Otro caso de notepad.exe consumiendo RAM

  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2019
Ran by Usuario (23-12-2019 19:15:39)
Running from C:\Users\Usuario\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-01-03 08:07:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-87901888-2101908675-276542230-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-87901888-2101908675-276542230-1002 - Limited - Enabled)
Invitado (S-1-5-21-87901888-2101908675-276542230-501 - Limited - Disabled)
Usuario (S-1-5-21-87901888-2101908675-276542230-1000 - Administrator - Enabled) => C:\Users\Usuario

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Disabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-87901888-2101908675-276542230-1000\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.303 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (HKLM-x32\...\{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (HKLM-x32\...\{A7AEE29F-839E-46B5-B347-6D430618129F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.8.3108 - AVG Technologies)
AVS Video Converter 9.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.1.4.574 - Online Media Technologies Ltd.)
Backup and Sync from Google (HKLM\...\{93EBD8BA-7A14-4636-8F1F-E929ADF2C3A9}) (Version: 3.47.7654.0300 - Google, Inc.)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C3100 (HKLM-x32\...\{354038F6-0A35-4C55-A80B-F86C4C1A6D38}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c3100_Help (HKLM-x32\...\{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}) (Version: 82.0.256.000 - Hewlett-Packard) Hidden
calibre 64bit (HKLM\...\{833153C0-7E32-4708-A0D8-24099CEF8F3E}) (Version: 3.10.0 - Kovid Goyal)
Call of Duty 2 versión 1.3.0.0 (HKLM-x32\...\Call of Duty 2_is1) (Version: 1.3.0.0 - Mr DJ)
Call of Duty Modern Warfare 2 (HKLM-x32\...\Call of Duty Modern Warfare 2_is1) (Version:  - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
CCleaner (HKLM\...\CCleaner) (Version: 5.62 - Piriform)
Comical 0.8 (HKLM-x32\...\Comical_is1) (Version:  - James Athey)
Commandos 2 and 3 (HKLM-x32\...\Commandos 2 and 3_is1) (Version:  - GOG.com)
Compresor WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DDS Converter (HKLM-x32\...\{5F5E193F-D7E8-4BC5-9B23-DE46BE1014DF}_is1) (Version:  - ddsconverter.com)
Defcon v1.43 (HKLM-x32\...\Defcon_is1) (Version:  - Introversion Software Ltd)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Estudio para la mejora del producto HP DeskJet 3630 series (HKLM\...\{5739BABA-CEA7-4977-81AB-9C42B9897F8A}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
HP DeskJet 3630 series Ayuda (HKLM-x32\...\{B53FAA7E-9898-42BE-8C80-A9CA84298CAB}) (Version: 35.0.0 - Hewlett Packard)
HP DeskJet 3630 series Software básico del dispositivo (HKLM\...\{BC268722-D47E-4BB9-A8F7-E205978D45E8}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Metal Slug Series with Enabled MAME 0.78 (HKLM-x32\...\Metal Slug Series Enabled MAME 0.78_is1) (Version:  - )
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Mozilla Firefox 71.0 (x64 en-US) (HKLM\...\Mozilla Firefox 71.0 (x64 en-US)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Paquete de controladores de Logitech Webcam Software (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.3.2 - pdfforge GmbH)
Python 3.6.4 (32-bit) (HKU\S-1-5-21-87901888-2101908675-276542230-1000\...\{9218130b-5ad0-4cf7-82be-6993cfd6cb84}) (Version: 3.6.4150.0 - Python Software Foundation)
Python 3.6.4 Core Interpreter (32-bit) (HKLM-x32\...\{D188614B-E656-4EF1-9F5A-23559EBE8F5A}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Development Libraries (32-bit) (HKLM-x32\...\{C3797E33-967D-4687-8F1A-9DE771A00125}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Documentation (32-bit) (HKLM-x32\...\{E09874D3-E898-4AB6-B043-EE24DF786088}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Executables (32-bit) (HKLM-x32\...\{47A75DB9-F3F5-4697-9261-DBA5162DBB9E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 pip Bootstrap (32-bit) (HKLM-x32\...\{54142B43-2FA5-4BBA-BF03-27C10EB50C1E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Standard Library (32-bit) (HKLM-x32\...\{2832768E-9BCA-4421-950C-7186B3BDFC45}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Tcl/Tk Support (32-bit) (HKLM-x32\...\{20888FA1-8127-42E3-969F-9BF93245AC83}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Test Suite (32-bit) (HKLM-x32\...\{D14FB2FA-51B2-415C-93BF-5053102235EE}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Utility Scripts (32-bit) (HKLM-x32\...\{D0730E44-E519-4F39-B926-E2FC0449D67C}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{B42FF40A-60D4-4096-AC47-C86153D72797}) (Version: 3.6.6196.0 - Python Software Foundation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.147 - Realtek Semiconductor Corp.)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
R-UCA-3.2.2 (HKLM-x32\...\{4601962C-9983-413F-ABFC-196133DC5088}_is1) (Version:  - Grupo de Investigación TeLoYDisRen)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
Skype versión 8.33 (HKLM-x32\...\Skype_is1) (Version: 8.33 - Skype Technologies S.A.)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
uTorrent Web (HKU\S-1-5-21-87901888-2101908675-276542230-1000\...\utweb) (Version: 1.0.1 - BitTorrent, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Xcom - UFO win7 version 1.5 (HKLM-x32\...\{85A53C29-759C-4243-A864-72AA2103ED5D}_is1) (Version: 1.5 - MicroProse)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-24] (Google LLC -> Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-12-23] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-24] (Google LLC -> Google)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-12-23] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.yvu9] => C:\Windows\SysWOW64\iyvu9_32.dll [56832 1997-06-14] () [File not signed]
HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32.dll [746496 2009-07-14] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [vidc.iv41] => C:\Windows\SysWOW64\ir41_32.ax [839680 2009-07-14] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [vidc.iv31] => C:\Windows\SysWOW64\ir32_32.dll [197632 2009-07-14] (Microsoft Windows -> Intel(R) Corporation)
HKLM\...\Drivers32: [vidc.iv32] => C:\Windows\SysWOW64\ir32_32.dll [197632 2009-07-14] (Microsoft Windows -> Intel(R) Corporation)
HKLM\...\Drivers32: [msacm.iac2] => C:\Windows\SysWOW64\iac25_32.ax [197632 2009-07-14] (Microsoft Windows -> Intel Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) =============

