No puedo abrir facebook ni sitios antivirus

Hola Arnaldo. Nuevamente muchas gracias por tu gran apoyo.

Fíjate que revisando, me doy cuenta que posiblemente estoy usando una versión sin actualizar de Malware bytes ya que, al tratar de descargar el software, no logra hacerlo…

Lo mismo pasa con el AdwCleaner… no se puede bajar…

Suponiendo que bajara el adwcleaner en otra máquina, ¿cómo los actualizaría ya que pasaría lo mismo que con el Malwarebytes…

El ccleaner sí lo tengo y está actualizado. Sólo me faltarían esos dos…

Aquí nuevamente un video.

Gracias y discula la lata…

Hola de nuevo @Sebastian_Trejo

Intenta descargar las herramientas desde un equipo limpio para que puedas ejecutarlas. Si tienes problemas al ejecutarlas,nos comentas cómo te fué

Una duda ¿Puedes acceder al sitio web de Mozilla para descargar dicho navegador? Dejo el enlace para que pruebes qué pasa -> https://www.mozilla.org/es-ES/firefox/new/

No te preocupes por eso. Mientras más detalles comentas, mejor. Así podremos arreglar de mejor manera el equipo

Saludos

Hola. Sí el browser Firefox ya lo he reinstalado, calculo que como 3 veces, pero nada. Sigue igual.

Posiblemente sirva pegar esta otra impresión de pantalla del único antivirus que más o menos no ha sido bloqueado por el virus que es el de Microsoft Security Esentials. Pero veo que no sirve de mucho.

https://paste.pics/01ba5cafe76e93702071c3d7c0fe03cb

Bajaré ambos archivos en otra máquina, pero tendrá que ser mañana en mi oficina ya que aquí no tengo otro equipo. Si puedo los bajo desde mi ipad a ver si lo puedo compartir. Te mantengo informado.

1 me gusta

Hola de nuevo @Salvador_Trejo

No te preocupes, esperaremos tu respuesta

Saludos

Hola qué tal buen día.

Perdona que no te haya podido responder antes. Le dediqué TODO el día a tratar de eliminar el malware, y ya sabes, con el equipo escaneando y en modo seguro, etc. me fue imposible tratar de responderte.

Te platico. Ya solucioné el problema. Imagino que para muchos de ustedes es cosa de todos los días, pero para mí fue un gran reto que me consumió prácticamente toda una semana. No obstante, al final lo logré.

Resulta que el problema principal era un “secuestro del DNS”. Todos estos días me concentré tanto en tratar de remover ejecutables infecciosos, analizarlos con virus total, seguir tus amables indicaciones, bajar antivirus, antimalwares, escanear, etc. Estuve a punto de considerar formatear nuevamente, todo por una mala práctica que tuve hace una semana.

Al ver que no hubo avance, procedí a la búsqueda de más información, por Virus Total encontré algo de información, incluso encontré en la carpeta C:\Users\Salvador\AppData\Local\Mail.Ru que ahí se alojaba el origen del adware, y entre comillas era eliminado cuando bajé otro antimalware el que se llama GridinSoft Antimalware (este sí que me detectó varios, más que Malwarebytes, (también algunos falsos positivos) pero tampoco se había solucionado al 100% ya que la reinfección seguía ocurriendo. Eso me desanimaba mucho, pero al investigar más de esa ruta (mail.ru) leí con mucho detenimiento lo que otros comentaron y después de muchas, muchas horas, finalmente leí artículos relativos al secuestro del DNS, y de inmediato revisé mi equipo, y en efecto. Ví que se habían agregado DNS que desde luego no había yo agregado, los eliminé y como por arte de magia, nuevamente pude conectar mis browsers a facebook, pero sobre todo a páginas de antivirus… fue magia.

Espero no se hayan llevado muchos archivos confidenciales en este proceso, sólo espero que les sirva mi información a los que se dedican a hacer este tipo de problemas a la demás gente y que les aproveche.

Gracias por ayudarme Arnaldo, espero esta información les sirva a otros también y que me sirva a mí para no portarme mal y andar bajando software inadecuado.

Un cordial saludo y gracias nuevamente.

1 me gusta

Hola de nuevo @Salvador_Trejo

Primero, gracias por comentar cómo solucionaste el problema del bloqueo de DNS

Por si las moscas, trata de cambiar todas las claves de acceso de tus cuentas para evitar un hipotético mal uso y realiza los análisis con las herramientas antes indicadas para revisar si existe algún rastro de “mail.ru”

Además de lo anterior, realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer , pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt , estos quedaran grabados en el escritorio .

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Saludos

Muchas gracias Arnaldo. Adjunto los reportes.


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
Ran by Salvador (27-06-2019 21:41:43)
Running from C:\Users\Salvador\Downloads
Windows 7 Professional Service Pack 1 (X64) (2017-07-01 17:13:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-869245772-2272638929-4024518757-500 - Administrator - Enabled) => C:\Users\Administrador
HomeGroupUser$ (S-1-5-21-869245772-2272638929-4024518757-1002 - Limited - Enabled)
Invitado (S-1-5-21-869245772-2272638929-4024518757-501 - Limited - Disabled)
Salvador (S-1-5-21-869245772-2272638929-4024518757-1000 - Administrator - Enabled) => C:\Users\Salvador

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360ProductViewCreator version 2.0.23191 (HKLM-x32\...\{B9003801-2D4B-4307-B109-E7BE8ABEEE6E}_is1) (Version: 2.0.23191 - IconaSys Inc)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.7.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_1_0) (Version: 21.1.0 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_7_1) (Version: 7.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
Asistente para soporte y recuperación de Microsoft para Office 365 (HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\dacae1bed46e81d5) (Version: 16.0.1974.10 - Microsoft Corporation)
Astroburn Lite (HKLM\...\Astroburn Lite) (Version: 2.0.0.0204 - Disc Soft Ltd)
B9Creator 1.8.6 (HKLM\...\B9Creator) (Version: 1.8.6 - B9Creations, LLC)
ccc-core-static (HKLM-x32\...\{B435CD99-8921-4900-C5D1-34300810C8BD}) (Version: 2010.0909.1412.23625 - Nombre de su organización) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform)
Citrix XenCenter (HKLM-x32\...\{B5C3AF10-D876-4CA0-BBA4-59202D3F6CD1}) (Version: 7.2.0 - Citrix Systems, Inc.)
Cool Record Edit Pro (HKLM-x32\...\Cool Record Edit Pro) (Version:  - CoolRecordEdit Inc.)
Debut, capturador de vídeo (HKLM-x32\...\Debut) (Version: 5.09 - NCH Software)
digiCamControl (HKLM-x32\...\{d078c973-18e3-4e1b-9b16-1b20f3eed614}) (Version: 2.1.1.0 - ) Hidden
Doodly (HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\Doodly) (Version: 1.19.13 - Bryxen Software)
eyeBeam 3004t (HKLM-x32\...\eyeBeam_is1) (Version:  - Xten Networks, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{665DF231-32BE-46BA-ABD2-B0D69F8314FF}) (Version: 1.0.494 - LogMeIn, Inc.)
GoToMeeting 8.45.2.13190 (HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\GoToMeeting) (Version: 8.45.2.13190 - LogMeIn, Inc.)
HP Color LaserJet Pro M252 (HKLM-x32\...\{f584356a-5cc7-401c-9245-9eced8f01414}) (Version: 14.0.15309.432 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{31CBAB2C-ED4B-403C-8933-192833FEB2C6}) (Version: 12.11.24.11 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPCLJProM252 (HKLM-x32\...\{4A85BF98-D131-4FA3-B380-1D6B24834291}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPDXP (HKLM-x32\...\{CCF03F06-5C28-4105-8B81-BB4B2319B4D1}) (Version: 3.0.26.29 - HP) Hidden
HPLJUTCore (HKLM-x32\...\{B445502B-2F83-4873-90F1-06059F71A46A}) (Version: 014.000.0001 - HP) Hidden
HPLJUTM252 (HKLM-x32\...\{0E51FBBC-4147-4264-A786-AFDAF75A3FA7}) (Version: 014.000.0001 - HP) Hidden
hppLaserJetService (HKLM-x32\...\{0C4C3664-157A-4D69-B474-31EBF2EE1AE3}) (Version: 009.033.00926 - Hewlett-Packard) Hidden
hppM252LaserJetService (HKLM-x32\...\{CBEE14D1-2D7B-4994-8464-3C49F0DC2490}) (Version: 001.034.00686 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{EACC40D7-58F4-4A7A-9786-953DC9A1850B}) (Version: 170.040.00259 - HP Development Company, L.P.) Hidden
hpStatusAlertsM252 (HKLM-x32\...\{C34FBD21-5F3F-46D4-95C7-477DB6A450AD}) (Version: 140.046.00129 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
KeyShot 6 64 bit (HKLM-x32\...\KeyShot 6_64) (Version: 6.3 64 bit - Luxion ApS)
LJDXPHelperUI (HKLM-x32\...\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}) (Version: 140.069.007 - HP) Hidden
Loom 0.14.0 (HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\3643b966-bc28-5bc8-95ff-3d47d66438db) (Version: 0.14.0 - Loom, Inc.)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{BE6D5464-0B1F-46CC-8973-F9651FE6A45A}) (Version: 15.8.8308.965 - Microsoft Corporation)
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProplusRetail - es-es) (Version: 16.0.11727.20210 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Visio Profesional 2016 - es-es (HKLM\...\VisioProRetail - es-es) (Version: 16.0.11727.20210 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27029 (HKLM-x32\...\{f50edb7e-c25e-47b4-bc4f-7ec4a4d256b1}) (Version: 14.16.27029.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 67.0.4 (x64 es-MX) (HKLM\...\Mozilla Firefox 67.0.4 (x64 es-MX)) (Version: 67.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.4 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.7 - Notepad++ Team)
Npcap 0.995 (HKLM-x32\...\NpcapInst) (Version: 0.995 - Nmap Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20210 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20210 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.11727.20210 - Microsoft Corporation) Hidden
Opera Stable 60.0.3255.170 (HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\Opera 60.0.3255.170) (Version: 60.0.3255.170 - Opera Software)
Paquete de controladores de Windows - Arduino LLC (www.arduino.cc) Arduino USB Driver (01/04/2013 1.0.0.0) (HKLM\...\1E3EA5624DD04BEFECF3FFF6D3A21CCE9CD70A91) (Version: 01/04/2013 1.0.0.0 - Arduino LLC (www.arduino.cc))
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 2.1.1 - Vaclav Slavik)
PX Profile Update (HKLM-x32\...\{AE70615C-D28C-6159-8846-9B1EECC84BEE}) (Version: 1.00.1. - AMD) Hidden
Samsung CLP-610 Series (HKLM-x32\...\Samsung CLP-610 Series) (Version:  - Samsung Electronics CO.,LTD)
SetupDll SMS (HKLM-x32\...\{5E20F3F4-CA37-42E8-8643-0CF85399901C}) (Version: 1.0.0 - Teleprom Argentina SA)
ShutterStream version 4.0.24368 (HKLM-x32\...\{2F69C714-26C0-4A10-A118-91F58EDD5DE4}_is1) (Version: 4.0.24368 - IconaSys Inc)
Skype Meetings App (HKLM-x32\...\{D20CE315-AC32-4B25-AB3A-7112A9AB6FC3}) (Version: 16.2.0.232 - Microsoft Corporation)
Skype versión 8.46 (HKLM-x32\...\Skype_is1) (Version: 8.46 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.8352 - TeamViewer)
Teleprom Mobile Contact (HKLM-x32\...\Teleprom Mobile Contact) (Version:  - )
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.1.5 - uvnc bvba)
UltraVnc (HKLM-x32\...\Ultravnc2_is1) (Version: 1.2.2.4 - uvnc bvba)
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VideoPad, editor de vídeo (HKLM-x32\...\VideoPad) (Version: 6.26 - NCH Software)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.71 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Wireshark 3.0.2 32-bit (HKLM-x32\...\Wireshark) (Version: 3.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
ZBrush 2018 (HKLM\...\ZBrush 2018 2018) (Version: 2018 - Pixologic)
ZBrush 4R8 (HKLM\...\ZBrush 4R8 4R8) (Version: 4R8 - Pixologic)
Zebra Printer OPOS Driver (HKLM-x32\...\{EBFCFC3F-B37D-4734-B2E1-60497574C1E4}) (Version: 1.14.1.95 - Zebra Technologies) Hidden
Zebra Printer OPOS Driver (HKLM-x32\...\Zebra Printer OPOS Driver) (Version: 1.14.1.95 - Zebra Technologies)
Zebra Setup Utilities (HKLM-x32\...\{9207A8EC-3B2D-4A4A-8BF7-957FC19BB3DE}) (Version: 1.1.9.1269 - Zebra Technologies) Hidden
Zebra Setup Utilities (HKLM-x32\...\Zebra Setup Utilities) (Version: 1.1.9.1269 - Zebra Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-869245772-2272638929-4024518757-1000_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\Salvador\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-869245772-2272638929-4024518757-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Salvador\AppData\Local\GoToMeeting\13190\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-869245772-2272638929-4024518757-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [    FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} =>  -> No File
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-03-18] (Notepad++ -> )
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

