.1.16400.2
Versión del producto: 4.18.1909.6

Date: 2019-10-03 12:09:53.919
Description: 
El acceso controlado a carpetas bloqueó C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe para que no pueda modificar %desktopdirectory%\.
Hora de detección: 2019-10-03T10:09:53.919Z
Usuario: LAPTOP-2K7O7TJC\enike
Ruta de acceso: %desktopdirectory%\
Nombre del proceso: C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7\3109749928.exe
Versión de la firma: 1.303.753.0
Versión del motor: 1.1.16400.2
Versión del producto: 4.18.1909.6

Date: 2019-10-03 12:03:50.497
Description: 
El acceso controlado a carpetas bloqueó C:\Users\enike\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\SteamSetup (3).exe para que no pueda modificar %common_desktop%\.
Hora de detección: 2019-10-03T10:03:50.497Z
Usuario: LAPTOP-2K7O7TJC\enike
Ruta de acceso: %common_desktop%\
Nombre del proceso: C:\Users\enike\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\SteamSetup (3).exe
Versión de la firma: 1.303.753.0
Versión del motor: 1.1.16400.2
Versión del producto: 4.18.1909.6

Date: 2019-10-03 12:52:29.357
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.303.753.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16400.2
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 

Date: 2019-10-03 12:42:27.667
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-10-03 12:31:10.736
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.303.753.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16400.2
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 

Date: 2019-10-03 12:21:09.020
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-10-03 06:35:13.430
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.303.728.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16400.2
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

CodeIntegrity:
===================================

Date: 2019-10-03 06:25:17.664
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2019-10-03 06:15:01.275
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2019-10-03 06:04:45.184
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2019-10-03 05:54:28.127
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2019-10-03 05:44:01.795
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2019-10-03 05:33:45.862
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2019-10-03 05:23:38.525
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2019-10-03 05:13:15.022
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: Insyde F.23 10/13/2016
Motherboard: HP 8260
Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 59%
Total physical RAM: 16345.78 MB
Available physical RAM: 6651.98 MB
Total Virtual: 29145.78 MB
Available Virtual: 14020.08 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:236.5 GB) (Free:78.9 GB) NTFS
Drive d: (DATA) (Fixed) (Total:919.2 GB) (Free:96.78 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:12.31 GB) (Free:0.15 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (Elements) (Fixed) (Total:2794.49 GB) (Free:2193 GB) NTFS

\\?\Volume{e7fec484-f968-441e-875b-de736c3a8e60}\ () (Fixed) (Total:1.7 GB) (Free:0.99 GB) NTFS
\\?\Volume{263c4778-2e8e-48c9-ae27-7f01dcb8c88c}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 82165C24)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: F37ECA01)

Partition: GPT.

========================================================
Disk: 2 (Size: 2794.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==================== End of Addition.txt ============================

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

• Para hacerlo descarga Delfix en tu escritorio.

• Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

• Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

• Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:

Start
CreateRestorePoint:
CloseProcesses:

AlternateDataStreams: C:\ProgramData:gs5sys [2560]
AlternateDataStreams: C:\Users\All Users:gs5sys [2560]
AlternateDataStreams: C:\Users\enike:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Datos de programa:gs5sys [2560]
AlternateDataStreams: C:\Users\enike\Configuración local:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Plantillas:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local\Historial:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Archivos de usuario de paint.net:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Battlestations-Midway:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\FLiNGTrainer:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Imperium:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Jagged Alliance Rage:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Larian Studios:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Master of Orion:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\MEGA:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Nexus Mod Manager:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\SEGA:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Visual Studio 2017:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\MountPoints2: {730157da-4602-11e9-b94d-d0577b73a928} - "K:\autorun.exe" 
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\MountPoints2: {f2025a90-4a7f-11e8-b922-d0577b73a928} - "G:\setup.exe" 
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
CHR HKLM-x32\...\Chrome\Extension: [hcjdanpjacpeeppdjkppebobilhaglfo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lecopdllcadfbliodgfpfbhgoaohmlfe] - hxxps://clients2.google.com/service/update2/crx
2019-10-03 02:03 - 2019-10-03 02:03 - 000000000 ____D C:\Users\enike\AppData\LocalLow\ARoberti
2019-10-03 01:52 - 2019-10-03 14:23 - 000000000 ____D C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7
2019-10-03 01:52 - 2019-10-03 01:53 - 000000000 ____D C:\Users\enike\AppData\Local\f1aba65a-55c1-427d-a2d3-e1d320e79872
2019-10-03 01:52 - 2019-10-03 01:53 - 000000000 ____D C:\ProgramData\5E3WH5UQ9WUV9U4ZOG08E968N
2019-10-03 01:52 - 2019-10-03 01:52 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-10-03 01:52 - 2019-10-03 01:52 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-10-03 01:51 - 2019-10-03 01:51 - 000000000 ____D C:\ProgramData\Garbage Cleaner
2019-10-03 01:51 - 2019-10-03 01:51 - 000000000 ____D C:\ProgramData\WIFIService
2019-09-25 03:43 - 2019-09-25 03:43 - 000000000 ____D C:\ProgramData\7FK4NT5PQSLFT6M7BRT0VVZDU
2019-09-25 03:42 - 2019-09-25 03:43 - 000000000 ____D C:\Users\enike\AppData\Local\5fab4e27-31da-4cad-a5a4-5466971cbde8
2017-12-13 10:39 - 2017-12-13 10:39 - 000000068 _____ () C:\Users\enike\AppData\Local\yjUzkVAfQv
2017-12-17 12:39 - 2017-12-17 12:39 - 000000068 _____ () C:\Users\enike\AppData\Local\zuNMvflzFm