2014-01-08 16:30 - 2005-06-07 12:26 - 000043008 _____ () [File not signed] C:\Program Files (x86)\WinRAR\rarext64.dll
2019-12-12 14:40 - 2019-12-12 14:40 - 000031232 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\A4.Foundation\3eceb8d5567ed3cc273808e2b847d0c4\A4.Foundation.ni.dll
2019-12-12 14:42 - 2019-12-12 14:42 - 000022528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Actions5dc83b46#\d11e52b16f21cacb7447df4a4a7219e6\AEM.Actions.CCAA.Shared.ni.dll
2019-12-12 14:42 - 2019-12-12 14:42 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.0a1309f7#\9fb262d173f1c4846692327656bbf41e\AEM.Plugin.EEU.Shared.ni.dll
2019-12-12 14:42 - 2019-12-12 14:42 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.2b6a6775#\acc0a85f86a9374d401fdb1c8f533587\AEM.Plugin.Hotkeys.Shared.ni.dll
2019-12-12 14:43 - 2019-12-12 14:43 - 000281600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.5d945b6b#\fe7065a5f596fa37c6c5e8d5c1fab3e3\AEM.Plugin.Source.Kit.Server.ni.dll
2019-12-12 14:43 - 2019-12-12 14:43 - 000014848 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.674d2b8a#\a809bac27dfc8c5d983d595651090434\AEM.Plugin.WinMessages.Shared.ni.dll
2019-12-12 14:42 - 2019-12-12 14:42 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.88aba5d2#\ce40904cf2d770cffb7588130a39938c\AEM.Plugin.REG.Shared.ni.dll
2019-12-12 14:42 - 2019-12-12 14:42 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.GD.Shared\86aacecadfe22f8c66618d4af04700b7\AEM.Plugin.GD.Shared.ni.dll
2019-12-12 14:42 - 2019-12-12 14:42 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server.Shared\acb7ceb49c0a1b42f15428fae6f80623\AEM.Server.Shared.ni.dll
2019-12-12 14:43 - 2019-12-12 14:43 - 000267776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server\f549d1e1fd24737f9d30feaab94fb3e3\AEM.Server.ni.dll
2019-12-12 14:43 - 2019-12-12 14:43 - 000055808 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Foundation\df0c8ef543138066c60405641e7b5a26\APM.Foundation.ni.dll
2019-12-12 14:58 - 2019-12-12 14:58 - 000122880 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ATICCCom\38a6e75a78f924ee89e4e310c375e8e4\ATICCCom.ni.dll
2019-12-12 14:43 - 2019-12-12 14:43 - 000204288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CCC.Implementation\15362794a52688512c7b2588d4cd9667\CCC.Implementation.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000128000 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3399d0ec#\2f61d2029ce8fd2a4488800c88814d90\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000026112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.37d3d968#\6e0eaa12c4cefde85fa7f087b0258048\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll
2019-12-12 14:58 - 2019-12-12 14:58 - 000045568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.382a3def#\8c1f584c12d23995f410be86c8f59247\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll
2019-12-12 14:53 - 2019-12-12 14:53 - 000107008 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3a6f1658#\c250d6f347108f18c3d293183b816386\CLI.Aspect.TransCode.Graphics.Shared.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000209920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4542c692#\e10e317cab2bc6c90469c8a526506259\CLI.Aspect.DeviceCRT.Graphics.Shared.ni.dll
2019-12-12 14:53 - 2019-12-12 14:53 - 000074752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4bbb0755#\a33ef4a19d1a57d3d32e9a09c8eb8b49\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll
2019-12-12 14:50 - 2019-12-12 14:50 - 000037888 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.52c6dbaa#\7520fc2f1e124b08d4114c4829efc4cf\CLI.Aspect.FPS.Graphics.Shared.ni.dll
2019-12-12 14:59 - 2019-12-12 14:59 - 000263168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.73911eb5#\f4b7fe50474d4f2ff1d9eb181316ce38\CLI.Aspect.WirelessDisplay.Graphics.Shared.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000365056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.7ec2db45#\c775960df9c99999e0a33d79c419d239\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll
2019-12-12 14:53 - 2019-12-12 14:53 - 000064000 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8350f5c6#\16b4add2da8a58c65dd75f4b61f77457\CLI.Aspect.UpdateNotification.Graphics.Runtime.ni.dll
2019-12-12 14:51 - 2019-12-12 14:51 - 000674816 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.846fa813#\f107212d16f47988a7ee057ba1389f2c\CLI.Aspect.MMVideo.Graphics.Dashboard.ni.dll
2019-12-12 14:52 - 2019-12-12 14:52 - 000323072 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.87ad5c75#\a49760fac23c0cc7675938cec459ca42\CLI.Aspect.OverDrive5.Graphics.Dashboard.ni.dll
2019-12-12 14:53 - 2019-12-12 14:53 - 000745472 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8d333b6b#\b3d81ac296954b04343bba311e65864a\CLI.Aspect.Radeon3D.Graphics.Shared.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000452608 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8e996306#\1243cb8bd8d0718488ecc6bfcd3ec539\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll
2019-12-12 14:50 - 2019-12-12 14:50 - 000089088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9cd1e9e7#\f9644abf5c16d6cdd0baad6dd70dc2e3\CLI.Aspect.FPS.Graphics.Dashboard.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000148992 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a0ae52bc#\e180c89e8c47bee572f325f45bafff3d\CLI.Aspect.DeviceLCD.Graphics.Shared.ni.dll
2019-12-12 14:50 - 2019-12-12 14:50 - 000057856 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a6cd7fff#\0127118e1694914e25c2590abdbcb7c7\CLI.Aspect.FPS.Graphics.Runtime.ni.dll
2019-12-12 14:53 - 2019-12-12 14:53 - 000082432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a765109e#\0f0dde853d4cb07a76b61b8ff8ef6dec\CLI.Aspect.UpdateNotification.Graphics.Dashboard.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000462336 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.acb9d930#\c746ff272bddff8fd28c1e065c7ee4f6\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000086528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ae5e117c#\93f3203cb046e76be181937fc73e4c00\CLI.Aspect.DisplaysColour2.Graphics.Shared.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000067072 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.b0a7c1fb#\e05f6855c4536fd0bba376935b6fecb0\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll
2019-12-12 14:52 - 2019-12-12 14:52 - 000340992 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c7aaa0f8#\e4ed07fd5fc228cfc0653fbc285665b9\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000017920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c854b457#\2c74d775e7dcb932e75fa873cb97065b\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll
2019-12-12 14:51 - 2019-12-12 14:51 - 000274944 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e8635fc7#\889207a2432027341139ea209d95c2dd\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll
2019-12-12 14:53 - 2019-12-12 14:53 - 003311616 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e9fd7406#\a5299f0f0060dc354c27dfc02137320a\CLI.Aspect.Radeon3D.Graphics.Dashboard.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000240640 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.eda8935e#\153c337f346c2a47e9be89fb4737986f\CLI.Aspect.MMVideo.Graphics.Shared.ni.dll
2019-12-12 14:53 - 2019-12-12 14:53 - 000047616 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ef3eaa4d#\ed3170866ba1dcbbfa0f6aecfb671720\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll
2019-12-12 14:53 - 2019-12-12 14:53 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f480a2f3#\7fa9f23c0eee9a7a47186c4a5df494d2\CLI.Aspect.UpdateNotification.Graphics.Shared.ni.dll
2019-12-12 14:54 - 2019-12-12 14:54 - 000051200 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Runtime\a5742091f47905aa1fd2b616d9672f72\CLI.Caste.A4.Runtime.ni.dll
2019-12-12 14:48 - 2019-12-12 14:48 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Shared\4834ffeac6f36057594a8abf70fccfd5\CLI.Caste.A4.Shared.ni.dll
2019-12-12 14:54 - 2019-12-12 14:54 - 000027136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Af820fedc#\a2b150b181d6d0a33801af9067719169\CLI.Caste.A4.Dashboard.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F24de14fe#\9ab0b85d176619764a3abaff42b8cfeb\CLI.Caste.Fuel.Shared.ni.dll
2019-12-12 14:55 - 2019-12-12 14:55 - 000311296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F36b07a2b#\bb92c54dbb129d10b1148646d7df8329\CLI.Caste.Fuel.Runtime.ni.dll
2019-12-12 14:55 - 2019-12-12 14:55 - 000027136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Ff3085433#\cf27a3ebf7be6b0a412a9b016b288a95\CLI.Caste.Fuel.Dashboard.ni.dll
2019-12-12 14:50 - 2019-12-12 14:50 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60338cc0#\d4afc9a9a202f57d500e71f1067c0d9c\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 001556480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gd9d9b43b#\030492304e1ddcd04e23efe11be4c7f5\CLI.Caste.Graphics.Dashboard.Shared.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000587776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gee7d2dbc#\1540c8fb043103b1fa220b19f54bc98a\CLI.Caste.Graphics.Dashboard.ni.dll
2019-12-12 14:56 - 2019-12-12 14:56 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H18c99613#\25a722e80dcb640d34e03b5cdd1e60d1\CLI.Caste.HydraVision.Runtime.ni.dll
2019-12-12 14:56 - 2019-12-12 14:56 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H92ba4e46#\6eae36a1b1fded078b27114f5b0ad5cd\CLI.Caste.HydraVision.Shared.ni.dll
2019-12-12 14:56 - 2019-12-12 14:56 - 000025600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Hbb906c0b#\95bf780bc67c4dc6a9240e4912c49090\CLI.Caste.HydraVision.Dashboard.ni.dll
2019-12-12 14:56 - 2019-12-12 14:56 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pac40511b#\968c3d5a94ff9d0df611b5bab46a366d\CLI.Caste.Platform.Shared.ni.dll
2019-12-12 14:56 - 2019-12-12 14:56 - 000044032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\75d240a0e14ab50426c079416da87f86\CLI.Caste.Platform.Runtime.ni.dll
2019-12-12 14:56 - 2019-12-12 14:56 - 000024064 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pfeefa2b6#\43bed84b4aeb97849d83662aa8d013a7\CLI.Caste.Platform.Dashboard.ni.dll
2019-12-12 14:43 - 2019-12-12 14:43 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone1b4a8c97#\b6f62a9be92192f4091244a364a72e65\CLI.Component.Runtime.Shared.ni.dll
2019-12-12 15:00 - 2019-12-12 15:00 - 000898560 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone26c9c557#\f1050b0a7dd0cf0f65d212400f1961f2\CLI.Component.Systemtray.ni.dll
2019-12-12 14:58 - 2019-12-12 14:58 - 000173568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone29e547cc#\db408b2ff9ea0fa661ae685f9075311e\CLI.Component.Dashboard.ProfileManager2.ni.dll
2019-12-12 14:48 - 2019-12-12 14:48 - 000151040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone59f353b4#\0ddef6651a5b7f34f9c35eceb53f05af\CLI.Component.Runtime.Shared.Private.ni.dll
2019-12-12 14:58 - 2019-12-12 14:58 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componeb4d0485c#\9909333c0972ad77f90c2167c34ab811\CLI.Component.Runtime.Extension.EEU.ni.dll
2019-12-12 14:43 - 2019-12-12 14:43 - 001609728 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componec89c3bec#\06a7b8b209f37e4b6cbf6c627f5b0418\CLI.Component.Dashboard.Shared.Private.ni.dll
2019-12-12 14:45 - 2019-12-12 14:45 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef1fd67b2#\fc6bc41b07d6573dda7cb34d039ef888\CLI.Component.Client.Shared.ni.dll
2019-12-12 14:45 - 2019-12-12 14:45 - 000084992 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\4802428be0ef5cde4520054227e4c8a1\CLI.Component.Dashboard.Shared.ni.dll
2019-12-12 14:43 - 2019-12-12 14:43 - 000089600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat3d5d3945#\c08b66e3fbede548fe4bc61aca106410\CLI.Foundation.Private.ni.dll
2019-12-12 15:00 - 2019-12-12 15:00 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat60cdf5df#\23ee0eea42b3d1065df4f7b003457221\CLI.Foundation.XManifest.ni.dll
2019-12-12 14:43 - 2019-12-12 14:43 - 000091136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat619559bd#\86ddf83d722ae2d6a4cd9b6a9ecbcb14\CLI.Foundation.CoreAudioAPI.ni.dll
2019-12-12 14:47 - 2019-12-12 14:47 - 001077248 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundatd3771151#\eed4426f764c5b77b64d1a3f93285737\CLI.Foundation.Client.ni.dll
2019-12-12 14:43 - 2019-12-12 14:43 - 000302080 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundation\27eb0d851b695177e03bfd0243646414\CLI.Foundation.ni.dll
2019-12-12 14:42 - 2019-12-12 14:42 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics\04a842120f3e7a0639ee7b8124d015e2\DEM.Graphics.ni.dll
2019-12-12 14:55 - 2019-12-12 14:55 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Fuel.Foundation\72bcd689f1a2337f6fb4eaf64d59ee67\Fuel.Foundation.ni.dll
2019-12-12 15:01 - 2019-12-12 15:01 - 000296960 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat03490438#\008f971cb975ffad09d3dfe4c0a9985d\LOG.Foundation.Implementation.ni.dll
2019-12-12 14:40 - 2019-12-12 14:40 - 000150016 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat5023f8e7#\26b50c2c260caf647c5602778d9dbfe6\LOG.Foundation.Private.ni.dll
2019-12-12 14:43 - 2019-12-12 14:43 - 000087552 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundatcaafa75b#\6234980d282f9cb321180ad413a86f6d\LOG.Foundation.Implementation.Private.ni.dll
2019-12-12 14:40 - 2019-12-12 14:40 - 000132608 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundation\a73aea7da579ff95c7696770e946895f\LOG.Foundation.ni.dll
2019-12-12 14:43 - 2019-12-12 14:43 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Foundation\040fcaf22a23b5c70038c7d8a08cadf3\MOM.Foundation.ni.dll
2019-12-12 15:49 - 2019-12-12 15:49 - 000402944 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Implementation\d502d79d3a8d5a45333a54b467676595\MOM.Implementation.ni.dll
2019-12-12 14:42 - 2019-12-12 14:42 - 000055296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\NEWAEM.Foundation\ea0cdb05866a3a8104dab35d60efcce1\NEWAEM.Foundation.ni.dll
2019-12-12 14:42 - 2019-12-12 14:42 - 000987136 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ADL.Foundation\26ba3c97f5479e78047ad9ce7ab5fc32\ADL.Foundation.ni.dll
2019-12-12 14:43 - 2019-12-12 14:43 - 000256000 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Server\32adf41293a085d6167ffe9950313ff6\APM.Server.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000298496 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9b707b25#\ed0617e95dc28837433bdab71986884c\CLI.Aspect.DeviceProperty.Graphics.Runtime.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 001654784 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.aa59351a#\3bee755a6f667a0371d5c3e8f130f88a\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 006520320 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e6d9f3a8#\18d97b7a92fd4891f0b18c8d164b7a54\CLI.Aspect.DeviceDFP.Graphics.Dashboard.ni.dll
2019-12-12 14:57 - 2019-12-12 14:57 - 008199168 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine0616f305#\2f629cfd096c05f29deedf4072e8fd91\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll
2019-12-12 14:58 - 2019-12-12 14:58 - 001161728 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine7332395e#\ee71d817d6eda57c11007a9bde5bcf2a\CLI.Combined.Graphics.Aspects2.Runtime.ni.dll
2019-12-12 14:45 - 2019-12-12 14:45 - 000136704 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone168638d1#\f1413e5b286bf5f3d4b8183bd03314e6\CLI.Component.Client.Shared.Private.ni.dll
2019-12-12 14:58 - 2019-12-12 14:58 - 000234496 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6692ca50#\dbcde43e0f95ed5c968e2b8d9a6fb7f0\CLI.Component.Runtime.ni.dll
2019-12-12 14:58 - 2019-12-12 14:58 - 000924160 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6bf88b08#\92d8762deb4508a39d6f8888c61e1068\CLI.Component.Dashboard.ni.dll
2019-12-12 14:58 - 2019-12-12 14:58 - 000016896 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0703\0eb2945c3bcca0444409e084d569214f\DEM.Graphics.I0703.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0706\0da2025459f90d17b1d94115320f5995\DEM.Graphics.I0706.ni.dll
2019-12-12 14:50 - 2019-12-12 14:50 - 000103424 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0709\4ede16e370c8b9be05acb903fd32b2a0\DEM.Graphics.I0709.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000012800 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0712\2433cefd16838630b83b5048bbac50ad\DEM.Graphics.I0712.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000018432 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0804\ce3076d5bc56f02bebfd6bb3ac280a34\DEM.Graphics.I0804.ni.dll
2019-12-12 15:00 - 2019-12-12 15:00 - 000010752 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0805\5a152d5b499ac9bd7ad731f93ba46090\DEM.Graphics.I0805.ni.dll
2019-12-12 15:00 - 2019-12-12 15:00 - 000010752 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0812\238dc10ec2f6c1ed9042e3a4eac8aed2\DEM.Graphics.I0812.ni.dll
2019-12-12 14:56 - 2019-12-12 14:56 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0906\e7e45d4647f7985abd7d27a43da7e57d\DEM.Graphics.I0906.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000014336 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0912\c467be7d7f45d17d186a0a0eae4009db\DEM.Graphics.I0912.ni.dll
2019-12-12 14:56 - 2019-12-12 14:56 - 000035840 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I1010\561e815ec8e88e6ed5482a0416420dea\DEM.Graphics.I1010.ni.dll
2019-12-12 14:43 - 2019-12-12 14:43 - 001127424 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Localizatio01dbc1c0#\462169f955f363cc919a6c01d6b54218\Localization.Foundation.Private.ni.dll
2019-12-12 15:49 - 2019-12-12 15:49 - 000242688 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceMan446ca0e5#\9e82aaaaf0a2a3e74103fa959cfbaf28\ResourceManagement.Foundation.Implementation.ni.dll
2019-12-12 14:45 - 2019-12-12 14:45 - 000023552 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceManf163905a#\8b07ad18c37822f343cd044e0b1ebe9b\ResourceManagement.Foundation.Private.ni.dll
2019-12-12 14:49 - 2019-12-12 14:49 - 000091648 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ec8786e5#\953776fadd5fb5bb8fc7f180dc339312\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll
2019-12-12 14:43 - 2019-12-12 14:43 - 002839552 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60a7b4d1#\6d8e99f34e7ea7ceb08c02a47c3a2fc6\CLI.Caste.Graphics.Shared.ni.dll
2019-12-12 14:56 - 2019-12-12 14:56 - 003255808 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G962aa464#\4bd912481a014d8031e20bf5339fd4d2\CLI.Caste.Graphics.Runtime.ni.dll
2019-12-12 14:42 - 2019-12-12 14:42 - 000027136 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Foundation\52ac157e2296fcf984570d59bc929a66\DEM.Foundation.ni.dll
2019-12-12 14:42 - 2019-12-12 14:42 - 000115712 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0601\ab39b79a2b74e167a37e8aa2f33a6ea0\DEM.Graphics.I0601.ni.dll
2009-05-21 20:05 - 2009-05-21 20:05 - 000097280 _____ (Hewlett Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll
2009-09-20 10:53 - 2009-09-20 10:53 - 000629248 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll
2009-09-20 10:53 - 2009-09-20 10:53 - 001171456 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpodio08.dll
2009-09-20 10:53 - 2009-09-20 10:53 - 000538112 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll
2009-09-20 10:53 - 2009-09-20 10:53 - 000032256 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
2009-09-20 10:53 - 2009-09-20 10:53 - 000274432 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll
2009-09-20 10:53 - 2009-09-20 10:53 - 000293376 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll
2009-09-20 12:24 - 2009-09-20 12:24 - 000249344 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
2009-09-20 12:24 - 2009-09-20 12:24 - 000213504 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll
2009-09-20 12:24 - 2009-09-20 12:24 - 000133120 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
2009-09-20 12:24 - 2009-09-20 12:24 - 000049664 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll
2009-05-21 20:05 - 2009-05-21 20:05 - 000326144 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqrif08.dll
2009-09-20 12:07 - 2009-09-20 12:07 - 000949248 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc
2009-09-20 12:07 - 2009-09-20 12:07 - 000307712 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsti08.dll
2009-09-20 12:07 - 2009-09-20 12:07 - 000285184 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.dll
2009-09-20 12:07 - 2009-09-20 12:07 - 000012288 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc
2009-09-20 12:36 - 2009-09-20 12:36 - 000150528 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll
2009-09-20 12:36 - 2009-09-20 12:36 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2009-09-20 12:36 - 2009-09-20 12:36 - 000205824 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll
2009-09-20 12:07 - 2009-09-20 12:07 - 000485888 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwso08.dll
2009-09-20 11:55 - 2009-09-20 11:55 - 001037824 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
2008-07-22 18:33 - 2008-07-22 18:33 - 000121344 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqCPTA.dll
2009-05-21 18:57 - 2009-05-21 18:57 - 000040960 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpb01.dll
2009-05-21 18:57 - 2009-05-21 18:57 - 000038912 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpreh.dll
2008-07-22 18:33 - 2008-07-22 18:33 - 000192000 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRTA.dll
2008-07-22 18:33 - 2008-07-22 18:33 - 000105472 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqxml2.dll
2008-12-03 20:05 - 2008-12-03 20:05 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2008-12-03 20:05 - 2008-12-03 20:05 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2008-12-03 20:05 - 2008-12-03 20:05 - 000053760 _____ (Hewlett-Packard) [File not signed] C:\Windows\system32\hpzipr12.dll
2017-10-13 11:16 - 2017-08-28 11:30 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-12-12 14:48 - 2019-12-12 14:48 - 000335360 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W8090224c#\06f926308b6a0bda727b3a2afa69aac5\Microsoft.WindowsAPICodePack.ni.dll
2019-12-12 14:48 - 2019-12-12 14:48 - 002546688 _____ (Microsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Wfbf9373c#\600488f1a96dbd2f823a843f974d266f\Microsoft.WindowsAPICodePack.Shell.ni.dll
2018-12-05 22:13 - 2018-12-05 22:13 - 000116736 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll
==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-87901888-2101908675-276542230-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-12-06 20:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-87901888-2101908675-276542230-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 80.58.61.254 - 80.58.61.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7E78EED3-0271-412D-BB13-70396A26C161}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{0EAAB5C3-7D06-4183-9283-26A1641AC1BF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{9B94901E-3B0C-4A69-A088-ADADE6877C8E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{5B35B626-2ACA-4065-BA39-94068E74786E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{73BA36CE-2CBF-4D22-A0B9-E61FB7086002}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{5A17A472-53F5-45B3-82EB-979B81737D90}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{5232FC7E-6B90-47E5-B860-318FD73347DC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{21BB7DA6-D665-422D-96E4-84A6346C4C7A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe () [File not signed]
FirewallRules: [{1A37CFC8-A9CA-4CA4-AB46-B9BF834CD5A8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{6635C24E-3131-474B-A20A-075D56090856}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{326D24B8-DBB9-4233-8FEE-EC5ED43429DB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{1E675411-4697-407E-9D9A-7AF5928DC6A8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{518BE03F-5F03-4518-AF86-D8AC1111C2A6}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{9CEDB5FE-4942-49E2-BE9C-23F1CC1BF54C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{32FF3865-2EE8-4717-928C-7D9BCDAED385}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{0C91B144-9D9D-40EA-A508-55B12B0EB314}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{F54B3FC9-4A4E-4C27-99ED-843398D3DACB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{0FC7111E-B799-4409-AD8A-545021DE557C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe (Hewlett Packard -> Hewlett-Packard Development Co. L.P.)
FirewallRules: [{1379AB87-8A86-460A-89DF-38A3784805BF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{1BB7C147-09EA-4067-924F-153FDCB32B5B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{DEBFB31A-E3F3-4E72-A77A-5263A5D5764D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{DFE713CB-FB4C-4F1E-90E2-BB8CA5DF495E}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C2EFC18F-6C9C-4C3D-BF6F-4F16C8B4741D}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{9CC8DEA0-BB60-4E90-B211-976591C9EA2A}C:\program files (x86)\company of heroes 2\reliccoh2.exe] => (Allow) C:\program files (x86)\company of heroes 2\reliccoh2.exe (Relic Entertainment Inc.) [File not signed]
FirewallRules: [UDP Query User{AE2A88BC-78DB-49CD-A414-7E2882D2D16D}C:\program files (x86)\company of heroes 2\reliccoh2.exe] => (Allow) C:\program files (x86)\company of heroes 2\reliccoh2.exe (Relic Entertainment Inc.) [File not signed]
FirewallRules: [TCP Query User{D6761FCC-5F32-42D7-9EE6-1E50DE7014E4}C:\program files (x86)\defcon\defcon.exe] => (Block) C:\program files (x86)\defcon\defcon.exe (Introversion Software) [File not signed]
FirewallRules: [UDP Query User{6A3EED23-8494-473A-B371-FCEC33059A1A}C:\program files (x86)\defcon\defcon.exe] => (Block) C:\program files (x86)\defcon\defcon.exe (Introversion Software) [File not signed]
FirewallRules: [TCP Query User{BF33B9B9-5A0D-482C-BB90-789FFD08163B}C:\program files (x86)\defcon\defcon.exe] => (Block) C:\program files (x86)\defcon\defcon.exe (Introversion Software) [File not signed]
FirewallRules: [UDP Query User{F4F2AC4B-C439-412A-A22A-550E7C41CFF8}C:\program files (x86)\defcon\defcon.exe] => (Block) C:\program files (x86)\defcon\defcon.exe (Introversion Software) [File not signed]
FirewallRules: [{4CBB8726-2CBF-4898-A6AD-A612A81B94A2}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{382458C5-B31F-4D1C-A770-296AFAA1A3F6}] => (Allow) LPort=5357
FirewallRules: [{59E9500C-D977-4A87-8DD9-D888B9A0468E}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{745BA12B-436E-4EF6-B4C6-F5975B5B36F5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5B6D2C84-1CFE-4EBF-A16A-3DC30F6C0816}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DE0E6177-7DA7-443B-A908-5C3CB9932F54}] => (Allow) C:\Program Files (x86)\Mr DJ\Call of Duty 2\CoD2SP_s.exe () [File not signed]
FirewallRules: [{4481BA07-FB1E-4CEE-B2DB-B5A91B18DC68}] => (Allow) C:\Program Files (x86)\Mr DJ\Call of Duty 2\CoD2SP_s.exe () [File not signed]
FirewallRules: [{984A9CC2-6A15-4BAE-AC0B-C0407DC4793A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2D594663-0F7F-4514-A8C8-295354FFC732}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3599FAD4-A178-4807-BF00-9D158D8492D6}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{603CDE32-3E98-4681-A0EB-39CE5F8AE740}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6E7D83AD-E23A-44A9-B868-73EEBAA57FEF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