Shortcut: C:\Users\Salvador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KeyShot 6 64\Documentation\KeyShot Manual.lnk -> hxxp://keyshot.com/manual/keyshot6/KeyShot_6_Manual.pd

==================== Loaded Modules (Whitelisted) ==============

2019-06-27 11:11 - 2019-06-27 11:11 - 000005120 ____C () [File not signed] C:\Windows\[email protected]
2017-07-04 11:30 - 2007-01-19 04:59 - 000327168 _____ () [File not signed] C:\Windows\Samsung\PanelMgr\caller64.exe
2017-07-04 11:30 - 2008-03-16 20:51 - 000524288 _____ () [File not signed] C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2018-04-01 00:14 - 2010-04-13 20:37 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2009-09-16 19:44 - 2009-09-16 19:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hptcpmib.dll
2009-09-16 19:45 - 2009-09-16 19:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\HpTcpMon.dll
2009-09-16 12:44 - 2009-09-16 12:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hpzjrd01.dll
2014-06-25 00:31 - 2014-06-25 00:31 - 000041472 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPHTTPProxy.dll
2014-06-25 00:31 - 2014-06-25 00:31 - 000073728 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPTools.dll
2014-06-25 00:31 - 2014-06-25 00:31 - 001222656 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\LEDMXMLObjects.dll
2014-06-25 00:31 - 2014-06-25 00:31 - 000176128 _____ (HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
2014-06-25 00:31 - 2014-06-25 00:31 - 000034816 _____ (HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPServiceCommunicator.dll
2018-04-01 00:14 - 2010-04-13 20:33 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2009-09-16 19:45 - 2009-09-16 19:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\HPTcpMUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [105]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\01bd.ru -> saltjs.01bd.ru

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2019-06-24 23:45 - 000000797 ____C C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Salvador\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 185.130.104.222 - 185.4.65.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: adawareantivirusservice => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: XenServerHealthCheck => 2
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: electron.app.Loom => C:\Users\Salvador\AppData\Local\Programs\Loom\Loom.exe --process-start-args "--loomHidden"
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6856318E-EE33-4480-8B0F-E3AD10728261}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0F0B7FB4-EB4E-4098-A897-B7A8A914138B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0F95F635-AC2B-4390-8A39-B2DAF466837E}] => (Allow) LPort=5900
FirewallRules: [{76B54F6B-A3B4-4691-A677-DD06C61A26A5}] => (Allow) LPort=5800
FirewallRules: [{C304FCE0-E372-44DF-B053-692BC5CCB0FA}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{61989867-84E7-4A43-B2F8-9AF438412507}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{AE25C7B8-FB4F-44C5-9CF0-B79210E982A4}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{40DA5EAF-D6CF-46B5-9B99-F0372C1649A7}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{987B3006-6283-484C-BE00-846D00C58186}] => (Allow) 㩃啜敳獲卜污慶潤屲灁䑰瑡屡潒浡湩屧獳屮獳⹮硥e No File
FirewallRules: [{3672AF09-6C99-4792-9AA9-2192829C064F}] => (Allow) 㩃啜敳獲卜污慶潤屲灁䑰瑡屡潒浡湩屧獳屮慳敶灵攮數 No File
FirewallRules: [TCP Query User{97A4F666-5A43-40B9-963E-C0EF1BA915A7}C:\users\salvador\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\salvador\appdata\local\logmein client\lmiignition.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [UDP Query User{E422BA40-721F-454E-B40D-541CA08E3BF1}C:\users\salvador\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\salvador\appdata\local\logmein client\lmiignition.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [TCP Query User{1F81E499-F712-4F5A-A5F8-7C564D583228}C:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe] => (Allow) C:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe () [File not signed]
FirewallRules: [UDP Query User{64332D56-6A43-4360-A08D-7E9D8CC6DEBB}C:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe] => (Allow) C:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe () [File not signed]
FirewallRules: [TCP Query User{39EE26C2-D919-4886-88F1-8E02505B07D5}C:\users\salvador\downloads\anydesk.exe] => (Allow) C:\users\salvador\downloads\anydesk.exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{CC42D1C7-0614-44DE-9902-AD08F91E2427}C:\users\salvador\downloads\anydesk.exe] => (Allow) C:\users\salvador\downloads\anydesk.exe (philandro Software GmbH -> )
FirewallRules: [TCP Query User{90CC745A-AA64-49C5-B266-2BFFA3808070}C:\users\salvador\downloads\anydesk(1).exe] => (Allow) C:\users\salvador\downloads\anydesk(1).exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{21AD50E2-76E9-49D8-A264-A68C5A92F401}C:\users\salvador\downloads\anydesk(1).exe] => (Allow) C:\users\salvador\downloads\anydesk(1).exe (philandro Software GmbH -> )
FirewallRules: [{E19F9A79-AD3B-4DBD-A3D4-68234127A452}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro M252\bin\EWSProxy.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9D51E685-5068-4814-A1CA-D559E7328EC3}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro M252\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{1DBF0EF6-B68C-4E8A-A3DC-1DB12A312375}D:\respaldo hp i5\software\winscp\winscpportable\app\winscp\winscp.exe] => (Allow) D:\respaldo hp i5\software\winscp\winscpportable\app\winscp\winscp.exe (Martin Prikryl) [File not signed]
FirewallRules: [UDP Query User{FDEEC9E9-7AEA-4C21-A6B9-734172D3EFD2}D:\respaldo hp i5\software\winscp\winscpportable\app\winscp\winscp.exe] => (Allow) D:\respaldo hp i5\software\winscp\winscpportable\app\winscp\winscp.exe (Martin Prikryl) [File not signed]
FirewallRules: [TCP Query User{6033FA9D-003D-45F7-BF5E-F5B3EE23C663}C:\users\salvador\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe] => (Allow) C:\users\salvador\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F7C09410-CE7D-4C0F-99A1-277BC91DAC24}C:\users\salvador\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe] => (Allow) C:\users\salvador\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{FE2919AF-13B1-4426-8DA1-91F5782B6CCD}C:\users\salvador\downloads\anydesk(2).exe] => (Allow) C:\users\salvador\downloads\anydesk(2).exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{56EA3DB8-E9FF-43EF-869C-82F3B67C74B4}C:\users\salvador\downloads\anydesk(2).exe] => (Allow) C:\users\salvador\downloads\anydesk(2).exe (philandro Software GmbH -> )
FirewallRules: [{2F519AF0-4724-44AB-9909-08B803C03BAE}] => (Allow) C:\Program Files\KeyShot6\bin\keyshot6.exe (Luxion, Inc. -> Luxion) [File not signed]
FirewallRules: [{10543ECF-22D8-43D2-9C67-3392C3D2650E}] => (Allow) C:\Program Files\KeyShot6\bin\keyshot_daemon.exe (Luxion, Inc. -> )
FirewallRules: [TCP Query User{F4B43C10-788E-416C-A840-710153B30C81}C:\users\salvador\downloads\anydesk(3).exe] => (Allow) C:\users\salvador\downloads\anydesk(3).exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{D6A6ECF0-EC27-4F49-9438-626D30FF4BF1}C:\users\salvador\downloads\anydesk(3).exe] => (Allow) C:\users\salvador\downloads\anydesk(3).exe (philandro Software GmbH -> )
FirewallRules: [TCP Query User{E600514D-8306-4EAD-B643-894E61B96890}C:\users\salvador\downloads\anydesk(4).exe] => (Allow) C:\users\salvador\downloads\anydesk(4).exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{7621CFF8-9B48-4FBB-A35E-205119105E64}C:\users\salvador\downloads\anydesk(4).exe] => (Allow) C:\users\salvador\downloads\anydesk(4).exe (philandro Software GmbH -> )
FirewallRules: [TCP Query User{AC01391B-0933-4E96-B8D2-33E74AA8FCEE}C:\users\salvador\downloads\anydesk(5).exe] => (Allow) C:\users\salvador\downloads\anydesk(5).exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{403DABF1-CFB6-44EC-BD76-E79191CD9DD4}C:\users\salvador\downloads\anydesk(5).exe] => (Allow) C:\users\salvador\downloads\anydesk(5).exe (philandro Software GmbH -> )
FirewallRules: [TCP Query User{026610BD-0817-4E09-9094-E1E5BC470188}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{C58D0014-BD62-4618-AB7F-24FE41E22339}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{CCEE1CDE-472B-46C9-BDFB-01F81ACE556B}C:\users\salvador\downloads\anydesk(6).exe] => (Allow) C:\users\salvador\downloads\anydesk(6).exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{02FBCC06-8213-4A97-85F8-A55FCAE5AA78}C:\users\salvador\downloads\anydesk(6).exe] => (Allow) C:\users\salvador\downloads\anydesk(6).exe (philandro Software GmbH -> )
FirewallRules: [TCP Query User{D208EC58-16DE-41BD-9885-D5C7BF2A82C9}C:\users\salvador\downloads\anydesk(7).exe] => (Allow) C:\users\salvador\downloads\anydesk(7).exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{F02382C2-B01B-45F6-9661-E30D1E76DBA9}C:\users\salvador\downloads\anydesk(7).exe] => (Allow) C:\users\salvador\downloads\anydesk(7).exe (philandro Software GmbH -> )
FirewallRules: [{14EE9242-9471-4749-B8BE-34287BFC115A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{2FD81E2E-9DAF-47B6-ACCB-7E36E41FC90D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{DB15DD4D-4012-4E67-BF48-76E0F86AE310}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0D5FB5C5-BA57-4AC3-91CD-52B4C8B04C47}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EDF97BFA-EA2B-4A33-82C9-EA0DCB6BCC29}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B3A10FA4-2052-4E95-B461-8A8FDBE26037}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{ABF8CC5D-6621-40EB-A1B3-35C2188615FD}C:\users\salvador\downloads\anydesk(8).exe] => (Allow) C:\users\salvador\downloads\anydesk(8).exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{19E8EA8D-6D45-43DB-8154-A5A902AF8DAB}C:\users\salvador\downloads\anydesk(8).exe] => (Allow) C:\users\salvador\downloads\anydesk(8).exe (philandro Software GmbH -> )
FirewallRules: [{BA60C78E-850C-4266-9D02-1264B9117C84}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B2C20998-AD7B-4A83-8FB0-B67349C81E1D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A335581A-99D4-4B63-9919-252E0422022B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3FEDE0CD-2779-4B7A-B08A-862908CB218D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B7D2B516-6E5B-454C-A003-D4D623889DDD}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{F5692700-B71C-44BC-97FC-5A68889DCDCA}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{8FE5B577-3924-431E-A308-D8864BBE198F}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\vncviewer.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{62A860C9-7C8D-40E9-9FC9-0E8DBA26D1E3}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\vncviewer.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{93848F7B-A90B-49CA-98FF-2B13337C0E5D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0DB9776F-E21F-4331-A918-00B47FEEA43F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{462B9AA7-779F-419E-9CC9-8BA38625DE14}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{78E38572-48DB-4DC9-92B6-E81376D8A58A}] => (Allow) C:\Program Files\Opera\60.0.3255.170\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{DB13E17E-4A93-4B4D-AF9B-18BB635FB65C}C:\program files (x86)\digicamcontrol\cameracontrol.exe] => (Allow) C:\program files (x86)\digicamcontrol\cameracontrol.exe No File
FirewallRules: [UDP Query User{5C99CD58-9F87-42B3-9CD6-6636B3C86B58}C:\program files (x86)\digicamcontrol\cameracontrol.exe] => (Allow) C:\program files (x86)\digicamcontrol\cameracontrol.exe No File
FirewallRules: [{80CA48F5-6BBA-4D91-A7DC-6945D5078571}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0DA979B1-E6C2-419C-A2D5-913B9D2A31BC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6173F843-80B7-4DDD-A8E6-B22B7188CCF4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

27-06-2019 15:40:35 Punto de control programado
27-06-2019 21:23:35 Removed Java 8 Update 211 (64-bit)
27-06-2019 21:27:43 Removed digiCamControl

==================== Faulty Device Manager Devices =============

Name: Tarjeta gráfica VGA estándar
Description: Tarjeta gráfica VGA estándar
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Tipos de pantalla estándar)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/27/2019 09:17:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (06/27/2019 08:53:54 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2160) WebCacheLocal: Al intentar abrir el archivo "C:\Users\Salvador\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (06/27/2019 08:53:44 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2160) WebCacheLocal: Al intentar abrir el archivo "C:\Users\Salvador\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (06/27/2019 08:53:13 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2160) WebCacheLocal: Al intentar abrir el archivo "C:\Users\Salvador\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (06/27/2019 08:53:03 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2160) WebCacheLocal: Al intentar abrir el archivo "C:\Users\Salvador\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (06/27/2019 08:52:12 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2160) WebCacheLocal: Al intentar abrir el archivo "C:\Users\Salvador\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (06/27/2019 08:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.

Error: (06/27/2019 08:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.


System errors:
=============
Error: (06/27/2019 09:20:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio HWDeviceService64.exe se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (06/27/2019 09:17:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio SSPORT no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (06/27/2019 09:17:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio DgiVecp no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (06/27/2019 09:17:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Se bloqueó la carga de \??\C:\Windows\SysWow64\Drivers\DgiVecp.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.

Error: (06/27/2019 09:15:38 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: El servicio Malwarebytes Service no se cerró correctamente después de recibir un control de aviso de apagado.