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

• Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro (Aplicable a Windows 10)?, para trabajar desde ese modo de windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2)

• Ejecutas Frst.exe.

• Presionas el botón Fix y aguardas a que termine.

• La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema

Hay un problema Cuando intento guardar los archivos FRST y Additions q cree el 20/10/2019 no me deja. pq cuando me conecte en modo a prueba de errores desaparecerán, no me deja guardarlos ni con otro nombre, en el escritoro pq hay 2 archivos con esos nombres que son del dia 3/10/2019. ¿Qué hago?

Por favor no vuelvas en etiquetas todas tus respuestas normalmente, solo aquellos logs que se indican.

para realizar los pasos que te indique, no necesitas tener los logs en el escritorio ,solo necesitas el programa frst.exe y el fistlist.txt que te indique

hola la FAQ para iniciar en modo seguro es para Windows 8 y yo tengo el maldito windows10 lo hago de todas formas? solo necesito saber que opción debo escoger en método de inicio a prueba de errores

Si lees mi respuesta ponía FAq de aplicable también a Windows 10

hola ya, pero en vez de usar el símbolo del sistema (método 1 que me recomiendas) para mi es mas fácil usar msconfig y elegir arranque a prueba de errores, aplicar y reiniciar PD de todas formas lo que mas me interesa es poder recuperar todos los archivos nesa y kuub que pueda, que aun siguen por ahi

Puedes usar el método que desees aunque recomendamos el método uno o el de todos pero eso a tu manera.

de todas maneras el tema de recuperar tus archivos encriptados y ha quedado claro pero por ahora no va a poder ser posible ni lo será quizás en un futuro.

lo que estamos haciendo es eliminar todo rastro de infecciones que tienes bastantes en el PC

FIXLOG-TXT
Fix result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019
Ran by enike (21-10-2019 16:33:48) Run:2
Running from C:\Users\enike\Desktop
Loaded Profiles: enike (Available Profiles: enike)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************

Start
CreateRestorePoint:
CloseProcesses:

AlternateDataStreams: C:\ProgramData:gs5sys [2560]
AlternateDataStreams: C:\Users\All Users:gs5sys [2560]
AlternateDataStreams: C:\Users\enike:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Datos de programa:gs5sys [2560]
AlternateDataStreams: C:\Users\enike\Configuraci�n local:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Plantillas:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local\Datos de programa:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\AppData\Local\Historial:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Archivos de usuario de paint.net:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Battlestations-Midway:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\FLiNGTrainer:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Imperium:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Jagged Alliance Rage:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Larian Studios:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Master of Orion:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\MEGA:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Nexus Mod Manager:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\SEGA:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\enike\OneDrive\Documents\Visual Studio 2017:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\MountPoints2: {730157da-4602-11e9-b94d-d0577b73a928} - "K:\autorun.exe" 
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\...\MountPoints2: {f2025a90-4a7f-11e8-b922-d0577b73a928} - "G:\setup.exe" 
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1972068837-1164276130-3522050345-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
CHR HKLM-x32\...\Chrome\Extension: [hcjdanpjacpeeppdjkppebobilhaglfo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lecopdllcadfbliodgfpfbhgoaohmlfe] - hxxps://clients2.google.com/service/update2/crx
2019-10-03 02:03 - 2019-10-03 02:03 - 000000000 ____D C:\Users\enike\AppData\LocalLow\ARoberti
2019-10-03 01:52 - 2019-10-03 14:23 - 000000000 ____D C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7
2019-10-03 01:52 - 2019-10-03 01:53 - 000000000 ____D C:\Users\enike\AppData\Local\f1aba65a-55c1-427d-a2d3-e1d320e79872
2019-10-03 01:52 - 2019-10-03 01:53 - 000000000 ____D C:\ProgramData\5E3WH5UQ9WUV9U4ZOG08E968N
2019-10-03 01:52 - 2019-10-03 01:52 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-10-03 01:52 - 2019-10-03 01:52 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-10-03 01:51 - 2019-10-03 01:51 - 000000000 ____D C:\ProgramData\Garbage Cleaner
2019-10-03 01:51 - 2019-10-03 01:51 - 000000000 ____D C:\ProgramData\WIFIService
2019-09-25 03:43 - 2019-09-25 03:43 - 000000000 ____D C:\ProgramData\7FK4NT5PQSLFT6M7BRT0VVZDU
2019-09-25 03:42 - 2019-09-25 03:43 - 000000000 ____D C:\Users\enike\AppData\Local\5fab4e27-31da-4cad-a5a4-5466971cbde8
2017-12-13 10:39 - 2017-12-13 10:39 - 000000068 _____ () C:\Users\enike\AppData\Local\yjUzkVAfQv
2017-12-17 12:39 - 2017-12-17 12:39 - 000000068 _____ () C:\Users\enike\AppData\Local\zuNMvflzFm