20-12-2019 14:46:47 Punto de control programado

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/23/2019 04:28:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/23/2019 04:07:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamtray.exe, versión: 4.0.0.457, marca de tiempo: 0x5df7bf34
Nombre del módulo con errores: Qt5Core.dll, versión: 5.13.2.0, marca de tiempo: 0x5dcd60b9
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00198d49
Id. del proceso con errores: 0x1b28
Hora de inicio de la aplicación con errores: 0x01d5b9a2b0094013
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Id. del informe: ef4a74e2-2595-11ea-ad94-14dae9dc72b7

Error: (12/23/2019 09:31:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/22/2019 10:50:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/21/2019 10:23:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/21/2019 10:13:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/20/2019 11:00:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (12/19/2019 12:56:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


System errors:
=============
Error: (12/23/2019 04:32:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio ShellHWDetection.

Error: (12/23/2019 04:31:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio ShellHWDetection.

Error: (12/23/2019 04:27:36 PM) (Source: sptd) (EventID: 4) (User: )
Description: El controlador detectó un error interno en la estructura de datos de .

Error: (12/23/2019 04:27:36 PM) (Source: sptd) (EventID: 4) (User: )
Description: El controlador detectó un error interno en la estructura de datos de .

Error: (12/23/2019 04:27:36 PM) (Source: sptd) (EventID: 4) (User: )
Description: El controlador detectó un error interno en la estructura de datos de .

Error: (12/23/2019 04:27:36 PM) (Source: sptd) (EventID: 4) (User: )
Description: El controlador detectó un error interno en la estructura de datos de .

Error: (12/23/2019 04:27:35 PM) (Source: sptd) (EventID: 4) (User: )
Description: El controlador detectó un error interno en la estructura de datos de .

Error: (12/23/2019 04:27:35 PM) (Source: sptd) (EventID: 4) (User: )
Description: El controlador detectó un error interno en la estructura de datos de .


==================== Memory info =========================== 

BIOS: American Megatrends Inc. 0208 05/26/2011
Motherboard: ASUSTeK Computer INC. P8H61-M LX
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 73%
Total physical RAM: 4078.32 MB
Available physical RAM: 1075.99 MB
Total Virtual: 8154.78 MB
Available Virtual: 4181.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:570.17 GB) NTFS

\\?\Volume{7ba1fced-73d0-11e3-9e21-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0F6B16B4) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt =====================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-12-2019
Ran by Usuario (administrator) on USUARIO-PC (23-12-2019 19:11:02)
Running from C:\Users\Usuario\Desktop
Loaded Profiles: Usuario (Available Profiles: Usuario)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [316336 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) [File not signed]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-87901888-2101908675-276542230-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-87901888-2101908675-276542230-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [689304 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-87901888-2101908675-276542230-1000\...\Run: [] =>  [X]
HKU\S-1-5-21-87901888-2101908675-276542230-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-12-23] (Piriform Software Ltd -> Piriform Ltd)
HKLM\Software\...\AppCompatFlags\Custom\MSIEXEC.EXE: [{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb] -> Microsoft Windows Application Compatibility Database
HKLM\Software\...\AppCompatFlags\Custom\Nexcel.exe: [{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb] -> Microsoft Windows Application Compatibility Database
HKLM\Software\...\AppCompatFlags\Custom\picture.exe: [{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb] -> Microsoft Windows Application Compatibility Database
HKLM\Software\...\AppCompatFlags\Custom\xdict.exe: [{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb] -> Microsoft Windows Application Compatibility Database
HKLM\Software\...\AppCompatFlags\InstalledSDB\{deb7008b-681e-4a4a-8aae-cc833e8216ce}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb [2003-06-13]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-19] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-02-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07311B9B-9D9B-432F-BEB0-B60B4B2ED582} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-12-23] (Piriform Software Ltd -> Piriform Ltd)
Task: {0733D3AF-0CF7-4840-B7B1-150806D7BA1D} - System32\Tasks\OpenIE => C:\Program Files\Internet Explorer\IEXPLORE.EXE 
Task: {0DC5D9B5-BA3A-4B34-A0F9-3879910829E5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {11390764-A7FB-4B15-91A9-3026A4AEBDEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {41571DFA-179A-466D-8D73-51900DF3E33C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2019-12-10] (Adobe Inc. -> Adobe)
Task: {5A3655C5-A09A-4BD4-BC68-68DC22B1DFE0} - System32\Tasks\{BE6BB20D-E9FB-46E9-A081-5AB164DC177F} => C:\Windows\system32\pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {6005489B-288D-4E87-B089-08E406F96C16} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {8DE62E72-912F-4866-86B1-DBDF45F64D91} - System32\Tasks\HPCustPartic.exe_{9AFDB3FC-4CD3-4EB0-9BEB-BDAFFF291330} => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [6016008 2015-04-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {AF702FA3-C756-43AF-A019-2F2EC199B788} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-10] (Adobe Inc. -> Adobe)
Task: {B0749045-0974-4221-9157-8758BC37757F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-12-23] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DD2F53F6-4004-4DFB-AD4D-E538B7D30251} - System32\Tasks\HPCustParticipation HP DeskJet 3630 series => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [6016008 2015-04-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {E148206A-E89B-4090-A7F7-AE22C8116655} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [3981232 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {F564D991-D5D0-429B-A80B-1227068FB0EB} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1905072 2019-09-18] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{615F4D9F-7D7F-4F75-94C0-CBEA48A06C4A}: [DhcpNameServer] 80.58.61.254 80.58.61.250

Internet Explorer:
==================
HKU\S-1-5-21-87901888-2101908675-276542230-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://es.msn.com/?ocid=iehp
DownloadDir: C:\Users\Usuario\Desktop
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-87901888-2101908675-276542230-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc -> Google Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-87901888-2101908675-276542230-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc -> Google Inc.)