Error: (06/27/2019 09:14:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio Hacer clic y ejecutar de Microsoft Office terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (06/27/2019 09:14:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (06/27/2019 09:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio HP LaserJet Service se terminó de manera inesperada. Esto ha sucedido 1 veces.


Windows Defender:
===================================
Date: 2019-06-17 18:02:36.499
Description: 
Windows Defender detectó spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/ICLoader.E&threatid=249597
Nombre:SoftwareBundler:Win32/ICLoader.E
Id.:249597
Gravedad:Alta
Categoría:Software que instala varios programas
Ruta de acceso encontrada:process:pid:5404;process:pid:6452
Tipo de detección:Concreto
Origen de detección:Protección en tiempo real
Estado:Desconocido
Usuario:\
Nombre de proceso:

Date: 2019-06-17 18:02:36.149
Description: 
Windows Defender detectó spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/ICLoader.E&threatid=249597
Nombre:SoftwareBundler:Win32/ICLoader.E
Id.:249597
Gravedad:Alta
Categoría:Software que instala varios programas
Ruta de acceso encontrada:process:pid:6452
Tipo de detección:Concreto
Origen de detección:Protección en tiempo real
Estado:Desconocido
Usuario:\
Nombre de proceso:

CodeIntegrity:
===================================

Date: 2018-04-03 23:21:15.374
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-03 23:21:15.280
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-03 23:17:40.450
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-03 23:17:40.360
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-03 23:17:26.901
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-03 23:17:26.831
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-03 22:43:15.514
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-03 22:43:15.436
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

==================== Memory info =========================== 

BIOS: Hewlett-Packard F.23 10/21/2010
Motherboard: Hewlett-Packard 162F
Processor: Intel(R) Core(TM) i7 CPU M 640 @ 2.80GHz
Percentage of memory in use: 72%
Total physical RAM: 5941.86 MB
Available physical RAM: 1625.73 MB
Total Virtual: 11881.86 MB
Available Virtual: 6680.26 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:90.16 GB) (Free:11.92 GB) NTFS
Drive d: (Datos SFT) (Fixed) (Total:608.38 GB) (Free:204.64 GB) NTFS

\\?\Volume{4720c176-5e7f-11e7-a1f3-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 9F521A86)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=90.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=608.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2019
Ran by Salvador (administrator) on SALVADOR-PC (Hewlett-Packard HP Pavilion dm4 Notebook PC) (27-06-2019 21:39:26)
Running from C:\Users\Salvador\Downloads
Loaded Profiles: Salvador (Available Profiles: Salvador & Administrador)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Windows\[email protected]
() [File not signed] C:\Windows\Samsung\PanelMgr\caller64.exe
() [File not signed] C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company -> HP Development Company, L.P.) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HUAWEI Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2010-09-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [524288 2008-03-16] () [File not signed]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [329992 2015-06-17] (Hewlett-Packard Company -> HP Development Company, L.P.)
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [22695280 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22695280 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: F - F:\AUTORUN.EXE
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: {0ade89a5-de8e-11e7-b038-cc52af874140} - F:\AUTORUN.EXE
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: {16e70336-9eef-11e7-a5ee-cc52af874140} - F:\AUTORUN.EXE
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: {2c14fbfe-d132-11e7-8a8f-cc52af874140} - F:\AUTORUN.EXE
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: {7b9520fd-09f9-11e9-ac9a-cc52af874140} - F:\AUTORUN.EXE
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: {a28c5262-6007-11e7-8a44-cc52af874140} - F:\AUTORUN.EXE
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: {bb2973d5-9f08-11e7-8791-cc52af874140} - F:\AUTORUN.EXE
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: {cffc56d2-dab2-11e7-aebf-cc52af874140} - F:\AUTORUN.EXE
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: {d6767076-6025-11e7-85f0-cc52af874140} - F:\AUTORUN.EXE
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-27] (Google LLC -> Google LLC)
IFEO\OSppSvc.exe: [Debugger] [email protected]
IFEO\SppSvc.exe: [Debugger] [email protected]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D679572-84A0-4341-9826-1CB9673C87CE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {181E105C-BF43-4DEB-8C9D-B7D5B734FBC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {18953A19-F05A-4F73-A66A-2333DB721779} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [89840 2014-10-19] (Hewlett-Packard Company -> Hewlett Packard)
Task: {1B84DEC6-B486-4349-8F53-AB6CEE092100} - System32\Tasks\{3165AD2A-3492-448D-80EE-3FCA1AEEB886} => C:\Program Files\KeyShot6\bin\keyshot6.exe [17276368 2017-01-27] (Luxion, Inc. -> Luxion) [File not signed]
Task: {1EB5FC35-DBFB-486A-8563-8170B792365A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6440520 2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {1FB23A88-A9F9-42DC-A917-575E49F594C3} - System32\Tasks\{21094B43-5012-45AB-93C9-9674E53F2ECD} => C:\Windows\system32\pcalua.exe -a "F:\Huawei Drivers\devsetup32.exe" -d "F:\Huawei Drivers"
Task: {2C62F9A3-004C-45CA-A4D0-AE9AC1BF17A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [237432 2019-04-29] (HP Inc. -> HP Inc.)
Task: {2F771730-CDA7-4CD4-8508-6CB2251442DE} - System32\Tasks\{57A7B2C9-0F80-44C8-AF88-1491AD66AC90} => C:\Program Files\Autodesk\Meshmixer\meshmixer.exe
Task: {300AFAE7-2495-427F-86BB-9EC3FFBB0367} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {33AA8D3D-C9FE-4415-BAD9-7DDA5246AF89} - System32\Tasks\HPCeeScheduleForSalvador => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99208 2016-06-24] (Hewlett-Packard Company -> HP Inc.)
Task: {36659E2A-1C29-46DE-8EE0-7CBE40F6AA0B} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {383B238C-1347-4BAC-AFBB-015C58D505A6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {416993BF-48F8-4D11-A4E0-3124B1E33D52} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16667424 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {443550DD-9D50-49E5-98A8-E1203536B62C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {4491A059-ADE8-489D-A539-BDDCF962BDFC} - System32\Tasks\Opera scheduled Autoupdate 1560834017 => C:\Program Files\Opera\launcher.exe [1493592 2019-06-13] (Opera Software AS -> Opera Software)
Task: {47DD9595-13CC-433A-BA6D-EDA824E0D30D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-26] (Google Inc -> Google LLC)
Task: {48CFF533-7114-42B9-8D0F-6788CC09BE05} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [File not signed]
Task: {4AFE1531-8184-4769-9B3A-2ACC6580907C} - System32\Tasks\AdobeGCInvoker-1.0-Salvador-PC-Salvador => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {5170190A-C40F-4B23-BC26-EB7B73A538CE} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-17] (Adobe Inc. -> Adobe)
Task: {65BDEE13-4449-4130-B20B-9CAD14F1D9BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-05] (HP Inc. -> HP Inc.)
Task: {66CB854A-64D5-41A0-BCB3-A1A9ABA013DF} - System32\Tasks\{1630B0B8-DD6E-4E12-A40B-546E0D08E941} => C:\Users\Salvador\AppData\Local\KeyShot7\bin\keyshot.exe
Task: {6EDD0C8A-3704-462B-BDA0-41178BCAC4E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {741AE2B0-91AC-47E5-A549-C4F99179A793} - System32\Tasks\G2MUpdateTask-S-1-5-21-869245772-2272638929-4024518757-1000 => C:\Users\Salvador\AppData\Local\GoToMeeting\13190\g2mupdate.exe [32256 2019-06-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {796D2D74-D1FE-45F5-9B35-69F188E7CA0C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2208400 2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {7DFC4279-49CA-468A-A88E-310D1DA398E2} - System32\Tasks\G2MUploadTask-S-1-5-21-869245772-2272638929-4024518757-1000 => C:\Users\Salvador\AppData\Local\GoToMeeting\13190\g2mupload.exe [32256 2019-06-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {807CB27E-E02C-4B8D-8479-4DB060D3D8D2} - System32\Tasks\[email protected]\Office16VisioPro => wmic path OfficeSoftwareProtectionProduct where (ID="6bf301c1-b94a-43e9-ba31-d494598c47fb") call Activate
Task: {858EDF96-AE03-4642-8F03-0236137C4487} - System32\Tasks\[email protected]\Office16ProPlus => wmic path OfficeSoftwareProtectionProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate
Task: {9C1AEC4F-703E-49A0-856B-BEA2DBA20645} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {9EBFE360-D0E7-49E8-8A00-CF268208D511} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-17] (Adobe Inc. -> Adobe)
Task: {ACFC769C-B51A-4BCB-95A4-59892110B997} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26803808 2019-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {AE42D1AC-A584-4800-B85E-8DCD51D7226A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-05] (HP Inc. -> HP Inc.)
Task: {B5191647-C423-42D9-A9D7-4404BC24D02C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-06-26] (Google Inc -> Google LLC)
Task: {C1F950B0-85E9-4FC5-B93F-0161F9626AC3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6440520 2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {C414379A-E702-4668-A711-CA33B6A33C3A} - System32\Tasks\{E0CEC164-E1CE-49C8-A739-5F8841E6B4C7} => C:\Users\Salvador\AppData\Local\KeyShot7\bin\keyshot.exe
Task: {CBBD1D64-B1A5-4173-848B-FA37DA018242} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [152112 2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {CBF8FCA8-136A-4D04-89D1-8521C221E1E3} - System32\Tasks\{2631FFC7-5D47-4530-9CC4-809A0880F637} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.37.0.103&LastError=12007
Task: {CE3BE20C-92B1-4D40-9B9C-33AB945AF182} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26803808 2019-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {D2E8EDE3-7877-4C63-8B6F-606913C3A89C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2208400 2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {D5777B8D-FF38-4FB9-93D5-12E33532E8F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {D7F207F9-7634-4E96-9FF1-E5EE2112C154} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [152112 2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {E7EEF875-07AF-4176-9DE2-C7B198DED897} - System32\Tasks\{D11BD4AF-663B-4DF4-ABD0-AE793D853180} => C:\Windows\system32\pcalua.exe -a "F:\Huawei Drivers\DriverSetup.exe" -d "F:\Huawei Drivers"
Task: {F501491D-F903-4BF2-B8E1-851B75A8A8DC} - System32\Tasks\{A8A7F5C0-0B9A-4B49-8086-46F01CB489A5} => C:\Program Files\Autodesk\Meshmixer\meshmixer.exe
Task: {FD499E50-A7C5-4791-8EF3-E5CD1D18D056} - System32\Tasks\{27DC59D1-2C3A-4376-B20C-56FB21FE593D} => C:\Windows\system32\pcalua.exe -a "F:\Huawei Drivers\DriverUninstall.exe" -d "F:\Huawei Drivers"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-869245772-2272638929-4024518757-1000.job => C:\Users\Salvador\AppData\Local\GoToMeeting\13190\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-869245772-2272638929-4024518757-1000.job => C:\Users\Salvador\AppData\Local\GoToMeeting\13190\g2mupload.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSalvador.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{536D3191-43DC-4D4F-AE20-CFFDA8205014}: [DhcpNameServer] 192.168.1.1 4.2.2.2
Tcpip\..\Interfaces\{694F79A3-D2A1-47C2-80DA-D6355229B1AC}: [NameServer] 185.130.104.222,185.4.65.4,116.203.6.218,185.4.64.13
Tcpip\..\Interfaces\{8539FA45-C71B-43A1-895A-EAC163CC8234}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=es-mx
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-mx/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-869245772-2272638929-4024518757-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-869245772-2272638929-4024518757-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc. -> HP Inc.)
Toolbar: HKU\S-1-5-21-869245772-2272638929-4024518757-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=4187
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: gvrq4ej2.default-1561573023495
FF ProfilePath: C:\Users\Salvador\AppData\Roaming\Mozilla\Firefox\Profiles\40xjn0hr.default-release-1561006895064 [2019-06-27]
FF Homepage: Mozilla\Firefox\Profiles\40xjn0hr.default-release-1561006895064 -> hxxp://192.168.1.23:81/index.php
FF ProfilePath: C:\Users\Salvador\AppData\Roaming\Mozilla\Firefox\Profiles\gvrq4ej2.default-1561573023495 [2019-06-27]
FF Homepage: Mozilla\Firefox\Profiles\gvrq4ej2.default-1561573023495 -> hxxp://192.168.1.23:81/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-17] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-17] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-06-26] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-06-26] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-869245772-2272638929-4024518757-1000: LWAPlugin15.8 -> C:\Users\Salvador\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-869245772-2272638929-4024518757-1000: SkypeForBusinessPlugin-16.2 -> C:\Users\Salvador\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi.dll [2017-11-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-869245772-2272638929-4024518757-1000: SkypeForBusinessPlugin64-16.2 -> C:\Users\Salvador\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi-x64.dll [2017-11-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Salvador\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2018-12-07]