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
Lo guardas bajo el nombre de fixlist.txt en el escritorio <<<
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"C:\ProgramData" => ":gs5sys" ADS not found.
"C:\Users\All Users" => ":gs5sys" ADS not found.
"C:\Users\enike" => ":gs5sys" ADS not found.
"C:\ProgramData\Datos de programa" => ":gs5sys" ADS not found.
"C:\Users\enike\Configuraci�n local" => ":gs5sys" ADS not found.
"C:\Users\enike\Cookies" => ":gs5sys" ADS not found.
"C:\Users\enike\Datos de programa" => ":gs5sys" ADS not found.
"C:\Users\enike\Plantillas" => ":gs5sys" ADS not found.
"C:\Users\enike\Desktop\desktop.ini" => ":gs5sys" ADS not found.
"C:\Users\enike\AppData\Local" => ":gs5sys" ADS not found.
"C:\Users\enike\AppData\Roaming" => ":gs5sys" ADS not found.
"C:\Users\enike\AppData\Local\Datos de programa" => ":gs5sys" ADS not found.
"C:\Users\enike\AppData\Local\Historial" => ":gs5sys" ADS not found.
C:\Users\enike\OneDrive\Documents\Archivos de usuario de paint.net => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS could not remove.
C:\Users\enike\OneDrive\Documents\Battlestations-Midway => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS could not remove.
"C:\Users\enike\OneDrive\Documents\desktop.ini" => ":gs5sys" ADS not found.
C:\Users\enike\OneDrive\Documents\FLiNGTrainer => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS could not remove.
C:\Users\enike\OneDrive\Documents\Imperium => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS could not remove.
C:\Users\enike\OneDrive\Documents\Jagged Alliance Rage => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS could not remove.
C:\Users\enike\OneDrive\Documents\Larian Studios => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS could not remove.
C:\Users\enike\OneDrive\Documents\Master of Orion => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS could not remove.
C:\Users\enike\OneDrive\Documents\MEGA => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS could not remove.
C:\Users\enike\OneDrive\Documents\Nexus Mod Manager => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS could not remove.
C:\Users\enike\OneDrive\Documents\SEGA => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS could not remove.
C:\Users\enike\OneDrive\Documents\Visual Studio 2017 => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS could not remove.
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{730157da-4602-11e9-b94d-d0577b73a928} => not found
HKLM\Software\Classes\CLSID\{730157da-4602-11e9-b94d-d0577b73a928} => not found
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2025a90-4a7f-11e8-b922-d0577b73a928} => not found
HKLM\Software\Classes\CLSID\{f2025a90-4a7f-11e8-b922-d0577b73a928} => not found
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page" => not found
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => not found
HKLM\Software\Classes\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lecopdllcadfbliodgfpfbhgoaohmlfe => removed successfully
C:\Users\enike\AppData\LocalLow\ARoberti => moved successfully
C:\Users\enike\AppData\Local\44832cd2-e0b4-4c10-bf45-5ad7050960d7 => moved successfully
C:\Users\enike\AppData\Local\f1aba65a-55c1-427d-a2d3-e1d320e79872 => moved successfully
C:\ProgramData\5E3WH5UQ9WUV9U4ZOG08E968N => moved successfully
C:\ProgramData\nss3.dll => moved successfully
C:\ProgramData\mozglue.dll => moved successfully
C:\ProgramData\Garbage Cleaner => moved successfully
C:\ProgramData\WIFIService => moved successfully
"C:\ProgramData\7FK4NT5PQSLFT6M7BRT0VVZDU" => not found
"C:\Users\enike\AppData\Local\5fab4e27-31da-4cad-a5a4-5466971cbde8" => not found
"C:\Users\enike\AppData\Local\yjUzkVAfQv" => not found
"C:\Users\enike\AppData\Local\zuNMvflzFm" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1972068837-1164276130-3522050345-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores

========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17071771 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2172952 B
Edge => 36845118 B
Chrome => 0 B
Firefox => 40066571 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 18930 B
NetworkService => 18930 B
enike => 732363 B

RecycleBin => 0 B
EmptyTemp: => 102.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:34:06 ====