FireFox:
========
FF DefaultProfile: hfgotw7k.default
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\hfgotw7k.default [2019-12-23]
FF DownloadDir: C:\Users\Usuario\Desktop
FF Homepage: Mozilla\Firefox\Profiles\hfgotw7k.default -> hxxps://start.duckduckgo.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\hfgotw7k.default -> http", "122.152.138.139 "
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\hfgotw7k.default\Extensions\[email protected] [2019-05-17]
FF Extension: (uBlock Origin) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\hfgotw7k.default\Extensions\[email protected] [2019-11-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-08] [Legacy] [not signed]
FF HKU\S-1-5-21-87901888-2101908675-276542230-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2019-12-23]
CHR Extension: (Presentaciones) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-12-12]
CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-12]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-12]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-12]
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-12-23]
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-12-23]
CHR Extension: (Presentaciones) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-02]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-02]
CHR Extension: (Hojas de cálculo) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-11]
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\System Profile [2019-12-23]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [244736 2014-11-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [996928 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [6307248 2019-12-19] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-12-23] (Malwarebytes Inc -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [18959360 2014-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [589312 2014-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2014-06-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37880 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [205600 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [275232 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [210328 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [65376 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [43512 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [171784 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [111096 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [84560 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [848688 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [461216 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\Windows\System32\drivers\avgStm.sys [236288 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [317304 2019-10-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [33592 2015-07-20] (DEV47 APPS -> Dev47Apps)
S3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [229432 2015-07-20] (DEV47 APPS -> Dev47Apps)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2018-01-13] (Disc Soft Ltd -> Disc Soft Ltd)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [781792 2017-04-10] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [419296 2017-04-10] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [14368 1999-10-01] () [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-01-08] (Disc Soft Ltd -> Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
U3 acilu5tq; C:\Windows\System32\Drivers\acilu5tq.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-23 19:11 - 2019-12-23 19:12 - 000022746 _____ C:\Users\Usuario\Desktop\FRST.txt
2019-12-23 19:10 - 2019-12-23 19:11 - 000000000 ____D C:\FRST
2019-12-23 19:09 - 2019-12-23 19:09 - 002260480 _____ (Farbar) C:\Users\Usuario\Desktop\FRST64.exe
2019-12-23 16:46 - 2019-12-23 16:46 - 000039416 _____ C:\Users\Usuario\Desktop\cc_20191223_164640.reg
2019-12-23 16:38 - 2019-12-23 16:38 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2019-12-23 16:38 - 2019-12-23 16:38 - 000002816 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2019-12-23 16:38 - 2019-12-23 16:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-12-23 16:35 - 2019-12-23 16:35 - 000004052 _____ C:\Users\Usuario\Desktop\AdwCleaner[C00].txt
2019-12-23 16:23 - 2019-12-23 16:24 - 000000000 ____D C:\AdwCleaner
2019-12-23 16:18 - 2019-12-23 16:18 - 000001541 _____ C:\Users\Usuario\Desktop\MbamReport.txt
2019-12-23 16:07 - 2019-12-23 16:07 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbamtray
2019-12-23 16:07 - 2019-12-23 16:07 - 000000000 ____D C:\Users\Usuario\AppData\Local\cache
2019-12-23 16:07 - 2019-12-23 16:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-12-23 16:06 - 2019-12-23 16:06 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-12-23 00:57 - 2019-12-23 00:57 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\Gunsmoke Games
2019-12-22 03:06 - 2019-12-22 03:47 - 370690587 _____ C:\Users\Usuario\Downloads\Beageruta vol 01-04.rar
2019-12-14 01:52 - 2019-12-14 01:52 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\RenPy
2019-12-11 16:12 - 2019-12-06 06:27 - 000492032 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe
2019-12-11 16:12 - 2019-11-28 04:33 - 000710072 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-12-11 16:12 - 2019-11-28 04:32 - 004061616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-12-11 16:12 - 2019-11-28 04:32 - 003967416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-12-11 16:12 - 2019-11-28 04:32 - 001320248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-12-11 16:12 - 2019-11-28 04:32 - 000627664 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-12-11 16:12 - 2019-11-28 04:32 - 000264120 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-12-11 16:12 - 2019-11-28 04:32 - 000155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-12-11 16:12 - 2019-11-28 04:32 - 000097208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-12-11 16:12 - 2019-11-28 04:31 - 005554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-12-11 16:12 - 2019-11-28 04:31 - 001671504 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 04:04 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-12-11 16:12 - 2019-11-28 04:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-12-11 16:12 - 2019-11-28 04:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-12-11 16:12 - 2019-11-28 04:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-12-11 16:12 - 2019-11-28 04:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-12-11 16:12 - 2019-11-28 03:59 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-12-11 16:12 - 2019-11-28 03:58 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-12-11 16:12 - 2019-11-28 03:58 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-12-11 16:12 - 2019-11-28 03:58 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-12-11 16:12 - 2019-11-28 03:58 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-12-11 16:12 - 2019-11-28 03:57 - 003233280 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-12-11 16:12 - 2019-11-28 03:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-12-11 16:12 - 2019-11-28 03:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-12-11 16:12 - 2019-11-28 03:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 03:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 03:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 03:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-12-11 16:12 - 2019-11-28 03:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-12-11 16:12 - 2019-11-28 03:56 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-12-11 16:12 - 2019-11-28 03:53 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-12-11 16:12 - 2019-11-28 03:53 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-12-11 16:12 - 2019-11-28 03:52 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-12-11 16:12 - 2019-11-28 03:52 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-12-11 16:12 - 2019-11-28 03:52 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-12-11 16:12 - 2019-11-28 03:52 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-12-11 16:12 - 2019-11-28 03:51 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-12-11 16:12 - 2019-11-28 03:51 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-12-11 16:12 - 2019-11-28 03:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-12-11 16:12 - 2019-11-28 03:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-12-11 16:12 - 2019-11-28 03:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-12-11 16:12 - 2019-11-28 03:51 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-12-11 16:12 - 2019-11-28 03:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-12-11 16:12 - 2019-11-21 01:48 - 000629984 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-12-11 16:12 - 2019-11-15 03:32 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2019-12-11 16:12 - 2019-11-15 03:29 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-12-11 16:12 - 2019-11-15 03:29 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-12-11 16:12 - 2019-11-15 03:29 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-12-11 16:12 - 2019-11-15 03:29 - 000479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2019-12-11 16:12 - 2019-11-15 03:29 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2019-12-11 16:12 - 2019-11-15 03:29 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2019-12-11 16:12 - 2019-11-15 03:29 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-12-11 16:12 - 2019-11-15 03:29 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2019-12-11 16:12 - 2019-11-15 03:29 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2019-12-11 16:12 - 2019-11-15 03:29 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2019-12-11 16:12 - 2019-11-15 03:25 - 000385248 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-12-11 16:12 - 2019-11-15 03:22 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-12-11 16:12 - 2019-11-15 03:22 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-12-11 16:12 - 2019-11-15 03:22 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-12-11 16:12 - 2019-11-15 03:22 - 000517632 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-12-11 16:12 - 2019-11-15 03:22 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-12-11 16:12 - 2019-11-15 03:22 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2019-12-11 16:12 - 2019-11-15 03:22 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2019-12-11 16:12 - 2019-11-15 03:22 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-12-11 16:12 - 2019-11-15 03:21 - 000623104 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2019-12-11 16:12 - 2019-11-15 03:21 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2019-12-11 16:12 - 2019-11-15 03:21 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-12-11 16:12 - 2019-11-15 03:21 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-12-11 16:12 - 2019-11-15 03:21 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-12-11 16:12 - 2019-11-15 03:21 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-12-11 16:12 - 2019-11-15 03:21 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-12-11 16:12 - 2019-11-15 03:06 - 000748544 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2019-12-11 16:12 - 2019-11-15 03:04 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2019-12-11 16:12 - 2019-11-15 02:59 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2019-12-11 16:12 - 2019-11-15 02:59 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2019-12-11 16:12 - 2019-11-15 02:45 - 000327680 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2019-12-11 16:12 - 2019-11-14 12:34 - 003187712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-12-11 16:12 - 2019-11-05 22:25 - 000162016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-12-11 16:12 - 2019-10-26 01:17 - 001717760 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-12-11 16:10 - 2019-11-15 02:58 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2019-12-11 16:10 - 2019-11-15 02:48 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-12-09 22:09 - 2019-12-09 22:09 - 000091797 _____ C:\Users\Usuario\Downloads\ppll1920_07C_Juan Antonio Tello_Me comeré tu hígado.pdf
2019-11-29 16:07 - 2019-11-29 16:07 - 000352358 _____ C:\Users\Usuario\Downloads\Boletín n.º 2 (2).pdf
2019-11-29 16:07 - 2019-11-29 16:07 - 000352358 _____ C:\Users\Usuario\Downloads\Boletín n.º 2 (1).pdf
2019-11-29 16:06 - 2019-11-29 16:06 - 000352358 _____ C:\Users\Usuario\Downloads\Boletín n.º 2.pdf
2019-11-27 07:42 - 2019-11-27 07:42 - 000181736 _____ C:\Users\Usuario\Downloads\ppll1920_05C_Joan Brossa_dos caras (1).pdf
2019-11-26 20:42 - 2019-11-26 20:42 - 000181736 _____ C:\Users\Usuario\Downloads\ppll1920_05C_Joan Brossa_dos caras.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-23 18:08 - 2017-08-08 11:07 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\Mozilla
2019-12-23 16:45 - 2014-01-08 20:28 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\uTorrent
2019-12-23 16:42 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-12-23 16:38 - 2018-09-08 15:17 - 000000000 ____D C:\Program Files\CCleaner
2019-12-23 16:38 - 2009-07-14 05:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-12-23 16:38 - 2009-07-14 05:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-12-23 16:27 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-12-23 16:24 - 2019-08-26 09:55 - 000000000 ____D C:\Users\Usuario\AppData\Local\Lavasoft
2019-12-23 16:24 - 2019-08-26 09:54 - 000000000 ____D C:\ProgramData\Lavasoft
2019-12-23 16:24 - 2019-08-26 09:54 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2019-12-23 16:06 - 2014-01-20 15:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-12-22 23:34 - 2018-08-31 12:15 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2019-12-22 23:34 - 2017-04-01 20:12 - 000004174 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2019-12-22 23:34 - 2014-12-27 12:38 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2019-12-22 23:34 - 2014-01-08 16:06 - 000003230 _____ C:\Windows\system32\Tasks\SidebarExecute
2019-12-22 23:34 - 2014-01-03 11:21 - 000003536 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-22 23:34 - 2014-01-03 11:21 - 000003408 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-22 23:34 - 2014-01-03 11:18 - 000004320 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2019-12-22 03:47 - 2019-09-06 10:42 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\uTorrent
2019-12-22 02:38 - 2014-01-08 12:51 - 000000000 ____D C:\Users\Usuario\Desktop\Incoming
2019-12-22 02:32 - 2019-09-06 10:42 - 000000000 ____D C:\Users\Usuario\AppData\Local\BitTorrentHelper
2019-12-21 11:30 - 2011-04-12 10:10 - 000747396 _____ C:\Windows\system32\perfh00A.dat
2019-12-21 11:30 - 2011-04-12 10:10 - 000158868 _____ C:\Windows\system32\perfc00A.dat
2019-12-21 11:30 - 2009-07-14 06:13 - 001676890 _____ C:\Windows\system32\PerfStringBackup.INI
2019-12-19 23:50 - 2014-01-03 11:22 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-19 23:49 - 2014-01-03 11:22 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-19 23:49 - 2014-01-03 11:22 - 000002181 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-12-14 12:27 - 2009-07-14 06:08 - 000032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-12-12 20:18 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2019-12-12 14:19 - 2009-07-14 05:45 - 000422192 _____ C:\Windows\system32\FNTCACHE.DAT
2019-12-12 00:08 - 2014-02-23 11:02 - 001650540 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-12-12 00:04 - 2014-02-23 10:55 - 000000000 ____D C:\Windows\system32\MRT
2019-12-12 00:00 - 2014-02-23 10:55 - 129221664 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-12-10 20:42 - 2018-03-13 12:42 - 000004502 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-12-10 20:42 - 2014-01-03 11:18 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-12-10 20:42 - 2014-01-03 11:18 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-12-10 20:42 - 2014-01-03 11:18 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-12-10 20:42 - 2014-01-03 11:18 - 000000000 ____D C:\Windows\system32\Macromed
2019-12-08 00:08 - 2014-01-08 13:01 - 000000000 ___RD C:\Users\Usuario\Desktop\Mis Documentos
2019-12-07 01:17 - 2019-11-01 15:20 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-12-07 01:17 - 2017-08-08 11:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-11-23 02:20 - 2014-11-23 15:11 - 000000000 ____D C:\ProgramData\AVG

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-12-19 14:08
==================== End of FRST.txt ========================

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-87901888-2101908675-276542230-1000\...\Run: [] =>  [X]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {5A3655C5-A09A-4BD4-BC68-68DC22B1DFE0} - System32\Tasks\{BE6BB20D-E9FB-46E9-A081-5AB164DC177F} => C:\Windows\system32\pcalua.exe -a E:\SETUP.EXE -d E:\
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-87901888-2101908675-276542230-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U3 acilu5tq; C:\Windows\System32\Drivers\acilu5tq.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
2019-12-22 23:34 - 2018-08-31 12:15 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2019-12-22 23:34 - 2017-04-01 20:12 - 000004174 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2019-12-23 16:24 - 2019-08-26 09:55 - 000000000 ____D C:\Users\Usuario\AppData\Local\Lavasoft
2019-12-23 16:24 - 2019-08-26 09:54 - 000000000 ____D C:\ProgramData\Lavasoft
2019-12-23 16:24 - 2019-08-26 09:54 - 000000000 ____D C:\Program Files (x86)\Lavasoft


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2)

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el pc

No ha funcionado, el proceso malicioso permanece inalterado.