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://postcron.com/en/?utm_source=adwords&utm_medium=%7Bnetwork%7D&utm_term=%7Bnetwork%7D-%7Bkeyword%7D-%7Bmatchtype%7D-%7Bplacement%7D&utm_content=%7Bcreative%7D&utm_campaign=target&gclid=Cj0KEQjw7-K7BRCkkIH3t_WwoskBEiQAD8oY3jnJh8dyP9RI0uvHH401hhlD-PmnKgOBKkXGydiO3ygaAqdT8P8HAQ","hxxps://iag.me/socialmedia/broadcast-computer-facebook-live/","hxxps://sparkosoft.com/sparkocam"
CHR Profile: C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default [2019-06-27]
CHR Extension: (Presentaciones) - C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-27]
CHR Extension: (Documentos) - C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-06-27]
CHR Extension: (Google Drive) - C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-06-27]
CHR Extension: (ColorZilla) - C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2019-06-27]
CHR Extension: (YouTube) - C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-06-27]
CHR Extension: (Facebook Pixel Helper) - C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2019-06-27]
CHR Extension: (Hojas de cálculo) - C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-06-27]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-06-27]
CHR Extension: (Postcron) - C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default\Extensions\kahoebmmfnjmjcbclecdkhiapmefpaed [2019-06-27]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2019-06-27]
CHR Extension: (Turbo Ad Finder) - C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjbjojolojmokicddfeaamkodihccdcl [2019-06-27]
CHR Extension: (Linkclump) - C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2019-06-27]
CHR Extension: (AliSave | Download AliExpress Images & Videos) - C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhfcmbdimdbbclfngkjfmgmjhnkjocl [2019-06-27]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-06-27]
CHR Extension: (Gmail) - C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-27]
CHR Extension: (Chrome Media Router) - C:\Users\Salvador\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2010-09-27] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11409504 2019-06-20] (Microsoft Corporation -> Microsoft Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-25] (HP) [File not signed]
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [356728 2019-06-12] (HP Inc. -> HP Inc.)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] (HUAWEI Technologies Co., Ltd. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [271360 2010-09-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11795800 2019-04-15] (TeamViewer GmbH -> TeamViewer GmbH)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Validity Sensors, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-12-09] (Microsoft Windows -> Microsoft Corporation)
S4 XenServerHealthCheck; C:\Program Files (x86)\Citrix\XenServerHealthCheckService\XenServerHealthCheck.exe [57656 2017-05-05] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\Windows\System32\DRIVERS\Accelerometer.sys [43320 2011-05-13] (Hewlett-Packard Company -> Hewlett-Packard Company)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104976 2016-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S2 DgiVecp; C:\Windows\SysWOW64\Drivers\DgiVecp.sys [41984 2007-03-23] (Samsung Electronics Co., Ltd.) [File not signed]
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2017-07-02] (DT Soft Ltd -> DT Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2013-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [13952 2013-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [30008 2011-05-13] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [98304 2013-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [87040 2013-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [28672 2013-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [218624 2013-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158976 2010-02-26] (Intel Corporation) [File not signed]
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-06-27] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-06-27] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73912 2019-06-27] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-06-27] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [107368 2019-06-27] (Malwarebytes Corporation -> Malwarebytes)
R1 npcap; C:\Windows\System32\DRIVERS\npcap.sys [74552 2019-05-10] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [515584 2010-09-27] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 AtiHdmiService; system32\drivers\AtiHdmi.sys [X]
U4 npcap_wifi; no ImagePath
S2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [X]
U2 TMAgent; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-27 21:39 - 2019-06-27 21:41 - 000036471 ____C C:\Users\Salvador\Downloads\FRST.txt
2019-06-27 21:39 - 2019-06-27 21:39 - 000000000 ___DC C:\FRST
2019-06-27 21:38 - 2019-06-27 21:38 - 002418688 ____C (Farbar) C:\Users\Salvador\Downloads\FRST64.exe
2019-06-27 21:20 - 2019-06-27 21:20 - 000127136 ____C (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-06-27 21:20 - 2019-06-27 21:20 - 000107368 ____C (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-06-27 21:20 - 2019-06-27 21:20 - 000073912 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-06-27 21:20 - 2019-06-27 21:20 - 000000000 ___DC C:\Program Files (x86)\Auslogics
2019-06-27 21:17 - 2019-06-27 21:17 - 000275232 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-06-27 13:55 - 2019-06-27 13:55 - 000000000 ___DC C:\Users\Salvador\AppData\Roaming\Google
2019-06-27 13:39 - 2019-06-27 13:39 - 000002294 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-27 13:39 - 2019-06-27 13:39 - 000002253 ____C C:\Users\Public\Desktop\Google Chrome.lnk
2019-06-27 11:11 - 2019-06-27 11:11 - 000005120 ____C C:\Windows\[email protected]
2019-06-27 11:00 - 2019-06-27 21:17 - 000001078 ____C C:\Windows\system32dbgraw.bmp
2019-06-26 21:25 - 2019-06-26 21:25 - 000003534 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-06-26 21:25 - 2019-06-26 21:25 - 000003406 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-06-26 21:18 - 2019-06-26 21:18 - 000001505 ____C C:\Users\Salvador\Desktop\Norton Download Manager.lnk
2019-06-26 21:18 - 2019-06-26 21:18 - 000001322 ____C C:\Users\Salvador\Desktop\Norton Installation Files.lnk
2019-06-26 17:44 - 2019-06-26 17:44 - 000000000 ___DC C:\ProgramData\GridinSoft
2019-06-26 17:41 - 2019-06-26 17:41 - 001301968 ____C (GridinSoft LLC) C:\Users\Salvador\Downloads\setup-antimalware-993.exe
2019-06-26 14:32 - 2019-06-27 21:06 - 000000000 ___DC C:\ProgramData\Trend Micro
2019-06-26 12:36 - 2019-06-26 12:36 - 000000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware
2019-06-26 12:11 - 2019-06-26 12:11 - 007025360 ____C (Malwarebytes) C:\Users\Salvador\Desktop\adwcleaner_7.3.exe
2019-06-26 12:09 - 2019-06-27 01:23 - 000199768 ____C (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-06-26 12:09 - 2019-06-26 12:18 - 000002020 ____C C:\Users\Public\Desktop\Malwarebytes.lnk
2019-06-26 12:09 - 2019-06-26 12:09 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-06-26 12:09 - 2019-01-08 16:32 - 000153328 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-06-26 06:25 - 2019-06-26 06:25 - 000000016 _RSHC C:\Recycled
2019-06-25 22:46 - 2019-06-25 22:46 - 000287568 ____C (Mozilla) C:\Users\Salvador\Downloads\Firefox Installer(1).exe
2019-06-25 19:07 - 2019-06-27 10:49 - 000004128 ____C C:\Windows\System32\Tasks\CCleaner Update
2019-06-25 18:00 - 2019-06-25 18:19 - 000000000 ___DC C:\Users\Salvador\Downloads\Backups
2019-06-25 18:00 - 2019-06-25 18:00 - 000000000 ___DC C:\Windows\ABR
2019-06-25 17:12 - 2019-06-25 17:13 - 007241296 ____C (Stanislav Polshyn & Trend Micro Inc.) C:\Users\Salvador\Downloads\HiJackThis.exe
2019-06-25 13:45 - 2019-06-26 21:20 - 000000000 ___DC C:\ProgramData\Norton
2019-06-25 13:45 - 2019-06-25 13:45 - 000000000 ___DC C:\Users\Salvador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2019-06-25 13:45 - 2019-06-25 13:45 - 000000000 ___DC C:\Users\Public\Downloads\Norton
2019-06-25 13:28 - 2019-06-25 13:28 - 000000000 ___DC C:\ProgramData\Kaspersky Lab Setup Files
2019-06-25 01:20 - 2019-06-25 01:21 - 046683168 ____C (Microsoft Corporation) C:\Users\Salvador\Downloads\Windows-KB890830-x64-V5.73.exe
2019-06-25 01:09 - 2019-06-25 01:09 - 000000000 ___DC C:\Program Files (x86)\PC Tools
2019-06-25 01:05 - 2012-11-01 15:35 - 000253256 ____C (PC Tools) C:\Windows\system32\Drivers\PCTSD64.sys
2019-06-25 01:04 - 2019-06-25 01:31 - 000000000 ___DC C:\ProgramData\PC Tools
2019-06-25 01:04 - 2019-06-25 01:27 - 004130384 ____C (PC Tools) C:\Users\Salvador\Downloads\sdsetup.exe
2019-06-25 01:04 - 2019-06-25 01:04 - 000000000 ___DC C:\Users\Salvador\AppData\Roaming\TestApp
2019-06-25 00:33 - 2019-06-25 00:34 - 064309056 ____C (Malwarebytes ) C:\Users\Salvador\Downloads\mb3-setup-009996.009996-3.7.1.2839-1.0.538-1.0.9074.exe
2019-06-24 23:58 - 2019-06-24 23:58 - 000218101 ____C C:\Users\Salvador\Downloads\kidokiller.zip
2019-06-24 23:58 - 2019-06-24 23:58 - 000000000 ___DC C:\Users\Salvador\Downloads\kidokiller
2019-06-24 23:38 - 2019-06-26 13:19 - 000000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2019-06-24 23:38 - 2019-06-26 13:16 - 000000936 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-06-24 23:38 - 2019-06-26 13:16 - 000000924 ____C C:\Users\Public\Desktop\Firefox.lnk
2019-06-24 23:38 - 2019-06-26 13:16 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2019-06-23 20:05 - 2019-06-23 20:06 - 002709464 ____C C:\Users\Salvador\Downloads\Adaware_Installer.exe
2019-06-23 19:57 - 2019-06-23 19:57 - 000000000 __HDC C:\Windows\msdownld.tmp
2019-06-23 19:55 - 2019-06-23 19:57 - 060765072 ____C (Microsoft Corporation) C:\Users\Salvador\Downloads\EIE11_ES-MX_WOL_WIN764.EXE
2019-06-23 19:28 - 2019-06-23 19:28 - 015083200 ____C (Microsoft Corporation) C:\Users\Salvador\Downloads\mseinstall.exe
2019-06-23 17:14 - 2019-06-23 17:14 - 000000000 ___DC C:\Windows\pss
2019-06-23 16:24 - 2019-06-23 16:24 - 000181728 ____C (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2019-06-23 16:24 - 2019-06-23 16:24 - 000165712 ____C (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2019-06-23 16:14 - 2019-06-23 16:14 - 000262144 _____ C:\Windows\system32\config\ELAM
2019-06-23 16:14 - 2019-06-23 16:14 - 000000000 ___DC C:\Users\Salvador\AppData\Roaming\QuickScan
2019-06-23 14:57 - 2019-06-23 14:57 - 000000000 ___DC C:\Users\Salvador\Downloads\avg_antivirus_free_setup
2019-06-23 14:56 - 2019-06-23 14:56 - 000112702 ____C C:\Users\Salvador\Downloads\avg_antivirus_free_setup.rar
2019-06-22 22:53 - 2019-06-22 22:53 - 000028978 _____ C:\Users\Salvador\Desktop\agenciasdeviajescdmx.xlsx
2019-06-22 22:47 - 2019-06-22 22:47 - 025717014 ____C C:\Users\Salvador\Downloads\siem.zip
2019-06-22 22:47 - 2019-06-22 22:47 - 000000000 ___DC C:\Users\Salvador\Downloads\siem
2019-06-21 18:51 - 2019-06-21 18:51 - 000000000 ___DC C:\Users\Salvador\Downloads\set-lineal-gems
2019-06-21 18:50 - 2019-06-21 18:50 - 000964314 ____C C:\Users\Salvador\Downloads\set-lineal-gems.zip
2019-06-21 18:45 - 2019-06-21 18:45 - 001683242 ____C C:\Users\Salvador\Downloads\diamond-clipart-publicdomainvectors.org.zip
2019-06-21 18:45 - 2019-06-21 18:45 - 000000000 ___DC C:\Users\Salvador\Downloads\diamond-clipart-publicdomainvectors.org
2019-06-21 18:40 - 2019-06-21 18:40 - 000000000 ___DC C:\Users\Salvador\Downloads\geometric-diamond-set
2019-06-21 18:39 - 2019-06-21 18:40 - 001606830 ____C C:\Users\Salvador\Downloads\geometric-diamond-set.zip
2019-06-21 18:32 - 2019-06-21 18:32 - 000000000 ___DC C:\Users\Salvador\Downloads\conjunto-iconos-joyas
2019-06-21 18:32 - 2016-09-09 06:03 - 000001460 ____C C:\Users\Salvador\Downloads\License free.txt
2019-06-21 18:32 - 2016-09-09 05:34 - 000001115 ____C C:\Users\Salvador\Downloads\License premium.txt
2019-06-21 18:32 - 2014-10-28 02:58 - 001945238 ____C C:\Users\Salvador\Downloads\04.eps
2019-06-21 18:32 - 2014-10-28 02:58 - 000407356 ____C C:\Users\Salvador\Downloads\04.ai
2019-06-21 18:31 - 2019-06-21 18:31 - 000991237 ____C C:\Users\Salvador\Downloads\conjunto-iconos-joyas.zip
2019-06-20 23:43 - 2019-06-20 23:44 - 131414376 ____C (Loom, Inc.) C:\Users\Salvador\Downloads\Loom Setup 0.14.0.exe
2019-06-19 21:07 - 2019-06-19 21:15 - 079721824 ____C (Oracle Corporation) C:\Users\Salvador\Downloads\jre-8u211-windows-x64.exe
2019-06-18 21:52 - 2019-06-18 21:52 - 000287640 ____C (Mozilla) C:\Users\Salvador\Downloads\Firefox Installer.exe
2019-06-18 11:01 - 2019-06-18 11:01 - 000000000 ___DC C:\Users\Salvador\TempSFTzxpsign38846bcbd67ec86b
2019-06-18 11:00 - 2019-06-18 11:00 - 000000000 ___DC C:\Users\Salvador\TempSFTzxpsigneb21226325a13537
2019-06-18 10:59 - 2019-06-18 10:59 - 000000000 ___DC C:\Users\Salvador\TempSFTzxpsign7967cdfff0fe441c
2019-06-18 10:59 - 2019-06-18 10:59 - 000000000 ___DC C:\Users\Salvador\TempSFTzxpsign1918c9d26326d179
2019-06-18 00:09 - 2019-06-18 00:09 - 000000000 ___DC C:\Users\Administrador\AppData\Roaming\AVAST Software
2019-06-18 00:04 - 2019-06-18 00:04 - 000000000 ___DC C:\Users\Administrador\AppData\Local\Apps\2.0
2019-06-18 00:01 - 2019-06-18 00:01 - 001151544 ____C (Google LLC) C:\Users\Salvador\Downloads\ChromeSetup (1).exe
2019-06-18 00:00 - 2019-06-18 00:00 - 000004060 ____C C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1560834017
2019-06-18 00:00 - 2019-06-18 00:00 - 000001110 ____C C:\Users\Salvador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2019-06-17 23:59 - 2019-06-17 23:59 - 002241496 ____C (Opera Software) C:\Users\Salvador\Downloads\OperaSetup.exe
2019-06-17 23:28 - 2019-06-27 13:38 - 000000000 ___DC C:\Program Files (x86)\Google
2019-06-17 22:56 - 2019-06-17 22:56 - 001151544 ____C (Google LLC) C:\Users\Salvador\Downloads\ChromeSetup(3).exe
2019-06-17 22:25 - 2019-06-17 22:25 - 001151544 ____C (Google LLC) C:\Users\Salvador\Downloads\ChromeSetup(2).exe
2019-06-17 22:23 - 2019-06-17 22:23 - 001151544 ____C (Google LLC) C:\Users\Salvador\Downloads\ChromeSetup(1).exe
2019-06-17 22:08 - 2019-06-17 22:08 - 001151544 ____C (Google LLC) C:\Users\Salvador\Downloads\ChromeSetup.exe
2019-06-17 21:52 - 2019-06-26 13:17 - 000000000 ___DC C:\Users\Salvador\Desktop\Datos Firefox antiguos
2019-06-17 19:39 - 2019-06-20 23:45 - 000002283 ____C C:\Users\Salvador\Desktop\Loom.lnk
2019-06-17 19:39 - 2019-06-17 19:39 - 000002291 ____C C:\Users\Salvador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Loom.lnk
2019-06-17 19:37 - 2019-06-17 19:37 - 000000000 __HDC C:\$AV_ASW
2019-06-17 19:35 - 2019-06-17 19:35 - 117878944 ____C (Loom, Inc.) C:\Users\Salvador\Downloads\Loom Setup 0.13.0.exe
2019-06-17 19:14 - 2019-06-17 23:45 - 000000000 ___DC C:\Windows\System32\Tasks\Avast Software
2019-06-17 19:13 - 2019-06-17 19:13 - 000000000 ___DC C:\Program Files\Common Files\AVAST Software
2019-06-17 19:10 - 2019-06-26 13:58 - 000000000 ___DC C:\ProgramData\AVAST Software
2019-06-17 18:01 - 2019-06-17 18:01 - 000090112 ____C C:\Users\Salvador\Documents\sciter.sdb
2019-06-17 18:01 - 2019-06-17 18:01 - 000000000 ___DC C:\ProgramData\{8979D0A5-F66A-9981-12EB-0215120C5B44}
2019-06-17 18:01 - 2019-06-17 18:01 - 000000000 ___DC C:\ProgramData\{5D47A8F4-8E3B-4DBF-4393-3CC143746590}
2019-06-17 17:59 - 2019-06-17 17:59 - 000000000 ___DC C:\Users\Salvador\AppData\Roaming\view
2019-06-17 17:58 - 2019-06-17 18:17 - 000000000 ___DC C:\Users\Salvador\Downloads\sparkocam_2.6_0b67508b96c99b09b-37202-69ff35aa
2019-06-17 13:38 - 2019-06-18 18:51 - 000000000 ___DC C:\ProgramData\digiCamControl
2019-06-17 13:36 - 2019-06-17 13:37 - 068761414 ____C () C:\Users\Salvador\Downloads\digiCamControlsetup_2.1.1.0.exe
2019-06-17 12:52 - 2019-06-25 01:31 - 000000000 ___DC C:\ProgramData\TEMP
2019-06-17 12:49 - 2019-06-17 17:09 - 000000000 ___DC C:\Program Files (x86)\SparkoCam
2019-06-17 12:48 - 2019-06-17 12:49 - 047111408 ____C (Sparkosoft) C:\Users\Salvador\Downloads\SparkoCamInstaller.exe
2019-06-17 00:00 - 2019-06-17 00:00 - 003390463 ____C C:\Users\Salvador\Downloads\Ebook Reporte de Industria MX 2018 (1).pdf
2019-06-15 23:44 - 2019-06-15 23:44 - 000156699 ____C C:\Users\Salvador\Downloads\NNS_Direct_to_Sale_Solution_Template.pdf
2019-06-13 17:52 - 2019-06-13 17:52 - 000003218 ____C C:\Users\Salvador\Downloads\subscribers_294601907229602(1).csv
2019-06-12 14:07 - 2019-06-12 14:07 - 000003714 ____C C:\Users\Salvador\Downloads\Breakdown-Ads-12-June-2019-09-08-27.csv
2019-06-12 13:52 - 2019-06-12 13:52 - 000003714 ____C C:\Users\Salvador\Downloads\Breakdown-Ads-12-June-2019-08-52-47.csv
2019-06-12 13:52 - 2019-06-12 13:52 - 000003714 ____C C:\Users\Salvador\Downloads\Breakdown-Ads-12-June-2019-08-52-43.csv
2019-06-12 13:52 - 2019-06-12 13:52 - 000003714 ____C C:\Users\Salvador\Downloads\Breakdown-Ads-12-June-2019-08-52-38.csv
2019-06-12 13:42 - 2019-06-12 13:42 - 000009851 ____C C:\Users\Salvador\Downloads\Business-FB-Salvador-Flores-Conjuntos-de-anuncios-1-jun-2019-12-jun-2019.xls
2019-06-12 13:21 - 2019-06-12 13:21 - 000003714 ____C C:\Users\Salvador\Downloads\Breakdown-Ads-12-June-2019-08-22-01.csv
2019-06-12 12:40 - 2019-06-12 12:40 - 000003714 ____C C:\Users\Salvador\Downloads\Breakdown-Ads-12-June-2019-07-41-13.csv
2019-06-12 12:40 - 2019-06-12 12:40 - 000003714 ____C C:\Users\Salvador\Downloads\Breakdown-Ads-12-June-2019-07-41-05.csv
2019-06-12 10:44 - 2019-06-12 11:40 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 020275712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 015311872 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 014185984 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 013706240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2019-06-12 10:44 - 2019-06-12 11:40 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2019-06-12 10:44 - 2019-06-12 11:40 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 005776384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 005552872 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 004492800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 004057312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 003963624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 003247616 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 003229696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-06-12 10:44 - 2019-06-12 11:40 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-06-12 10:44 - 2019-06-12 11:40 - 002651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 002368000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 002297344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-06-12 10:44 - 2019-06-12 11:40 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-06-12 10:44 - 2019-06-12 11:40 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001893096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001664352 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001650176 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001251840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001182208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000994384 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000914584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000806400 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-06-12 10:44 - 2019-06-12 11:40 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-06-12 10:44 - 2019-06-12 11:40 - 000628224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000474112 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-06-12 10:44 - 2019-06-12 11:40 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000396896 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000372456 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000348984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-06-12 10:44 - 2019-06-12 11:40 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-06-12 10:44 - 2019-06-12 11:40 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 000153832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000114400 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000110592 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-06-12 10:44 - 2019-06-12 11:40 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-06-12 10:44 - 2019-06-12 11:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000065784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000064248 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-06-12 10:44 - 2019-06-12 11:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000021752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000020944 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000019408 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000018680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000017656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000017656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000017352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000017144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000016120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000015608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000015608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000015096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000014288 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000014072 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000013560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000013560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000013560 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000013048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000012752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000012536 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000012240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000012024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000012024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000012024 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000012024 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000012024 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000012024 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000012024 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000011728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000011512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000011512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000011512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000011512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000011512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000011512 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000011512 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000011512 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000011504 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000011000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000011000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000011000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000011000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2019-06-12 10:44 - 2019-06-12 11:40 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2019-06-12 10:44 - 2019-06-12 11:40 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-06-12 10:44 - 2019-06-12 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-06-12 10:44 - 2019-06-12 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2019-06-12 10:44 - 2019-05-16 09:34 - 000064512 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-06-12 10:44 - 2019-05-16 09:34 - 000062464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-06-12 10:44 - 2019-05-16 09:34 - 000060928 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-06-12 10:44 - 2019-05-16 09:34 - 000060928 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-06-11 13:59 - 2019-06-11 13:59 - 000070519 ____C C:\Users\Salvador\Downloads\export(1).csv
2019-06-11 13:35 - 2019-06-11 13:35 - 000000059 ____C C:\Users\Salvador\Downloads\data_uploader_error_report.csv
2019-06-11 13:13 - 2019-06-11 13:13 - 000003371 ____C C:\Users\Salvador\Downloads\subscribers_294601907229602.csv
2019-06-10 00:08 - 2019-06-22 17:12 - 000000855 ____C C:\Users\Salvador\Desktop\hostgator borrar.txt
2019-06-09 10:07 - 2019-06-09 10:07 - 000063253 ____C C:\Users\Salvador\Downloads\export.csv
2019-06-07 13:12 - 2019-06-07 13:12 - 048454152 ____C (Zebra Technologies ) C:\Users\Salvador\Downloads\zsu-1191269.exe
2019-06-07 13:12 - 2019-06-07 13:12 - 000002333 ____C C:\Users\Public\Desktop\Zebra Setup Utilities.lnk
2019-06-07 13:12 - 2019-06-07 13:12 - 000000000 ___HD C:\ProgramData\{20EFB350-0037-40E8-8550-2BA97C91D90E}
2019-06-07 13:12 - 2019-06-07 13:12 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zebra Setup Utilities
2019-06-07 13:08 - 2019-06-07 13:12 - 000000000 ___DC C:\Program Files (x86)\Zebra Technologies
2019-06-07 13:08 - 2019-06-07 13:08 - 000000000 ___DC C:\ProgramData\Zebra Technologies
2019-06-07 13:08 - 2019-06-07 13:08 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zebra Printer OPOS Driver
2019-06-07 13:07 - 2019-06-07 13:08 - 000000000 ___HD C:\ProgramData\{1DC60076-CFBE-4A48-84EE-D70FEB24AF48}
2019-06-07 13:06 - 2019-06-07 13:06 - 006125624 ____C (Zebra Technologies ) C:\Users\Salvador\Downloads\opos-printer-driver-utility-v1-14-1-95.exe
2019-06-07 10:38 - 2019-06-07 10:38 - 000000000 ___DC C:\Users\Salvador\Downloads\justpayshippingaudio
2019-06-06 23:25 - 2019-06-06 23:25 - 000024671 ____C C:\Users\Salvador\Downloads\beefree-es5oa6sqokh.zip
2019-06-06 19:31 - 2019-06-06 19:31 - 001661789 ____C C:\Users\Salvador\Desktop\grabafinal.wma
2019-06-06 13:05 - 2019-06-06 13:05 - 000000857 ____C C:\Users\Salvador\Downloads\Ftp [email protected]
2019-06-06 10:51 - 2019-06-06 10:51 - 000000000 ___DC C:\Users\Salvador\Downloads\Brandede-CommerceAfiliados
2019-06-06 00:40 - 2019-06-06 00:40 - 000023711 ____C C:\Users\Salvador\Downloads\beefree-55n7yi9ylax.zip
2019-06-05 14:23 - 2019-06-05 14:23 - 001545049 ____C C:\Users\Salvador\Documents\Sin título (4).wma
2019-06-05 11:06 - 2019-06-05 11:06 - 000000000 ___DC C:\Users\Salvador\Downloads\afiliadosInmobiliariasRentablesInternet
2019-06-04 10:45 - 2019-06-04 10:45 - 000000000 ___DC C:\Users\Salvador\Downloads\afiliadostradingzero2hero
2019-06-03 10:58 - 2019-06-03 10:58 - 000000000 ___DC C:\Users\Salvador\Downloads\afiliadosInmobiliariasRentablesInternetanterior
2019-06-02 19:48 - 2019-06-02 19:48 - 000012117 ____C C:\Users\Salvador\Downloads\thrive-invoice-416595.pdf
2019-06-01 00:33 - 2019-06-01 00:33 - 000000000 ___DC C:\Users\Salvador\AppData\Roaming\Auslogics
2019-06-01 00:22 - 2019-06-17 23:45 - 000003102 ____C C:\Windows\System32\Tasks\npcapwatchdog
2019-06-01 00:22 - 2019-06-01 00:22 - 000001993 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2019-06-01 00:21 - 2019-06-01 00:22 - 000000000 ___DC C:\Program Files\Npcap
2019-06-01 00:21 - 2019-06-01 00:21 - 000000000 ___DC C:\Windows\SysWOW64\Npcap
2019-06-01 00:21 - 2019-06-01 00:21 - 000000000 ___DC C:\Windows\system32\Npcap
2019-06-01 00:19 - 2019-06-01 00:22 - 000000000 ___DC C:\Program Files (x86)\Wireshark
2019-06-01 00:17 - 2019-06-01 00:17 - 000000000 ___DC C:\Program Files (x86)\uvnc bvba
2019-06-01 00:16 - 2019-06-01 00:16 - 000001043 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-06-01 00:16 - 2019-06-01 00:16 - 000001031 ____C C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-05-31 11:04 - 2019-05-31 11:04 - 000000000 ___DC C:\Users\Salvador\Downloads\chinafacebookafiliados
2019-05-31 11:03 - 2019-05-31 11:03 - 006453723 ____C C:\Users\Salvador\Downloads\chinafacebookafiliados.zip
2019-05-30 11:29 - 2019-05-30 11:29 - 000003762 ____C C:\Users\Salvador\Downloads\Breakdown-Ads-30-May-2019-06-29-43.csv
2019-05-30 10:41 - 2019-05-30 10:41 - 000000000 ___DC C:\Users\Salvador\Downloads\TurismoAfiliados
2019-05-29 10:34 - 2019-05-29 10:34 - 013042110 ____C C:\Users\Salvador\Downloads\LeadGenerationRealStateAfiliados.zip
2019-05-29 10:34 - 2019-05-29 10:34 - 000000000 ___DC C:\Users\Salvador\Downloads\LeadGenerationRealStateAfiliados
2019-05-28 20:23 - 2019-05-28 20:23 - 000000000 ___DC C:\Users\Salvador\Downloads\AffiliateMarketingHotmart