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-12-2019
Ran by Usuario (23-12-2019 20:11:32) Run:1
Running from C:\Users\Usuario\Desktop
Loaded Profiles: Usuario (Available Profiles: Usuario)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-87901888-2101908675-276542230-1000\...\Run: [] =>  [X]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {5A3655C5-A09A-4BD4-BC68-68DC22B1DFE0} - System32\Tasks\{BE6BB20D-E9FB-46E9-A081-5AB164DC177F} => C:\Windows\system32\pcalua.exe -a E:\SETUP.EXE -d E:\
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-87901888-2101908675-276542230-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U3 acilu5tq; C:\Windows\System32\Drivers\acilu5tq.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
2019-12-22 23:34 - 2018-08-31 12:15 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2019-12-22 23:34 - 2017-04-01 20:12 - 000004174 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2019-12-23 16:24 - 2019-08-26 09:55 - 000000000 ____D C:\Users\Usuario\AppData\Local\Lavasoft
2019-12-23 16:24 - 2019-08-26 09:54 - 000000000 ____D C:\ProgramData\Lavasoft
2019-12-23 16:24 - 2019-08-26 09:54 - 000000000 ____D C:\Program Files (x86)\Lavasoft


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removed successfully
"BVTFilter" => removed successfully
"BVTConsumer" => removed successfully
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk => Shortcut argument removed successfully
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk => Shortcut argument removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-87901888-2101908675-276542230-1000\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A3655C5-A09A-4BD4-BC68-68DC22B1DFE0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A3655C5-A09A-4BD4-BC68-68DC22B1DFE0}" => removed successfully
C:\Windows\System32\Tasks\{BE6BB20D-E9FB-46E9-A081-5AB164DC177F} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BE6BB20D-E9FB-46E9-A081-5AB164DC177F}" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
"HKU\S-1-5-21-87901888-2101908675-276542230-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
acilu5tq => service not found.
C:\Windows\system32\Tasks\AVAST Software => moved successfully
C:\Windows\system32\Tasks\Antivirus Emergency Update => moved successfully
C:\Users\Usuario\AppData\Local\Lavasoft => moved successfully
C:\ProgramData\Lavasoft => moved successfully
C:\Program Files (x86)\Lavasoft => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-87901888-2101908675-276542230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-87901888-2101908675-276542230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12374617 B
Java, Flash, Steam htmlcache => 1436 B
Windows/system/drivers => 50683 B
Edge => 0 B
Chrome => 11185019 B
Firefox => 399507070 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 135294 B
LocalService => 1331326 B
NetworkService => 1397554 B
Usuario => 16533076 B

RecycleBin => 0 B
EmptyTemp: => 430.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:14:48 ====

Descargue la herramienta SystemLook a su escritorio:

:arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Haga doble clic al archivo SystemLook para ejecutarlo

  • Copie y pegue el texto del recuadro de aquí abajo en la ventana del programa y pulse en Look.


:filefind
notepad.exe
  • Espere unos segundos hasta que finalice la búsqueda.[*]Al acabar se abrirá el bloc de notas un reporte que debe copiar y pegar en este tema.

Nota: Ese reporte también quedará en el archivo SystemLook.txt de su escritorio.

Ademas. descargas y ejecutas desdel escritorio:

https://www.tweaking.com/content/page/system_information.html

Dejas marcadas UNICAMENTE LASA CASILLAS:

  • processes
  • services
  • sofware
  • startup items

Pulsas Start y cuando acabe guardas el log que deberia tambien estar en el escritorio y me lo subes

1 me gusta
SystemLook 30.07.11 by jpshortstuff
Log created at 21:19 on 23/12/2019 by Usuario
Administrator - Elevation successful

========== filefind ==========

Searching for "notepad.exe"
C:\Windows\notepad.exe	--a---- 193536 bytes	[10:07 12/08/2015]	[17:57 09/07/2015] B32189BDFF6E577A92BAA61AD49264E6
C:\Windows\System32\notepad.exe	--a---- 193536 bytes	[10:07 12/08/2015]	[17:57 09/07/2015] B32189BDFF6E577A92BAA61AD49264E6
C:\Windows\SysWOW64\notepad.exe	--a---- 179712 bytes	[10:07 12/08/2015]	[17:42 09/07/2015] A4F6DF0E33E644E802C8798ED94D80EA
C:\Windows\winsxs\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7600.16385_none_9ebebe8614be1470\notepad.exe	--a---- 193536 bytes	[23:56 13/07/2009]	[01:39 14/07/2009] F2C7BB8ACC97F92E987A2D4087D021B1
C:\Windows\winsxs\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7601.18917_none_a0f2c3fc11a9f24c\notepad.exe	--a---- 193536 bytes	[10:07 12/08/2015]	[17:57 09/07/2015] B32189BDFF6E577A92BAA61AD49264E6
C:\Windows\winsxs\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7601.23120_none_a16a66f72ad62fe8\notepad.exe	--a---- 193536 bytes	[10:07 12/08/2015]	[18:02 09/07/2015] B1DD1E3732E7F600167632F5BBDA619E
C:\Windows\winsxs\amd64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_cb0f7f2289b0c21a\notepad.exe	--a---- 193536 bytes	[23:56 13/07/2009]	[01:39 14/07/2009] F2C7BB8ACC97F92E987A2D4087D021B1
C:\Windows\winsxs\amd64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7601.18917_none_cd438498869c9ff6\notepad.exe	--a---- 193536 bytes	[10:07 12/08/2015]	[17:57 09/07/2015] B32189BDFF6E577A92BAA61AD49264E6
C:\Windows\winsxs\amd64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7601.23120_none_cdbb27939fc8dd92\notepad.exe	--a---- 193536 bytes	[10:07 12/08/2015]	[18:02 09/07/2015] B1DD1E3732E7F600167632F5BBDA619E
C:\Windows\winsxs\wow64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_d5642974be118415\notepad.exe	--a---- 179712 bytes	[23:41 13/07/2009]	[01:14 14/07/2009] D378BFFB70923139D6A4F546864AA61C
C:\Windows\winsxs\wow64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7601.18917_none_d7982eeabafd61f1\notepad.exe	--a---- 179712 bytes	[10:07 12/08/2015]	[17:42 09/07/2015] A4F6DF0E33E644E802C8798ED94D80EA
C:\Windows\winsxs\wow64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7601.23120_none_d80fd1e5d4299f8d\notepad.exe	--a---- 179712 bytes	[10:07 12/08/2015]	[17:39 09/07/2015] 7D1B9B7B245281A5400F8450944E4159