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-27 21:41 - 2017-07-04 12:30 - 000000000 ___DC C:\Users\Salvador\TempSFT
2019-06-27 21:26 - 2018-01-04 14:07 - 000000000 ___DC C:\Users\Salvador\AppData\Roaming\Zoom
2019-06-27 21:26 - 2009-07-13 23:45 - 000021312 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-06-27 21:26 - 2009-07-13 23:45 - 000021312 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-06-27 21:25 - 2009-07-13 22:20 - 000000000 ___DC C:\Windows\inf
2019-06-27 21:21 - 2019-05-17 10:58 - 000000652 ____C C:\Windows\Tasks\G2MUploadTask-S-1-5-21-869245772-2272638929-4024518757-1000.job
2019-06-27 21:21 - 2017-07-02 13:20 - 000000000 ___DC C:\Users\Salvador\AppData\LocalLow\Mozilla
2019-06-27 21:18 - 2017-09-21 12:24 - 000000000 ___DC C:\Program Files (x86)\TeamViewer
2019-06-27 21:17 - 2009-07-14 00:08 - 000000006 ___HC C:\Windows\Tasks\SA.DAT
2019-06-27 20:44 - 2019-05-17 10:58 - 000000556 ____C C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-869245772-2272638929-4024518757-1000.job
2019-06-27 20:32 - 2011-04-12 04:10 - 004478986 ____C C:\Windows\system32\perfh00A.dat
2019-06-27 20:32 - 2011-04-12 04:10 - 001419384 ____C C:\Windows\system32\perfc00A.dat
2019-06-27 20:32 - 2009-07-14 00:13 - 000006256 ____C C:\Windows\system32\PerfStringBackup.INI
2019-06-27 19:33 - 2017-07-02 20:45 - 000000000 ___DC C:\Users\Salvador\Documents\Archivos de Outlook
2019-06-27 14:19 - 2018-04-08 11:31 - 000003204 ____C C:\Windows\System32\Tasks\HPCeeScheduleForSalvador
2019-06-27 14:19 - 2018-04-08 11:31 - 000000344 ____C C:\Windows\Tasks\HPCeeScheduleForSalvador.job
2019-06-27 01:09 - 2019-05-27 20:00 - 000000000 ___DC C:\Users\Salvador\AppData\Roaming\Loom
2019-06-26 19:57 - 2018-04-01 00:40 - 000000000 ___DC C:\Users\Salvador\Downloads\x64
2019-06-26 14:38 - 2018-10-05 20:39 - 000002461 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-06-26 14:38 - 2018-10-05 20:39 - 000002412 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-06-26 14:38 - 2018-10-05 20:39 - 000002376 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2019-06-26 14:38 - 2018-10-05 20:39 - 000002375 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-06-26 14:38 - 2018-10-05 20:39 - 000002366 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-06-26 14:38 - 2018-09-03 22:24 - 000001033 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poedit.lnk
2019-06-26 14:38 - 2017-07-02 13:49 - 000002216 ____C C:\Users\Salvador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2019-06-26 14:37 - 2018-10-07 12:21 - 000001120 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut, capturador de vídeo.lnk
2019-06-26 14:37 - 2018-10-05 20:39 - 000002368 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-06-26 14:37 - 2018-02-03 19:45 - 000001105 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic CC.lnk
2019-06-26 14:37 - 2017-07-05 23:23 - 000002507 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2017.lnk
2019-06-26 14:37 - 2017-07-05 21:36 - 000001084 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2019-06-26 14:30 - 2017-07-07 23:22 - 000001912 ____C C:\Windows\epplauncher.mif
2019-06-26 13:07 - 2017-07-02 13:44 - 000000000 ___DC C:\ProgramData\regid.1991-06.com.microsoft
2019-06-26 13:06 - 2009-07-13 22:20 - 000000000 ___DC C:\Program Files\Common Files\Microsoft Shared
2019-06-26 13:04 - 2017-07-02 13:43 - 000000000 ___DC C:\Program Files\Microsoft Office
2019-06-26 12:55 - 2017-07-07 11:46 - 000000000 ___DC C:\AdwCleaner
2019-06-26 12:36 - 2017-07-07 14:45 - 000000000 ___DC C:\ProgramData\Malwarebytes
2019-06-26 12:06 - 2017-07-07 14:45 - 000000000 ___DC C:\Program Files\Malwarebytes
2019-06-25 19:17 - 2017-07-22 21:38 - 000000000 ___DC C:\Program Files\CCleaner
2019-06-25 01:27 - 2017-07-01 12:58 - 135349160 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-06-25 00:19 - 2017-07-01 12:13 - 000000000 ___DC C:\Users\Salvador
2019-06-23 20:31 - 2009-07-13 22:20 - 000000000 ___DC C:\Windows\system32\NDF
2019-06-23 19:09 - 2017-07-22 21:38 - 000000975 ____C C:\Users\Public\Desktop\CCleaner.lnk
2019-06-23 16:52 - 2018-03-31 13:26 - 000000000 ___DC C:\Users\SKU8_REV10
2019-06-23 16:09 - 2017-07-06 21:57 - 000000000 ___DC C:\Users\Salvador\Downloads\pixologic-zbrush-4r8-crack
2019-06-21 21:00 - 2017-07-05 23:54 - 000000033 ____C C:\Users\Salvador\AppData\Roaming\AdobeWLCMCache.dat
2019-06-21 19:11 - 2018-09-04 19:13 - 000002228 ____C C:\Users\Salvador\Desktop\Doodly.lnk
2019-06-21 19:11 - 2018-09-04 19:13 - 000000000 ___DC C:\Users\Salvador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bryxen Software
2019-06-21 11:48 - 2017-12-17 13:01 - 000000000 ___DC C:\Windows\rescache
2019-06-20 12:28 - 2019-05-25 23:04 - 000000000 ___DC C:\Users\Salvador\Desktop\Seminarios Online
2019-06-18 23:22 - 2018-01-13 20:44 - 000000000 ___DC C:\Users\Salvador\AppData\Roaming\Cool Record Edit Pro
2019-06-18 17:34 - 2017-07-04 22:52 - 000000000 ___DC C:\ProgramData\Package Cache
2019-06-18 00:02 - 2009-07-13 23:57 - 000001547 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-06-18 00:00 - 2018-04-17 23:27 - 000000000 ___DC C:\Program Files\Opera
2019-06-17 23:59 - 2018-04-17 23:27 - 000000000 ___DC C:\Users\Salvador\AppData\Roaming\Opera Software
2019-06-17 23:45 - 2019-05-17 10:58 - 000003690 ____C C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-869245772-2272638929-4024518757-1000
2019-06-17 23:45 - 2019-05-17 10:58 - 000003594 ____C C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-869245772-2272638929-4024518757-1000
2019-06-17 23:45 - 2018-03-30 14:04 - 000002976 _____ C:\Windows\System32\Tasks\{57A7B2C9-0F80-44C8-AF88-1491AD66AC90}
2019-06-17 23:45 - 2018-03-30 14:03 - 000002976 _____ C:\Windows\System32\Tasks\{A8A7F5C0-0B9A-4B49-8086-46F01CB489A5}
2019-06-17 23:45 - 2018-03-19 01:51 - 000002990 _____ C:\Windows\System32\Tasks\{E0CEC164-E1CE-49C8-A739-5F8841E6B4C7}
2019-06-17 23:45 - 2018-03-19 01:51 - 000002990 _____ C:\Windows\System32\Tasks\{1630B0B8-DD6E-4E12-A40B-546E0D08E941}
2019-06-17 23:45 - 2018-03-19 00:05 - 000002962 _____ C:\Windows\System32\Tasks\{3165AD2A-3492-448D-80EE-3FCA1AEEB886}
2019-06-17 23:45 - 2018-03-13 23:04 - 000004504 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-06-17 23:45 - 2018-01-31 22:21 - 000003562 ____C C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-Salvador-PC-Salvador
2019-06-17 23:45 - 2018-01-18 23:14 - 000003496 _____ C:\Windows\System32\Tasks\HPLJCustParticipation
2019-06-17 23:45 - 2017-12-07 15:50 - 000003120 _____ C:\Windows\System32\Tasks\{21094B43-5012-45AB-93C9-9674E53F2ECD}
2019-06-17 23:45 - 2017-12-07 15:49 - 000003130 _____ C:\Windows\System32\Tasks\{27DC59D1-2C3A-4376-B20C-56FB21FE593D}
2019-06-17 23:45 - 2017-08-08 13:34 - 000004332 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-06-17 23:45 - 2017-07-06 00:15 - 000002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-06-17 23:45 - 2017-07-04 22:54 - 000003148 _____ C:\Windows\System32\Tasks\{2631FFC7-5D47-4530-9CC4-809A0880F637}
2019-06-17 23:45 - 2017-07-03 14:39 - 000003122 _____ C:\Windows\System32\Tasks\{D11BD4AF-663B-4DF4-ABD0-AE793D853180}
2019-06-17 23:45 - 2017-07-03 13:46 - 000004476 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-06-17 23:40 - 2017-08-08 13:34 - 000842296 ____C (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-06-17 23:40 - 2017-08-08 13:34 - 000175160 ____C (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-06-17 23:40 - 2017-08-08 13:34 - 000000000 ___DC C:\Windows\SysWOW64\Macromed
2019-06-17 23:40 - 2017-08-08 13:34 - 000000000 ___DC C:\Windows\system32\Macromed
2019-06-17 18:00 - 2009-07-13 22:20 - 000000000 __HDC C:\Windows\system32\GroupPolicy
2019-06-17 18:00 - 2009-07-13 22:20 - 000000000 ___DC C:\Windows\SysWOW64\GroupPolicy
2019-06-13 13:33 - 2017-07-03 13:46 - 000002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-06-12 12:26 - 2009-07-13 23:45 - 000320184 ____C C:\Windows\system32\FNTCACHE.DAT
2019-06-12 12:22 - 2009-07-13 22:20 - 000000000 ___DC C:\Windows\SysWOW64\Dism
2019-06-12 12:22 - 2009-07-13 22:20 - 000000000 ___DC C:\Windows\system32\Dism
2019-06-12 12:20 - 2017-07-20 17:27 - 000001035 ____C C:\Users\Salvador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2019-06-12 11:48 - 2017-07-01 12:58 - 000000000 ___DC C:\Windows\system32\MRT
2019-06-12 11:37 - 2017-07-20 17:27 - 000000000 ___DC C:\ProgramData\LogMeIn
2019-06-07 11:50 - 2017-07-03 14:55 - 000000000 ___DC C:\Program Files (x86)\Teleprom MobileContact
2019-06-06 17:13 - 2017-07-02 09:49 - 000000000 ___DC C:\Program Files (x86)\WinRAR
2019-06-05 18:56 - 2018-09-04 19:13 - 000000000 ___DC C:\Users\Salvador\AppData\Roaming\Doodly
2019-06-01 00:23 - 2018-01-09 21:32 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-06-01 00:23 - 2017-07-04 22:56 - 000001306 ____C C:\Users\Public\Desktop\Skype.lnk
2019-06-01 00:18 - 2017-07-02 09:49 - 000000000 ___DC C:\Users\Salvador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-06-01 00:18 - 2017-07-02 09:49 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-06-01 00:17 - 2017-07-03 11:02 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
2019-06-01 00:16 - 2017-09-21 12:24 - 000000000 ___DC C:\Users\Salvador\AppData\Roaming\TeamViewer
2019-06-01 00:15 - 2018-10-08 11:31 - 000001031 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2019-06-01 00:15 - 2017-09-25 18:14 - 000000000 ___DC C:\Users\Salvador\AppData\Roaming\Notepad++
2019-06-01 00:15 - 2017-09-25 18:14 - 000000000 ___DC C:\Program Files (x86)\Notepad++