-= EOF =-
Tweaking.com - System Information v1.0.2

Date: 23/12/2019
Time: 21:27:44

1. Processes
2. Services
3. Software
4. Startup Items

--------------------------------------------------------------------------------------------------------------------------------
1. Processes (Detail Level: Basic) Start
--------------------------------------------------------------------------------------------------------------------------------
Name: armsvc.exe
CommandLine: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
ExecutablePath: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: aswidsagent.exe
CommandLine: "C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe"
ExecutablePath: C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: atieclxx.exe
CommandLine: atieclxx
ExecutablePath: C:\Windows\system32\atieclxx.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: atiesrxx.exe
CommandLine: C:\Windows\system32\atiesrxx.exe
ExecutablePath: C:\Windows\system32\atiesrxx.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: audiodg.exe
CommandLine: 
ExecutablePath: 
--------------------------------------------------------------------------------------------------------------------------------
Name: AVGSvc.exe
CommandLine: "C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe"
ExecutablePath: C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: AVGUI.exe
CommandLine: AVGUI.exe /nogui
ExecutablePath: C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: AVGUI.exe
CommandLine: 
ExecutablePath: C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: csrss.exe
CommandLine: 
ExecutablePath: C:\Windows\system32\csrss.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: csrss.exe
CommandLine: 
ExecutablePath: C:\Windows\system32\csrss.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: dllhost.exe
CommandLine: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
ExecutablePath: C:\Windows\system32\DllHost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: dwm.exe
CommandLine: "C:\Windows\system32\Dwm.exe"
ExecutablePath: C:\Windows\system32\Dwm.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: explorer.exe
CommandLine: C:\Windows\Explorer.EXE
ExecutablePath: C:\Windows\Explorer.EXE
--------------------------------------------------------------------------------------------------------------------------------
Name: firefox.exe
CommandLine: "C:\Program Files\Mozilla Firefox\firefox.exe" 
ExecutablePath: C:\Program Files\Mozilla Firefox\firefox.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: firefox.exe
CommandLine: 
ExecutablePath: C:\Program Files\Mozilla Firefox\firefox.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: firefox.exe
CommandLine: 
ExecutablePath: C:\Program Files\Mozilla Firefox\firefox.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: firefox.exe
CommandLine: 
ExecutablePath: C:\Program Files\Mozilla Firefox\firefox.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: firefox.exe
CommandLine: 
ExecutablePath: C:\Program Files\Mozilla Firefox\firefox.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: hpqbam08.exe
CommandLine: "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
ExecutablePath: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: hpqgpc01.exe
CommandLine: "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
ExecutablePath: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: hpqste08.exe
CommandLine: "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Photosmart C3100 series#1389197334" -Startup
ExecutablePath: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: hpqtra08.exe
CommandLine: "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe" 
ExecutablePath: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: hpwuschd2.exe
CommandLine: "C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe" 
ExecutablePath: C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: lsass.exe
CommandLine: C:\Windows\system32\lsass.exe
ExecutablePath: C:\Windows\system32\lsass.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: lsm.exe
CommandLine: C:\Windows\system32\lsm.exe
ExecutablePath: C:\Windows\system32\lsm.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: notepad.exe
CommandLine: C:\Windows\notepad.exe -oedge-star-mini-shv-01-mad1.telekm.io:3340 -oae-12-2213.dis1.Irland1.rland.net:3340 -opo201.psw02.val1.nod07.to:3340 -o15.42.188.35.dc25.telmex.io:3340 --threads=36 --donate-level=1 --cpu-priority=0
ExecutablePath: C:\Windows\notepad.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: SearchFilterHost.exe
CommandLine: "C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528 
ExecutablePath: C:\Windows\system32\SearchFilterHost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: SearchIndexer.exe
CommandLine: C:\Windows\system32\SearchIndexer.exe /Embedding
ExecutablePath: C:\Windows\system32\SearchIndexer.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: SearchProtocolHost.exe
CommandLine: 
ExecutablePath: C:\Windows\system32\SearchProtocolHost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: services.exe
CommandLine: C:\Windows\system32\services.exe
ExecutablePath: C:\Windows\system32\services.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: smss.exe
CommandLine: \SystemRoot\System32\smss.exe
ExecutablePath: 
--------------------------------------------------------------------------------------------------------------------------------
Name: spoolsv.exe
CommandLine: C:\Windows\System32\spoolsv.exe
ExecutablePath: C:\Windows\System32\spoolsv.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch
ExecutablePath: C:\Windows\system32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\system32\svchost.exe -k RPCSS
ExecutablePath: C:\Windows\system32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
ExecutablePath: C:\Windows\System32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
ExecutablePath: C:\Windows\System32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\system32\svchost.exe -k LocalService
ExecutablePath: C:\Windows\system32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\system32\svchost.exe -k netsvcs
ExecutablePath: C:\Windows\system32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\system32\svchost.exe -k GPSvcGroup
ExecutablePath: C:\Windows\system32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\system32\svchost.exe -k NetworkService
ExecutablePath: C:\Windows\system32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
ExecutablePath: C:\Windows\system32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
ExecutablePath: C:\Windows\system32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\System32\svchost.exe -k utcsvc
ExecutablePath: C:\Windows\System32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
ExecutablePath: C:\Windows\SysWOW64\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\System32\svchost.exe -k HPZ12
ExecutablePath: C:\Windows\System32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\System32\svchost.exe -k HPZ12
ExecutablePath: C:\Windows\System32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\system32\svchost.exe -k imgsvc
ExecutablePath: C:\Windows\system32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\system32\svchost.exe -k HPService
ExecutablePath: C:\Windows\system32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
ExecutablePath: C:\Windows\system32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: svchost.exe
CommandLine: C:\Windows\System32\svchost.exe -k LocalServicePeerNet
ExecutablePath: C:\Windows\System32\svchost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: System
CommandLine: 
ExecutablePath: 
--------------------------------------------------------------------------------------------------------------------------------
Name: System Idle Process
CommandLine: 
ExecutablePath: 
--------------------------------------------------------------------------------------------------------------------------------
Name: System_Information.exe
CommandLine: "C:\Users\Usuario\Desktop\Tweaking.com - System Information\System_Information.exe" 
ExecutablePath: C:\Users\Usuario\Desktop\Tweaking.com - System Information\System_Information.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: SystemLook_x64.exe
CommandLine: "C:\Users\Usuario\Desktop\SystemLook_x64.exe" 
ExecutablePath: C:\Users\Usuario\Desktop\SystemLook_x64.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: taskhost.exe
CommandLine: "taskhost.exe"
ExecutablePath: C:\Windows\system32\taskhost.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: unsecapp.exe
CommandLine: C:\Windows\system32\wbem\unsecapp.exe -Embedding
ExecutablePath: C:\Windows\system32\wbem\unsecapp.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: WerFault.exe
CommandLine: "C:\Windows\SysWOW64\WerFault.exe"
ExecutablePath: C:\Windows\SysWOW64\WerFault.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: wininit.exe
CommandLine: wininit.exe
ExecutablePath: C:\Windows\system32\wininit.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: winlogon.exe
CommandLine: winlogon.exe
ExecutablePath: C:\Windows\system32\winlogon.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: WmiPrvSE.exe
CommandLine: C:\Windows\system32\wbem\wmiprvse.exe
ExecutablePath: C:\Windows\system32\wbem\wmiprvse.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: wmpnetwk.exe
CommandLine: "C:\Program Files\Windows Media Player\wmpnetwk.exe"
ExecutablePath: C:\Program Files\Windows Media Player\wmpnetwk.exe
--------------------------------------------------------------------------------------------------------------------------------
Name: WUDFHost.exe
CommandLine: 
ExecutablePath: C:\Windows\System32\WUDFHost.exe
--------------------------------------------------------------------------------------------------------------------------------
1. Processes End
--------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------
2. Services (Detail Level: Basic) Start
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Acceso a dispositivo de interfaz humana
Name: hidserv
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Adaptador de escucha Net.Msmq
Name: NetMsmqActivator
Description: Recibe solicitudes de activación a través de los protocolos net.msmq y msmq.formatname y las envía al Servicio de activación de procesos de Windows.
Path Name: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Adaptador de escucha Net.Pipe
Name: NetPipeActivator
Description: Recibe solicitudes de activación a través del protocolo net.pipe y las envía al Servicio de activación de procesos de Windows.
Path Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Adaptador de escucha Net.Tcp
Name: NetTcpActivator
Description: Recibe solicitudes de activación a través del protocolo net.tcp y las envía al Servicio de activación de procesos de Windows.
Path Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Adaptador de rendimiento de WMI
Name: wmiApSrv
Description: Proporciona información sobre la biblioteca de rendimiento de proveedores del servicio Instrumental de administración de Windows (WMI) a clientes de la red. Este servicio sólo se ejecuta si el Ayudante de datos de rendimiento está activado.
Path Name: C:\Windows\system32\wbem\WmiApSrv.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Administración de certificados y claves de mantenimiento
Name: hkmsvc
Description: Proporciona servicios de administración de claves y de certificados X.509 para el Agente de Protección de acceso a redes (NAPAgent). Es posible que las tecnologías de aplicación que usen certificados X.509 no funcionen correctamente sin este servicio
Path Name: C:\Windows\System32\svchost.exe -k netsvcs
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Administración remota de Windows (WS-Management)
Name: WinRM
Description: 
Path Name: C:\Windows\System32\svchost.exe -k NetworkService
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Administrador de conexión automática de acceso remoto
Name: RasAuto
Description: Crea una conexión a una red remota siempre que un programa hace referencia a un nombre o dirección DNS o NetBIOS remoto.
Path Name: C:\Windows\System32\svchost.exe -k netsvcs
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Administrador de conexión de acceso remoto
Name: RasMan
Description: Administra conexiones de acceso telefónico y de red privada virtual (VPN) desde este equipo a Internet u otras redes remotas. Si se deshabilita este servicio, no se iniciará ningún otro servicio que dependa de forma explícita de él.
Path Name: C:\Windows\System32\svchost.exe -k netsvcs
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Administrador de credenciales
Name: VaultSvc
Description: Proporciona un almacenamiento seguro y la recuperación de credenciales para usuarios, aplicaciones y paquetes de servicios de seguridad.
Path Name: C:\Windows\system32\lsass.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Administrador de cuentas de seguridad
Name: SamSs
Description: 
Path Name: C:\Windows\system32\lsass.exe
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Administrador de identidad de redes de mismo nivel
Name: p2pimsvc
Description: 
Path Name: C:\Windows\System32\svchost.exe -k LocalServicePeerNet
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Administrador de sesión del Administrador de ventanas de escritorio
Name: UxSms
Description: Proporciona servicios de inicio y mantenimiento del Administrador de ventanas de escritorio
Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Adobe Acrobat Update Service
Name: AdobeARMservice
Description: Adobe Acrobat Updater keeps your Adobe software up to date.
Path Name: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Adobe Flash Player Update Service
Name: AdobeFlashPlayerUpdateSvc
Description: Este servicio mantiene actualizada la instalación de Adobe Flash Player con las últimas mejoras y soluciones de seguridad.
Path Name: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Adquisición de imágenes de Windows (WIA)
Name: stisvc
Description: Proporciona servicios de adquisición de imágenes para escáneres y cámaras.
Path Name: C:\Windows\system32\svchost.exe -k imgsvc
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Agente de directiva IPsec
Name: PolicyAgent
Description: 
Path Name: C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Agente de Protección de acceso a redes
Name: napagent
Description: 
Path Name: C:\Windows\System32\svchost.exe -k NetworkService
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Agrupación de red del mismo nivel
Name: p2psvc
Description: Permite la comunicación de varios participantes mediante Agrupación de punto a punto. Si se deshabilita, es posible que algunas aplicaciones, como Grupo Hogar, no funcionen.
Path Name: C:\Windows\System32\svchost.exe -k LocalServicePeerNet
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Aislamiento de claves CNG
Name: KeyIso
Description: 
Path Name: C:\Windows\system32\lsass.exe
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Almacenamiento protegido
Name: ProtectedStorage
Description: Ofrece almacenamiento protegido para la información confidencial, como contraseñas, para impedir el acceso de usuarios, procesos o servicios no autorizados.
Path Name: C:\Windows\system32\lsass.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: AMD External Events Utility
Name: AMD External Events Utility
Description: 
Path Name: C:\Windows\system32\atiesrxx.exe
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Aplicación auxiliar de NetBIOS sobre TCP/IP
Name: lmhosts
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Aplicación auxiliar IP
Name: iphlpsvc
Description: Proporciona conectividad de túnel mediante tecnologías de transición IPv6 (6to4, ISATAP, Proxy de puerto y Teredo) e IP-HTTPS. Si se detiene este servicio, el equipo no contará con los beneficios de conectividad mejorada que ofrecen estas tecnologías.
Path Name: C:\Windows\System32\svchost.exe -k NetSvcs
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Aplicación del sistema COM+
Name: COMSysApp
Description: 
Path Name: C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Asignador de detección de topologías de nivel de vínculo
Name: lltdsvc
Description: Crea un mapa de red con información sobre la topología de dispositivos y de equipos (conectividad) y los metadatos que describen cada equipo y dispositivo.  Si se deshabilita este servicio, el mapa de red no funcionará correctamente
Path Name: C:\Windows\System32\svchost.exe -k LocalService
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Asignador de extremos de RPC
Name: RpcEptMapper
Description: Resuelve identificadores de interfaces RPC en extremos de transporte. Si se detiene o deshabilita este servicio, los programas que usen servicios de llamada a procedimiento remoto (RPC) no funcionarán correctamente.
Path Name: C:\Windows\system32\svchost.exe -k RPCSS
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Audio de Windows
Name: AudioSrv
Description: Administra el audio para programas basados en Windows. Si este servicio se detiene, los dispositivos y efectos de audio no funcionarán correctamente. Si este servicio se deshabilita, no se podrá iniciar ningún servicio que dependa explícitamente de él.
Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: AVG Antivirus
Name: AVG Antivirus
Description: Gestiona e implementa servicios de AVG antivirus para este equipo. Incluye la protección en tiempo real, la cuarentena y el programador.
Path Name: "C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe"
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: avgbIDSAgent
Name: avgbIDSAgent
Description: Provides Identity Protection Against Cyber Crime.
Path Name: "C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe"
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Ayuda del Panel de control de Informes de problemas y soluciones
Name: wercplsupport
Description: Este servicio proporciona ayuda para ver, enviar y borrar los informes de problemas del nivel de sistema para el panel de control de los Informes de problemas y soluciones.
Path Name: C:\Windows\System32\svchost.exe -k netsvcs
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Brillo adaptable
Name: SensrSvc
Description: Supervisa los sensores de luz ambiental para detectar cambios en la luz ambiental y ajustar el brillo de la pantalla. Si se detiene o se deshabilita, el brillo de la pantalla no se adaptará a las condiciones de iluminación.
Path Name: C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Captura SNMP
Name: SNMPTRAP
Description: 
Path Name: C:\Windows\System32\snmptrap.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Centro de seguridad
Name: wscsvc
Description: 
Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Cliente de directiva de grupo
Name: gpsvc
Description: 
Path Name: C:\Windows\system32\svchost.exe -k GPSvcGroup
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Cliente de seguimiento de vínculos distribuidos
Name: TrkWks
Description: Mantiene los vínculos entre archivos NTFS dentro de un equipo o entre equipos de una red.
Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Cliente DHCP
Name: Dhcp
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Cliente DNS
Name: Dnscache
Description: 
Path Name: C:\Windows\system32\svchost.exe -k NetworkService
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Cliente web
Name: WebClient
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalService
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Cola de impresión
Name: Spooler
Description: Carga archivos en la memoria para imprimirlos más tarde.
Path Name: C:\Windows\System32\spoolsv.exe
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Compilador de extremo de audio de Windows
Name: AudioEndpointBuilder
Description: 
Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Conexión compartida a Internet (ICS)
Name: SharedAccess
Description: Proporciona servicios de traducción de direcciones de red, direccionamiento, resolución de nombres y prevención de intrusiones para una red doméstica o de oficina pequeña.
Path Name: C:\Windows\System32\svchost.exe -k netsvcs
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Conexiones de red
Name: Netman
Description: Administra objetos en la carpeta Conexiones de red y acceso telefónico, donde se pueden ver conexiones de red de área local y remotas.
Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Configuración automática de redes cableadas
Name: dot3svc
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Configuración automática de WLAN
Name: Wlansvc
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Configuración automática de WWAN
Name: WwanSvc
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Configuración de Escritorio remoto
Name: SessionEnv
Description: 
Path Name: C:\Windows\System32\svchost.exe -k netsvcs
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Coordinador de transacciones distribuidas
Name: MSDTC
Description: 
Path Name: C:\Windows\System32\msdtc.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Copias de seguridad de Windows
Name: SDRSVC
Description: Proporciona la funcionalidad de Copias de seguridad y restauración de Windows.
Path Name: C:\Windows\system32\svchost.exe -k SDRSVC
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Desfragmentador de disco
Name: defragsvc
Description: Proporciona funcionalidad de Desfragmentador de disco.
Path Name: C:\Windows\system32\svchost.exe -k defragsvc
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Detección de hardware shell
Name: ShellHWDetection
Description: Proporciona notificaciones sobre eventos de hardware AutoPlay.
Path Name: C:\Windows\System32\svchost.exe -k netsvcs
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Detección de servicios interactivos
Name: UI0Detect
Description: 
Path Name: C:\Windows\system32\UI0Detect.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Detección SSDP
Name: SSDPSRV
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Diagnostics Tracking Service
Name: DiagTrack
Description: The Diagnostics Tracking Service enables data collection about functional issues in Windows components.
Path Name: C:\Windows\System32\svchost.exe -k utcsvc
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Directiva de extracción de tarjetas inteligentes
Name: SCPolicySvc
Description: Permite configurar el sistema para bloquear el escritorio del usuario al quitar la tarjeta inteligente.
Path Name: C:\Windows\system32\svchost.exe -k netsvcs
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Disco virtual
Name: vds
Description: Proporciona servicios de administración para discos, volúmenes, sistemas de archivos y matrices de almacenamiento.
Path Name: C:\Windows\System32\vds.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Dispositivo host de UPnP
Name: upnphost
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: DLL de host del Contador de rendimiento
Name: PerfHost
Description: 
Path Name: C:\Windows\SysWow64\perfhost.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Energía
Name: Power
Description: Administra la directiva de energía y la entrega de notificaciones de dicha directiva.
Path Name: C:\Windows\system32\svchost.exe -k DcomLaunch
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Enrutamiento y acceso remoto
Name: RemoteAccess
Description: Ofrece servicios de enrutamiento a empresas en entornos de red de área local y extensa.
Path Name: C:\Windows\System32\svchost.exe -k netsvcs
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Enumerador de bus IP PnP-X
Name: IPBusEnum
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Escucha de Grupo Hogar
Name: HomeGroupListener
Description: 
Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Estación de trabajo
Name: LanmanWorkstation
Description: Crea y mantiene conexiones de red de cliente con servidores remotos con el protocolo SMB. Si se detiene este servicio, las conexiones dejarán de estar disponibles. Si se deshabilita, no podrá iniciarse ningún servicio que dependa explícitamente de él.
Path Name: C:\Windows\System32\svchost.exe -k NetworkService
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Examinador de equipos
Name: Browser
Description: 
Path Name: C:\Windows\System32\svchost.exe -k netsvcs
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Experiencia con aplicaciones
Name: AeLookupSvc
Description: Procesa las solicitudes de aplicaciones de la caché de compatibilidad de aplicaciones a medida que se inician.
Path Name: C:\Windows\system32\svchost.exe -k netsvcs
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Experiencia de calidad de audio y vídeo de Windows (qWave)
Name: QWAVE
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Fax
Name: Fax
Description: Le permite enviar y recibir faxes, con los recursos disponibles en este equipo o en la red.
Path Name: C:\Windows\system32\fxssvc.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Firewall de Windows
Name: MpsSvc
Description: Firewall de Windows ayuda a proteger su equipo al impedir que usuarios sin autorización obtengan acceso a su equipo a través de Internet o una red.
Path Name: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Google Chrome Elevation Service
Name: GoogleChromeElevationService
Description: 
Path Name: "C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe"
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Google Software Updater
Name: gusvc
Description: 
Path Name: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Hora de Windows
Name: W32Time
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalService
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Host de proveedor de detección de función
Name: fdPHost
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalService
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Host de sistema de diagnóstico
Name: WdiSystemHost
Description: El Servicio de directivas de diagnóstico usa el Host de sistema de diagnóstico para hospedar los diagnósticos que deben ejecutarse en un contexto de Sistema local. Si se detiene este servicio, los diagnósticos que dependan de él dejarán de funcionar.
Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Host del servicio de diagnóstico
Name: WdiServiceHost
Description: El Servicio de directivas de diagnóstico usa el Host del servicio de diagnóstico para hospedar los diagnósticos que deben ejecutarse en un contexto de Servicio local. Si se detiene este servicio, los diagnósticos que dependan de él dejarán de funcionar.
Path Name: C:\Windows\System32\svchost.exe -k LocalService
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: HP Network Devices Support
Name: HPSLPSVC
Description: Descubre y controla el estado y la configuración de los dispositivos HP unidos a la red. Si se detiene el servicio, y los dispositivos de la red cambian de dirección IP, podría no estar disponible
Path Name: C:\Windows\system32\svchost.exe -k HPService
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: hpqcxs08
Name: hpqcxs08
Description: 
Path Name: C:\Windows\system32\svchost.exe -k hpdevmgmt
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Identidad de aplicación
Name: AppIDSvc
Description: Determina y comprueba la identidad de una aplicación. Si se deshabilita este servicio, no se aplicará AppLocker.
Path Name: C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Información de la aplicación
Name: Appinfo
Description: 
Path Name: C:\Windows\system32\svchost.exe -k netsvcs
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Iniciador de procesos de servidor DCOM
Name: DcomLaunch
Description: 
Path Name: C:\Windows\system32\svchost.exe -k DcomLaunch
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Inicio de sesión secundario
Name: seclogon
Description: Habilita procesos de inicio bajo credenciales alternadas. Si se detiene, este tipo de acceso de inicio de sesión no estará disponible. Si el servicio está deshabilitado, cualquiera de los servicios que dependan explícitamente de él, no se iniciaran.
Path Name: C:\Windows\system32\svchost.exe -k netsvcs
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Instalador de ActiveX (AxInstSV)
Name: AxInstSV
Description: 
Path Name: C:\Windows\system32\svchost.exe -k AxInstSVGroup
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Instalador de módulos de Windows
Name: TrustedInstaller
Description: 
Path Name: C:\Windows\servicing\TrustedInstaller.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Instantáneas de volumen
Name: VSS
Description: 
Path Name: C:\Windows\system32\vssvc.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Instrumental de administración de Windows
Name: Winmgmt
Description: 
Path Name: C:\Windows\system32\svchost.exe -k netsvcs
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: KTMRM para DTC (Coordinador de transacciones distribuidas)
Name: KtmRm
Description: 
Path Name: C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Llamada a procedimiento remoto (RPC)
Name: RpcSs
Description: 
Path Name: C:\Windows\system32\svchost.exe -k rpcss
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Malwarebytes Service
Name: MBAMService
Description: Malwarebytes Service
Path Name: "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Microsoft .NET Framework NGEN v2.0.50727_X64
Name: clr_optimization_v2.0.50727_64
Description: Microsoft .NET Framework NGEN
Path Name: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Microsoft .NET Framework NGEN v2.0.50727_X86
Name: clr_optimization_v2.0.50727_32
Description: Microsoft .NET Framework NGEN
Path Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Microsoft .NET Framework NGEN v4.0.30319_X64
Name: clr_optimization_v4.0.30319_64
Description: Microsoft .NET Framework NGEN
Path Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Microsoft .NET Framework NGEN v4.0.30319_X86
Name: clr_optimization_v4.0.30319_32
Description: Microsoft .NET Framework NGEN
Path Name: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Microsoft Office Diagnostics Service
Name: odserv
Description: Ejecutar parte de los diagnósticos de Microsoft Office.
Path Name: "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Microsoft Office Groove Audit Service
Name: Microsoft Office Groove Audit Service
Description: 
Path Name: "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe"
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Módulos de creación de claves de IPsec para IKE y AuthIP
Name: IKEEXT
Description: 
Path Name: C:\Windows\system32\svchost.exe -k netsvcs
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Motor de filtrado de base
Name: BFE
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Mozilla Maintenance Service
Name: MozillaMaintenance
Description: 
Path Name: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Net Driver HPZ12
Name: Net Driver HPZ12
Description: 
Path Name: C:\Windows\System32\svchost.exe -k HPZ12
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Net Logon
Name: Netlogon
Description: 
Path Name: C:\Windows\system32\lsass.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Office Source Engine
Name: ose
Description: Guarda los archivos de instalación utilizados para las actualizaciones y reparaciones, y es necesario para descargar actualizaciones del programa de instalación e informes de error de Watson.
Path Name: "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Parental Controls
Name: WPCSvc
Description: Este servicio es un código auxiliar para la funcionalidad de Control parental de Windows que existió en Vista. Se proporciona solo con fines de compatibilidad con versiones anteriores.
Path Name: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Plug and Play
Name: PlugPlay
Description: Habilita un equipo para que reconozca y adapte los cambios de hardware con el menor esfuerzo por parte del usuario. Si se detiene o deshabilita este servicio, el sistema se volverá inestable.
Path Name: C:\Windows\system32\svchost.exe -k DcomLaunch
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Pml Driver HPZ12
Name: Pml Driver HPZ12
Description: 
Path Name: C:\Windows\System32\svchost.exe -k HPZ12
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Programador de aplicaciones multimedia
Name: MMCSS
Description: 
Path Name: C:\Windows\system32\svchost.exe -k netsvcs
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Programador de tareas
Name: Schedule
Description: 
Path Name: C:\Windows\system32\svchost.exe -k netsvcs
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Propagación de certificados
Name: CertPropSvc
Description: 
Path Name: C:\Windows\system32\svchost.exe -k netsvcs
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Protección de software
Name: sppsvc
Description: 
Path Name: C:\Windows\system32\sppsvc.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Protocolo de autenticación extensible
Name: EapHost
Description: 
Path Name: C:\Windows\System32\svchost.exe -k netsvcs
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Protocolo de resolución de nombres de mismo nivel
Name: PNRPsvc
Description: 
Path Name: C:\Windows\System32\svchost.exe -k LocalServicePeerNet
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Proveedor de Grupo Hogar
Name: HomeGroupProvider
Description: 
Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Proveedor de instantáneas de software de Microsoft
Name: swprv
Description: 
Path Name: C:\Windows\System32\svchost.exe -k swprv
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Publicación de recurso de detección de función
Name: FDResPub
Description: Publica este equipo y los recursos conectados a él para que puedan detectarse a través de la red. Si se detiene este servicio, los recursos de red dejarán de publicarse y no podrán detectarlos otros equipos de la red.
Path Name: C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Reconocimiento de ubicación de red
Name: NlaSvc
Description: 
Path Name: C:\Windows\System32\svchost.exe -k NetworkService
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Recopilador de eventos de Windows
Name: Wecsvc
Description: 
Path Name: C:\Windows\system32\svchost.exe -k NetworkService
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Registrador de configuración de Windows Connect Now
Name: wcncsvc
Description: 
Path Name: C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Registro de eventos de Windows
Name: eventlog
Description: 
Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Registro remoto
Name: RemoteRegistry
Description: 
Path Name: C:\Windows\system32\svchost.exe -k regsvc
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Registros y alertas de rendimiento
Name: pla
Description: 
Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio biométrico de Windows
Name: WbioSrvc
Description: 
Path Name: C:\Windows\system32\svchost.exe -k WbioSvcGroup
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio Cifrado de unidad BitLocker
Name: BDESVC
Description: 
Path Name: C:\Windows\System32\svchost.exe -k netsvcs
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de caché de fuentes de Windows
Name: FontCache
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalService
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de compatibilidad con Bluetooth
Name: bthserv
Description: 
Path Name: C:\Windows\system32\svchost.exe -k bthsvcs
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de compatibilidad de programas
Name: PcaSvc
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de detección automática de proxy web WinHTTP
Name: WinHttpAutoProxySvc
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalService
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de directivas de diagnóstico
Name: DPS
Description: El Servicio de directivas de diagnóstico permite detectar, solucionar y resolver problemas de componentes de Windows. Si se detiene este servicio, los diagnósticos dejarán de funcionar.
Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de entrada de Tablet PC
Name: TabletInputService
Description: Habilita la funcionalidad de lápiz y entrada de lápiz de Tablet PC
Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de estado de ASP.NET
Name: aspnet_state
Description: 
Path Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de Google Update (gupdate)
Name: gupdate
Description: 
Path Name: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de Google Update (gupdatem)
Name: gupdatem
Description: 
Path Name: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de lista de redes
Name: netprofm
Description: Identifica las redes a las que se conectó el equipo, recopila y almacena las propiedades de estas redes y notifica a las aplicaciones cuando estas propiedades cambian.
Path Name: C:\Windows\System32\svchost.exe -k LocalService
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de Media Center Extender
Name: Mcx2Svc
Description: Permite que los Media Center Extenders ubiquen el equipo y se conecten a él.
Path Name: C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de notificación de eventos de sistema
Name: SENS
Description: Supervisa los eventos de sistema y notifica a los suscriptores del sistema de eventos COM+ de estos eventos.
Path Name: C:\Windows\system32\svchost.exe -k netsvcs
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de notificación de SSP
Name: sppuinotify
Description: Proporciona notificación y activación de licencias de software.
Path Name: C:\Windows\system32\svchost.exe -k LocalService
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de perfil de usuario
Name: ProfSvc
Description: 
Path Name: C:\Windows\system32\svchost.exe -k netsvcs
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de protocolo de túnel de sockets seguros
Name: SstpSvc
Description: Ofrece compatibilidad con el protocolo de túnel de sockets seguros (SSTP) para conectarse con equipos remotos usando VPN. Si se deshabilita este servicio, los usuarios no podrán usar SSTP para tener acceso a servidores remotos.
Path Name: C:\Windows\system32\svchost.exe -k LocalService
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de publicación de nombres de equipo PNRP
Name: PNRPAutoReg