==================== Files in the root of some directories ================

2017-07-03 14:20 - 2017-07-03 14:20 - 000001131 ____C () C:\Program Files (x86)\mdac.log
2017-07-05 23:54 - 2019-06-21 21:00 - 000000033 ____C () C:\Users\Salvador\AppData\Roaming\AdobeWLCMCache.dat
2018-06-27 21:47 - 2018-06-27 21:47 - 000000028 ____C () C:\Users\Salvador\AppData\Roaming\kulerdata.json
2017-10-16 01:39 - 2019-06-18 11:04 - 000001456 ____C () C:\Users\Salvador\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2019-06-26 14:31 - 2019-06-26 14:31 - 000000036 ____C () C:\Users\Salvador\AppData\Local\housecall.guid.cache
2018-09-28 22:41 - 2018-09-28 22:41 - 000000000 ____C () C:\Users\Salvador\AppData\Local\oobelibMkey.log
2017-08-03 14:40 - 2019-02-04 12:07 - 000000600 ____C () C:\Users\Salvador\AppData\Local\PUTTY.RND
2018-02-13 19:19 - 2018-02-13 19:21 - 000007608 ____C () C:\Users\Salvador\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-06-24 07:09
==================== End of FRST.txt ============================

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6856318E-EE33-4480-8B0F-E3AD10728261}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0F0B7FB4-EB4E-4098-A897-B7A8A914138B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0F95F635-AC2B-4390-8A39-B2DAF466837E}] => (Allow) LPort=5900
FirewallRules: [{76B54F6B-A3B4-4691-A677-DD06C61A26A5}] => (Allow) LPort=5800
FirewallRules: [{C304FCE0-E372-44DF-B053-692BC5CCB0FA}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{61989867-84E7-4A43-B2F8-9AF438412507}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{AE25C7B8-FB4F-44C5-9CF0-B79210E982A4}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{40DA5EAF-D6CF-46B5-9B99-F0372C1649A7}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{987B3006-6283-484C-BE00-846D00C58186}] => (Allow) 㩃啜敳獲卜污慶潤屲灁䑰瑡屡潒浡湩屧獳屮獳⹮硥e No File
FirewallRules: [{3672AF09-6C99-4792-9AA9-2192829C064F}] => (Allow) 㩃啜敳獲卜污慶潤屲灁䑰瑡屡潒浡湩屧獳屮慳敶灵攮數 No File
FirewallRules: [TCP Query User{97A4F666-5A43-40B9-963E-C0EF1BA915A7}C:\users\salvador\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\salvador\appdata\local\logmein client\lmiignition.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [UDP Query User{E422BA40-721F-454E-B40D-541CA08E3BF1}C:\users\salvador\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\salvador\appdata\local\logmein client\lmiignition.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [TCP Query User{1F81E499-F712-4F5A-A5F8-7C564D583228}C:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe] => (Allow) C:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe () [File not signed]
FirewallRules: [UDP Query User{64332D56-6A43-4360-A08D-7E9D8CC6DEBB}C:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe] => (Allow) C:\program files (x86)\xtennetworksinc\eyebeam\eyebeam.exe () [File not signed]
FirewallRules: [TCP Query User{39EE26C2-D919-4886-88F1-8E02505B07D5}C:\users\salvador\downloads\anydesk.exe] => (Allow) C:\users\salvador\downloads\anydesk.exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{CC42D1C7-0614-44DE-9902-AD08F91E2427}C:\users\salvador\downloads\anydesk.exe] => (Allow) C:\users\salvador\downloads\anydesk.exe (philandro Software GmbH -> )
FirewallRules: [TCP Query User{90CC745A-AA64-49C5-B266-2BFFA3808070}C:\users\salvador\downloads\anydesk(1).exe] => (Allow) C:\users\salvador\downloads\anydesk(1).exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{21AD50E2-76E9-49D8-A264-A68C5A92F401}C:\users\salvador\downloads\anydesk(1).exe] => (Allow) C:\users\salvador\downloads\anydesk(1).exe (philandro Software GmbH -> )
FirewallRules: [{E19F9A79-AD3B-4DBD-A3D4-68234127A452}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro M252\bin\EWSProxy.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9D51E685-5068-4814-A1CA-D559E7328EC3}] => (Allow) C:\Program Files (x86)\HP\HP Color LaserJet Pro M252\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{1DBF0EF6-B68C-4E8A-A3DC-1DB12A312375}D:\respaldo hp i5\software\winscp\winscpportable\app\winscp\winscp.exe] => (Allow) D:\respaldo hp i5\software\winscp\winscpportable\app\winscp\winscp.exe (Martin Prikryl) [File not signed]
FirewallRules: [UDP Query User{FDEEC9E9-7AEA-4C21-A6B9-734172D3EFD2}D:\respaldo hp i5\software\winscp\winscpportable\app\winscp\winscp.exe] => (Allow) D:\respaldo hp i5\software\winscp\winscpportable\app\winscp\winscp.exe (Martin Prikryl) [File not signed]
FirewallRules: [TCP Query User{6033FA9D-003D-45F7-BF5E-F5B3EE23C663}C:\users\salvador\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe] => (Allow) C:\users\salvador\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F7C09410-CE7D-4C0F-99A1-277BC91DAC24}C:\users\salvador\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe] => (Allow) C:\users\salvador\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{FE2919AF-13B1-4426-8DA1-91F5782B6CCD}C:\users\salvador\downloads\anydesk(2).exe] => (Allow) C:\users\salvador\downloads\anydesk(2).exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{56EA3DB8-E9FF-43EF-869C-82F3B67C74B4}C:\users\salvador\downloads\anydesk(2).exe] => (Allow) C:\users\salvador\downloads\anydesk(2).exe (philandro Software GmbH -> )
FirewallRules: [{2F519AF0-4724-44AB-9909-08B803C03BAE}] => (Allow) C:\Program Files\KeyShot6\bin\keyshot6.exe (Luxion, Inc. -> Luxion) [File not signed]
FirewallRules: [{10543ECF-22D8-43D2-9C67-3392C3D2650E}] => (Allow) C:\Program Files\KeyShot6\bin\keyshot_daemon.exe (Luxion, Inc. -> )
FirewallRules: [TCP Query User{F4B43C10-788E-416C-A840-710153B30C81}C:\users\salvador\downloads\anydesk(3).exe] => (Allow) C:\users\salvador\downloads\anydesk(3).exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{D6A6ECF0-EC27-4F49-9438-626D30FF4BF1}C:\users\salvador\downloads\anydesk(3).exe] => (Allow) C:\users\salvador\downloads\anydesk(3).exe (philandro Software GmbH -> )
FirewallRules: [TCP Query User{E600514D-8306-4EAD-B643-894E61B96890}C:\users\salvador\downloads\anydesk(4).exe] => (Allow) C:\users\salvador\downloads\anydesk(4).exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{7621CFF8-9B48-4FBB-A35E-205119105E64}C:\users\salvador\downloads\anydesk(4).exe] => (Allow) C:\users\salvador\downloads\anydesk(4).exe (philandro Software GmbH -> )
FirewallRules: [TCP Query User{AC01391B-0933-4E96-B8D2-33E74AA8FCEE}C:\users\salvador\downloads\anydesk(5).exe] => (Allow) C:\users\salvador\downloads\anydesk(5).exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{403DABF1-CFB6-44EC-BD76-E79191CD9DD4}C:\users\salvador\downloads\anydesk(5).exe] => (Allow) C:\users\salvador\downloads\anydesk(5).exe (philandro Software GmbH -> )
FirewallRules: [TCP Query User{026610BD-0817-4E09-9094-E1E5BC470188}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{C58D0014-BD62-4618-AB7F-24FE41E22339}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{CCEE1CDE-472B-46C9-BDFB-01F81ACE556B}C:\users\salvador\downloads\anydesk(6).exe] => (Allow) C:\users\salvador\downloads\anydesk(6).exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{02FBCC06-8213-4A97-85F8-A55FCAE5AA78}C:\users\salvador\downloads\anydesk(6).exe] => (Allow) C:\users\salvador\downloads\anydesk(6).exe (philandro Software GmbH -> )
FirewallRules: [TCP Query User{D208EC58-16DE-41BD-9885-D5C7BF2A82C9}C:\users\salvador\downloads\anydesk(7).exe] => (Allow) C:\users\salvador\downloads\anydesk(7).exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{F02382C2-B01B-45F6-9661-E30D1E76DBA9}C:\users\salvador\downloads\anydesk(7).exe] => (Allow) C:\users\salvador\downloads\anydesk(7).exe (philandro Software GmbH -> )
FirewallRules: [{14EE9242-9471-4749-B8BE-34287BFC115A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{2FD81E2E-9DAF-47B6-ACCB-7E36E41FC90D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{DB15DD4D-4012-4E67-BF48-76E0F86AE310}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0D5FB5C5-BA57-4AC3-91CD-52B4C8B04C47}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EDF97BFA-EA2B-4A33-82C9-EA0DCB6BCC29}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B3A10FA4-2052-4E95-B461-8A8FDBE26037}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{ABF8CC5D-6621-40EB-A1B3-35C2188615FD}C:\users\salvador\downloads\anydesk(8).exe] => (Allow) C:\users\salvador\downloads\anydesk(8).exe (philandro Software GmbH -> )
FirewallRules: [UDP Query User{19E8EA8D-6D45-43DB-8154-A5A902AF8DAB}C:\users\salvador\downloads\anydesk(8).exe] => (Allow) C:\users\salvador\downloads\anydesk(8).exe (philandro Software GmbH -> )
FirewallRules: [{BA60C78E-850C-4266-9D02-1264B9117C84}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B2C20998-AD7B-4A83-8FB0-B67349C81E1D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A335581A-99D4-4B63-9919-252E0422022B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3FEDE0CD-2779-4B7A-B08A-862908CB218D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B7D2B516-6E5B-454C-A003-D4D623889DDD}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{F5692700-B71C-44BC-97FC-5A68889DCDCA}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{8FE5B577-3924-431E-A308-D8864BBE198F}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\vncviewer.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{62A860C9-7C8D-40E9-9FC9-0E8DBA26D1E3}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\vncviewer.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{93848F7B-A90B-49CA-98FF-2B13337C0E5D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0DB9776F-E21F-4331-A918-00B47FEEA43F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{462B9AA7-779F-419E-9CC9-8BA38625DE14}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{78E38572-48DB-4DC9-92B6-E81376D8A58A}] => (Allow) C:\Program Files\Opera\60.0.3255.170\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{DB13E17E-4A93-4B4D-AF9B-18BB635FB65C}C:\program files (x86)\digicamcontrol\cameracontrol.exe] => (Allow) C:\program files (x86)\digicamcontrol\cameracontrol.exe No File
FirewallRules: [UDP Query User{5C99CD58-9F87-42B3-9CD6-6636B3C86B58}C:\program files (x86)\digicamcontrol\cameracontrol.exe] => (Allow) C:\program files (x86)\digicamcontrol\cameracontrol.exe No File
FirewallRules: [{80CA48F5-6BBA-4D91-A7DC-6945D5078571}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0DA979B1-E6C2-419C-A2D5-913B9D2A31BC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6173F843-80B7-4DDD-A8E6-B22B7188CCF4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

27-06-2019 15:40:35 Punto de control programado
27-06-2019 21:23:35 Removed Java 8 Update 211 (64-bit)
27-06-2019 21:27:43 Removed digiCamControl

==================== Faulty Device Manager Devices =============

Name: Tarjeta gráfica VGA estándar
Description: Tarjeta gráfica VGA estándar
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Tipos de pantalla estándar)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/27/2019 09:17:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (06/27/2019 08:53:54 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2160) WebCacheLocal: Al intentar abrir el archivo "C:\Users\Salvador\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (06/27/2019 08:53:44 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2160) WebCacheLocal: Al intentar abrir el archivo "C:\Users\Salvador\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (06/27/2019 08:53:13 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2160) WebCacheLocal: Al intentar abrir el archivo "C:\Users\Salvador\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (06/27/2019 08:53:03 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2160) WebCacheLocal: Al intentar abrir el archivo "C:\Users\Salvador\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (06/27/2019 08:52:12 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (2160) WebCacheLocal: Al intentar abrir el archivo "C:\Users\Salvador\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de lectura y escritura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (06/27/2019 08:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.

Error: (06/27/2019 08:31:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.


System errors:
=============
Error: (06/27/2019 09:20:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio HWDeviceService64.exe se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (06/27/2019 09:17:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio SSPORT no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (06/27/2019 09:17:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio DgiVecp no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (06/27/2019 09:17:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Se bloqueó la carga de \??\C:\Windows\SysWow64\Drivers\DgiVecp.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.

Error: (06/27/2019 09:15:38 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: El servicio Malwarebytes Service no se cerró correctamente después de recibir un control de aviso de apagado.

Error: (06/27/2019 09:14:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio Hacer clic y ejecutar de Microsoft Office terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (06/27/2019 09:14:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (06/27/2019 09:14:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio HP LaserJet Service se terminó de manera inesperada. Esto ha sucedido 1 veces.


Windows Defender:
===================================
Date: 2019-06-17 18:02:36.499
Description: 
Windows Defender detectó spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/ICLoader.E&threatid=249597
Nombre:SoftwareBundler:Win32/ICLoader.E
Id.:249597
Gravedad:Alta
Categoría:Software que instala varios programas
Ruta de acceso encontrada:process:pid:5404;process:pid:6452
Tipo de detección:Concreto
Origen de detección:Protección en tiempo real
Estado:Desconocido
Usuario:\
Nombre de proceso:

Date: 2019-06-17 18:02:36.149
Description: 
Windows Defender detectó spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/ICLoader.E&threatid=249597
Nombre:SoftwareBundler:Win32/ICLoader.E
Id.:249597
Gravedad:Alta
Categoría:Software que instala varios programas
Ruta de acceso encontrada:process:pid:6452
Tipo de detección:Concreto
Origen de detección:Protección en tiempo real
Estado:Desconocido
Usuario:\
Nombre de proceso:

CodeIntegrity:
===================================

Date: 2018-04-03 23:21:15.374
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-03 23:21:15.280
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-03 23:17:40.450
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-03 23:17:40.360
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-03 23:17:26.901
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-03 23:17:26.831
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-03 22:43:15.514
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2018-04-03 22:43:15.436
Description: 
Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

==================== Memory info =========================== 

BIOS: Hewlett-Packard F.23 10/21/2010
Motherboard: Hewlett-Packard 162F
Processor: Intel(R) Core(TM) i7 CPU M 640 @ 2.80GHz
Percentage of memory in use: 72%
Total physical RAM: 5941.86 MB
Available physical RAM: 1625.73 MB
Total Virtual: 11881.86 MB
Available Virtual: 6680.26 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:90.16 GB) (Free:11.92 GB) NTFS
Drive d: (Datos SFT) (Fixed) (Total:608.38 GB) (Free:204.64 GB) NTFS

\\?\Volume{4720c176-5e7f-11e7-a1f3-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 9F521A86)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=90.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=608.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Hola de nuevo @Salvador_Trejo

Revisaremos los reportes para ver qué cosas hay en el PC

Mientras revisamos los mismos, por favor, no ejecutes otras herramientas antivirus y similares (salvo las que te indiquemos)

Saludos

Hola de nuevo @Salvador_Trejo

Primero,gracias por la espera

Antes de empezar y con el objetivo de que FRST pueda ejecutarse de forma correcta, debes mover el ejecutable de dicha herramienta al escritorio. Para eso, dirígite a la carpeta de Descargas y luego cortas y pegas el ejecutable FRST64.EXE al Escritorio

Hecho lo anterior, por favor, sigue los siguientes pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe ( en tu escritorio ).
  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:
  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe .

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad .
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: F - F:\AUTORUN.EXE
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: {0ade89a5-de8e-11e7-b038-cc52af874140} - F:\AUTORUN.EXE
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: {16e70336-9eef-11e7-a5ee-cc52af874140} - F:\AUTORUN.EXE
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: {2c14fbfe-d132-11e7-8a8f-cc52af874140} - F:\AUTORUN.EXE
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: {7b9520fd-09f9-11e9-ac9a-cc52af874140} - F:\AUTORUN.EXE
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: {a28c5262-6007-11e7-8a44-cc52af874140} - F:\AUTORUN.EXE
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: {bb2973d5-9f08-11e7-8791-cc52af874140} - F:\AUTORUN.EXE
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: {cffc56d2-dab2-11e7-aebf-cc52af874140} - F:\AUTORUN.EXE
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\...\MountPoints2: {d6767076-6025-11e7-85f0-cc52af874140} - F\AUTORUN.EXE
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-869245772-2272638929-4024518757-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Homepage: Mozilla\Firefox\Profiles\40xjn0hr.default-release-1561006895064 -> hxxp://192.168.1.23:81/index.php
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 AtiHdmiService; system32\drivers\AtiHdmi.sys [X]
S2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [X]
FirewallRules: [{987B3006-6283-484C-BE00-846D00C58186}] => (Allow) 㩃啜敳獲卜污慶潤屲灁䑰瑡屡潒浡湩屧獳屮獳⹮硥e No File
FirewallRules: [{3672AF09-6C99-4792-9AA9-2192829C064F}] => (Allow) 㩃啜敳獲卜污慶潤屲灁䑰瑡屡潒浡湩屧獳屮慳敶灵攮數 No File
IFEO\OSppSvc.exe: [Debugger] [email protected]
IFEO\SppSvc.exe: [Debugger] [email protected]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [    FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [105]
MSCONFIG\Services: adawareantivirusservice => 2
Task: {0D679572-84A0-4341-9826-1CB9673C87CE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {1FB23A88-A9F9-42DC-A917-575E49F594C3} - System32\Tasks\{21094B43-5012-45AB-93C9-9674E53F2ECD} => C:\Windows\system32\pcalua.exe -a "F:\Huawei Drivers\devsetup32.exe" -d "F:\Huawei Drivers"
Task: {E7EEF875-07AF-4176-9DE2-C7B198DED897} - System32\Tasks\{D11BD4AF-663B-4DF4-ABD0-AE793D853180} => C:\Windows\system32\pcalua.exe -a "F:\Huawei Drivers\DriverSetup.exe" -d "F:\Huawei Drivers"
Task: {FD499E50-A7C5-4791-8EF3-E5CD1D18D056} - System32\Tasks\{27DC59D1-2C3A-4376-B20C-56FB21FE593D} => C:\Windows\system32\pcalua.exe -a "F:\Huawei Drivers\DriverUninstall.exe" -d "F:\Huawei Drivers"
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=es-mx
HKU\S-1-5-21-869245772-2272638929-4024518757-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-mx/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-869245772-2272638929-4024518757-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-869245772-2272638929-4024518757-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
CHR StartupUrls: Default -> "hxxps://postcron.com/en/?utm_source=adwords&utm_medium=%7Bnetwork%7D&utm_term=%7Bnetwork%7D-%7Bkeyword%7D-%7Bmatchtype%7D-%7Bplacement%7D&utm_content=%7Bcreative%7D&utm_campaign=target&gclid=Cj0KEQjw7-K7BRCkkIH3t_WwoskBEiQAD8oY3jnJh8dyP9RI0uvHH401hhlD-PmnKgOBKkXGydiO3ygaAqdT8P8HAQ","hxxps://iag.me/socialmedia/broadcast-computer-facebook-live/","hxxps://sparkosoft.com/sparkocam"
2019-06-25 17:12 - 2019-06-25 17:13 - 007241296 ____C (Stanislav Polshyn & Trend Micro Inc.) C:\Users\Salvador\Downloads\HiJackThis.exe
2019-06-25 13:45 - 2019-06-26 21:20 - 000000000 ___DC C:\ProgramData\Norton
2019-06-26 14:32 - 2019-06-27 21:06 - 000000000 ___DC C:\ProgramData\Trend Micro
2019-06-26 17:41 - 2019-06-26 17:41 - 001301968 ____C (GridinSoft LLC) C:\Users\Salvador\Downloads\setup-antimalware-993.exe
2019-06-25 13:45 - 2019-06-25 13:45 - 000000000 ___DC C:\Users\Salvador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2019-06-25 13:45 - 2019-06-25 13:45 - 000000000 ___DC C:\Users\Public\Downloads\Norton
2019-06-25 13:28 - 2019-06-25 13:28 - 000000000 ___DC C:\ProgramData\Kaspersky Lab Setup Files
2019-06-25 01:09 - 2019-06-25 01:09 - 000000000 ___DC C:\Program Files (x86)\PC Tools
2019-06-25 01:05 - 2012-11-01 15:35 - 000253256 ____C (PC Tools) C:\Windows\system32\Drivers\PCTSD64.sys
2019-06-25 01:04 - 2019-06-25 01:31 - 000000000 ___DC C:\ProgramData\PC Tools
2019-06-25 01:04 - 2019-06-25 01:27 - 004130384 ____C (PC Tools) C:\Users\Salvador\Downloads\sdsetup.exe
2019-06-24 23:58 - 2019-06-24 23:58 - 000218101 ____C C:\Users\Salvador\Downloads\kidokiller.zip
2019-06-24 23:58 - 2019-06-24 23:58 - 000000000 ___DC C:\Users\Salvador\Downloads\kidokiller
2019-06-23 20:05 - 2019-06-23 20:06 - 002709464 ____C C:\Users\Salvador\Downloads\Adaware_Installer.exe
2019-06-18 00:09 - 2019-06-18 00:09 - 000000000 ___DC C:\Users\Administrador\AppData\Roaming\AVAST Software
2019-06-17 19:14 - 2019-06-17 23:45 - 000000000 ___DC C:\Windows\System32\Tasks\Avast Software
2019-06-17 19:13 - 2019-06-17 19:13 - 000000000 ___DC C:\Program Files\Common Files\AVAST Software
2019-06-17 19:10 - 2019-06-26 13:58 - 000000000 ___DC C:\ProgramData\AVAST Software

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

ATENCION!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños graves en su equipo

Y ahora usa el primer método de esta Faq de Windows ¿Cómo iniciar Windows XP/Vista/7 en Modo Seguro? , para trabajar desde ese modo de windows. Una vez iniciado Windows en Modo Seguro, realiza lo siguiente:

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT) .

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

:warning: :arrow_forward: Muy Importante :arrow_forward: envuelve cada uno de los informes con una etiqueta escrita CODE_Inicial al inicio del informe y otra como este CODE_Final al final del mismo, aquí tienes un ejemplo de como hacerlo :

Saludos.

Hola salvador, creo que me pasa lo mismo, como solucionaste lo de los DNS ? gracias

Hola. Pues la tarea que más trabajo y tiempo cuesta es la de investigación… Después de horas y horas de investigar (subiendo archivos sospechosos a virustotal, etc.) fue ahí donde encontré justamente la sugerencia de que el archivo infectado que subí, tenía un comportamiento con algunos otros ejecutables de que había sido secuestrado el DNS… al hacer la búsqueda en google sobre el tema, ahí explicaban que lo que hacía ese malware era justamente el inyectarte código malicioso no importando que “eliminaras” el troyano. Esto se debía principalmente a que te “secuestraban” el DNS y de esa forma quedabas en modalidad de reinfección de forma permanente.

Yo tengo Windows 7 Professional y desconozco los accesos para otras versiones de windows, pero en mi caso, lo único que debes hacer es ir a la sección de Centro de redes compartido, cclick sobre la red (o redes) que tienes… (en mi caso son 2, tanto el wifi, como la red lan de cable normal). En ambas, debes hacer click sobre propiedades, protocolo de internet versión 4, click nuevamente en propiedades y abres dicha ventana. Ahí en la parte de abajo, verás la sección del DNS… en mi caso, cuando estaba limpia desde luego aparecía vacía ya que estaba en modalidad de “obtener la dirección del DNS automáticamente”, pero con la infección aparecían unas direcciones que jamás ingresé… obviamente hay que borrar eso y dejarlo con la configuración que necesites, supongo dns automático. Pero lo más importante es que revises en esa misma ventana, click sobre propiedades avanzadas, en la pestaña que se abre la que dice DNS. Ahí te pueden aparecer más… obviamente también las borras. Click en aceptar y una vez que has hecho eso, mágicamente estas “libre” (siempre y cuando pases nuevamente los antivirus, antispyware, etc.) y verás que ya puedes conectarte bien a internet para acceder a sitios de antivirus y facebook que eran donde yo no podía acceder. Espero te sirva.

Hola de nuevo @Salvador_Trejo

Una duda ¿Pudiste realizar la ejecución del script de FRST para poder limpiar el equipo?

Recuerda colocar el reporte generado por FRST una ejecutado el script

Nos comentas

Saludos

Hola @rancheli.

Tienes un tema abierto pidiendo ayuda y esperando tus informes por aqui :arrow_right: Troyano ruso hasta la manija. :roll_eyes:

Por favor, déjanos respuesta en ese tema de los problemas que tengas, gracias. :+1:

Y añado comentario, en general, para que NO haya malas interpretaciones o soluciones a medias usadas por los usuarios por su cuenta :

Este tipo de infecciones de las DNS son YA antiguas y conocidas desde hace años e incluso actuaron utilizando técnicas de Rootkit.

Para poder desinfectar correctamente este tipo de infecciones por envenenamiento de los DNS, NO sólo o únicamente hay que eliminar manualmente los DNS desde la ficha de propiedades de la conexión a Internet

Cambiar-DNSs-Windows

También hay que realizar procesos de desinfección con las herramientas apropiadas y usar herramientas avanzadas para eliminar correctamente el secuestro de los DNS. :angry:

Por eso es necesario que sigáis los pasos que os vayamos indicando y en ocasiones incluso es necesario hacer REINICIO del ROUTER o MODEM_ADSL de nuestra instalación.

Si queréis estar seguros con vuestros equipos NO se pueden dejar los mismos a medias de desinfectar. :face_with_monocle:

Saludos.

Hola, todo solucionado

ya lo he solucionado, muchas gracias