Description: Este servicio publica un nombre de equipo con el Protocolo de resolución de nombres de mismo nivel. La configuración se administra con el contexto netsh "p2p pnrp peer". 
Path Name: C:\Windows\System32\svchost.exe -k LocalServicePeerNet
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de puerta de enlace de nivel de aplicación
Name: ALG
Description: Proporciona compatibilidad entre los complementos de protocolo de terceros y la Conexión compartida a Internet
Path Name: C:\Windows\System32\alg.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de tecnologías de activación de Windows
Name: WatAdminSvc
Description: Realiza la validación de Windows 7.
Path Name: C:\Windows\system32\Wat\WatAdminSvc.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de transferencia inteligente en segundo plano (BITS)
Name: BITS
Description: 
Path Name: C:\Windows\System32\svchost.exe -k netsvcs
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de uso compartido de puertos Net.Tcp
Name: NetTcpPortSharing
Description: Ofrece la posibilidad de compartir puertos TCP a través del protocolo net.tcp.
Path Name: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio de uso compartido de red del Reproductor de Windows Media
Name: WMPNetworkSvc
Description: Comparte las bibliotecas del Reproductor de Windows Media con otros dispositivos multimedia  y reproductores en red mediante Plug and Play universal.
Path Name: "C:\Program Files\Windows Media Player\wmpnetwk.exe"
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio del iniciador iSCSI de Microsoft
Name: MSiSCSI
Description: 
Path Name: C:\Windows\system32\svchost.exe -k netsvcs
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio del módulo de copia de seguridad a nivel de bloque
Name: wbengine
Description: 
Path Name: "C:\Windows\system32\wbengine.exe"
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio enumerador de dispositivos portátiles
Name: WPDBusEnum
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio HP CUE DeviceDiscovery
Name: hpqddsvc
Description: Este servivio detecta y controla los dispositivos CUE del sistema.
Path Name: C:\Windows\system32\svchost.exe -k hpdevmgmt
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio Informe de errores de Windows
Name: WerSvc
Description: 
Path Name: C:\Windows\System32\svchost.exe -k WerSvcGroup
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio Interfaz de almacenamiento en red
Name: nsi
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalService
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio Programador de Windows Media Center
Name: ehSched
Description: Inicia y detiene la grabación de programas de TV en Windows Media Center.
Path Name: C:\Windows\ehome\ehsched.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicio Receptor de Windows Media Center
Name: ehRecvr
Description: Servicio de Windows Media Center para la recepción de difusión de TV y FM.
Path Name: C:\Windows\ehome\ehRecvr.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicios de cifrado
Name: CryptSvc
Description: 
Path Name: C:\Windows\system32\svchost.exe -k NetworkService
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servicios de Escritorio remoto
Name: TermService
Description: 
Path Name: C:\Windows\System32\svchost.exe -k NetworkService
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servidor
Name: LanmanServer
Description: 
Path Name: C:\Windows\system32\svchost.exe -k netsvcs
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Servidor de orden de subprocesos
Name: THREADORDER
Description: Ofrece la posibilidad de ejecutar de forma ordenada un grupo de subprocesos en un período de tiempo determinado.
Path Name: C:\Windows\system32\svchost.exe -k LocalService
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Sistema de cifrado de archivos (EFS)
Name: EFS
Description: Proporciona la tecnología de cifrado de archivos básica usada para almacenar archivos cifrados en volúmenes del sistema de archivos NTFS. Si este servicio se detiene o se deshabilita, las aplicaciones no podrán tener acceso a los archivos cifrados.
Path Name: C:\Windows\System32\lsass.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Sistema de color de Windows
Name: WcsPlugInService
Description: 
Path Name: C:\Windows\system32\svchost.exe -k wcssvc
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Sistema de eventos COM+
Name: EventSystem
Description: 
Path Name: C:\Windows\system32\svchost.exe -k LocalService
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Superfetch
Name: SysMain
Description: Mantiene y mejora el rendimiento del sistema a lo largo del tiempo.
Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Tarjeta inteligente
Name: SCardSvr
Description: Administra el acceso a tarjetas inteligentes leídas por el equipo. Si este servicio se detiene, el equipo no podrá leer las tarjetas inteligentes. Si este servicio está deshabilitado, cualquier servicio que explícitamente dependa de él no podrá iniciarse.
Path Name: C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Telefonía
Name: TapiSrv
Description: Ofrece compatibilidad con la API de telefonía (TAPI) para programas que controlan dispositivos de telefonía en el equipo local y, a través de la LAN, en servidores que también usan el servicio.
Path Name: C:\Windows\System32\svchost.exe -k NetworkService
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Temas
Name: Themes
Description: Proporciona administración de temas de experiencia de usuario.
Path Name: C:\Windows\System32\svchost.exe -k netsvcs
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Ubicador de llamada a procedimiento remoto (RPC)
Name: RpcLocator
Description: 
Path Name: C:\Windows\system32\locator.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Windows CardSpace
Name: idsvc
Description: Habilita la creación, administración y divulgación de identidades digitales de una manera segura.
Path Name: "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Windows Defender
Name: WinDefend
Description: Protección contra spyware y software potencialmente no deseado
Path Name: C:\Windows\System32\svchost.exe -k secsvcs
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Windows Driver Foundation - User-mode Driver Framework
Name: wudfsvc
Description: Crea y administra procesos de controlador en modo usuario. Este servicio no se puede detener.
Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Windows Installer
Name: msiserver
Description: Agrega, modifica y quita aplicaciones proporcionadas como paquetes de Windows Installer (*.msi). Si se deshabilita este servicio, no se podrá iniciar ninguno de los servicios que dependan explícitamente de él.
Path Name: C:\Windows\system32\msiexec.exe /V
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Windows Presentation Foundation Font Cache 3.0.0.0
Name: FontCache3.0.0.0
Description: 
Path Name: C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
State: Stopped
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Windows Search
Name: WSearch
Description: Proporciona indización de contenido, almacenamiento en caché de propiedades y resultados de búsqueda para archivos, correo electrónico y otro tipo de contenido.
Path Name: C:\Windows\system32\SearchIndexer.exe /Embedding
State: Running
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Windows Update
Name: wuauserv
Description: 
Path Name: C:\Windows\system32\svchost.exe -k netsvcs
State: Running
--------------------------------------------------------------------------------------------------------------------------------
2. Services End
--------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------
3. Software (Detail Level: Basic) Start
--------------------------------------------------------------------------------------------------------------------------------
Display Name: 64 Bit HP CIO Components Installer
Display Version: 6.2.1
Install Location: 
Publisher: Hewlett-Packard
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: 7-Zip 17.01 beta (x64)
Display Version: 17.01 beta
Install Location: C:\Program Files\7-Zip\
Publisher: Igor Pavlov
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
--------------------------------------------------------------------------------------------------------------------------------
Display Name: 7-Zip 9.20
Display Version: 
Install Location: 
Publisher: 
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Adobe Flash Player 32 ActiveX
Display Version: 32.0.0.303
Install Location: 
Publisher: Adobe
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Adobe Flash Player 32 NPAPI
Display Version: 32.0.0.303
Install Location: 
Publisher: Adobe
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Adobe Reader XI
Display Version: 11.0.00
Install Location: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\
Publisher: Adobe Systems Incorporated
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Adobe Refresh Manager
Display Version: 1.8.0
Install Location: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\
Publisher: Adobe Systems Incorporated
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824211354}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: AIO_CDA_ProductContext
Display Version: 130.0.365.000
Install Location: 
Publisher: Hewlett-Packard
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: AIO_CDA_Software
Display Version: 130.0.365.000
Install Location: 
Publisher: Hewlett-Packard
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A7AEE29F-839E-46B5-B347-6D430618129F}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: AIO_Scan
Display Version: 130.0.365.000
Install Location: 
Publisher: Hewlett-Packard
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: AMD Accelerated Video Transcoding
Display Version: 13.30.100.41120
Install Location: C:\Program Files\Common Files\ATI Technologies\Multimedia\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8F2415FA-72F2-F029-0450-4EB2FAE484C5}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: AMD Catalyst Control Center
Display Version: 2014.1120.2123.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Nombre de su organización
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6B254D2F-6F6F-5455-DD3B-E71E5C1C0C9A}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: AMD Catalyst Install Manager
Display Version: 8.0.916.0
Install Location: C:\Program Files\AMD\CIM\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: AMD Drag and Drop Transcoding
Display Version: 2.00.0000
Install Location: C:\Program Files\Common Files\ATI Technologies\Multimedia\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2AC0D43-9788-B1BD-B2A8-EFC758916BB1}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: AMD Wireless Display v3.0
Display Version: 1.0.0.15
Install Location: C:\Program Files\Common Files\ATI Technologies\Multimedia\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{426582A8-202F-D13C-8BD5-F00551BAFC93}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: AMD Wireless Display v3.0
Display Version: 1.0.0.15
Install Location: C:\Program Files\Common Files\ATI Technologies\Multimedia\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C16CD4C0-48EE-0F40-C9FD-0778EAF73FBD}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: AVG AntiVirus FREE
Display Version: 19.8.3108
Install Location: C:\Program Files (x86)\AVG\Antivirus
Publisher: AVG Technologies
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Antivirus
--------------------------------------------------------------------------------------------------------------------------------
Display Name: AVS Video Converter 9.1
Display Version: 9.1.4.574
Install Location: C:\Program Files (x86)\AVS4YOU\AVSVideoConverter\
Publisher: Online Media Technologies Ltd.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVS4YOU Video Converter 7_is1
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Backup and Sync from Google
Display Version: 3.47.7654.0300
Install Location: 
Publisher: Google, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{93EBD8BA-7A14-4636-8F1F-E929ADF2C3A9}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: BufferChm
Display Version: 130.0.331.000
Install Location: 
Publisher: Hewlett-Packard
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: C3100
Display Version: 130.0.365.000
Install Location: 
Publisher: Hewlett-Packard
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{354038F6-0A35-4C55-A80B-F86C4C1A6D38}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: c3100_Help
Display Version: 82.0.256.000
Install Location: 
Publisher: Hewlett-Packard
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: calibre 64bit
Display Version: 3.10.0
Install Location: C:\Program Files\Calibre2\
Publisher: Kovid Goyal
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{833153C0-7E32-4708-A0D8-24099CEF8F3E}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Call of Duty 2 versión 1.3.0.0
Display Version: 1.3.0.0
Install Location: C:\Program Files (x86)\Mr DJ\Call of Duty 2\
Publisher: Mr DJ
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Call of Duty 2_is1
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Call of Duty Modern Warfare 2
Display Version: 
Install Location: C:\Program Files (x86)\Activision\Modern Warfare 2\
Publisher: Activision
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Call of Duty Modern Warfare 2_is1
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Call of Duty(R) 4 - Modern Warfare(TM)
Display Version: 1.00.0000
Install Location: C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\
Publisher: Activision
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Call of Duty(R) 4 - Modern Warfare(TM)
Display Version: 1.00.0000
Install Location: C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\
Publisher: Activision
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E48469CC-635E-4FD5-A122-1497C286D217}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Catalyst Control Center - Branding
Display Version: 1.00.0000
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{11087D24-567D-7D88-69C6-D7A08B5F4C47}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Catalyst Control Center Graphics Previews Common
Display Version: 2014.1120.2123.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7481E13B-EC16-1B14-0E32-E88165CD4C57}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Catalyst Control Center Localization All
Display Version: 2014.1120.2123.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0FD2FF9-1BE9-E729-3878-9A603B5F1529}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Chinese Standard
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1543E140-FADF-9E99-D388-4435C2FBC55E}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Chinese Traditional
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B1977E93-5FC0-0BA4-2D5A-D3E69870C7D4}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Czech
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BBC9BF50-A35D-B0C2-9117-F3CA2F6BB64A}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Danish
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2C9A2369-162D-7AD7-D50F-5F59CEC8A046}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Dutch
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EEFDBD75-0BD9-AC5F-8F61-903C6A19C0ED}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help English
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4D594F78-0C6D-1442-61CC-94D735FEC05D}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Finnish
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8BD7C51C-0CC4-3E28-CFDC-F7D4C5583783}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help French
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0FE3F13F-8A37-46BA-F973-762F81E833C3}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help German
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{339647D6-A277-974F-FF29-83CA6284559B}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Greek
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6AE0A655-9BB8-460E-1956-ED37E3B221FA}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Hungarian
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2D61415B-F99C-8161-F452-760B6E441428}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Italian
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8ECCC07B-83E3-3877-26DF-815CD2B30749}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Japanese
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D94F2DE6-55B4-B211-A381-54089BC791A0}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Korean
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85092B2-8FB5-5A8C-B27A-69A3D78979D8}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Norwegian
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{894CBED0-8225-D59B-5632-D01B14C6D520}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Polish
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8FB0D-9407-429D-C412-FAE0A318A8AE}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Portuguese
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7FE73251-50FA-E864-67EB-19C4BC7AA1C9}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Russian
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7ABA4B54-3672-0548-C1CC-97405F767061}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Spanish
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5958C669-28BF-D667-A004-E6FBF448027D}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Swedish
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{988949CE-DE9A-D187-A010-22B9085FB813}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Thai
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{637B1239-84B7-0B0F-2549-7020CA57C831}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCC Help Turkish
Display Version: 2014.1120.2122.38423
Install Location: C:\Program Files (x86)\AMD\
Publisher: Advanced Micro Devices, Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FB415F81-DC5E-ED99-D2FE-3DC4D88BCA58}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: CCleaner
Display Version: 5.62
Install Location: C:\Program Files\CCleaner
Publisher: Piriform
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Comical 0.8
Display Version: 
Install Location: C:\Program Files (x86)\Comical\
Publisher: James Athey
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Comical_is1
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Commandos 2 and 3
Display Version: 
Install Location: C:\Program Files (x86)\GOG.com\Commandos 2 and 3\
Publisher: GOG.com
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Commandos 2 and 3_is1
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Compresor WinRAR
Display Version: 
Install Location: 
Publisher: 
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Copy
Display Version: 130.0.428.000
Install Location: 
Publisher: Hewlett-Packard
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: DAEMON Tools Lite
Display Version: 4.48.1.0347
Install Location: 
Publisher: Disc Soft Ltd
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite
--------------------------------------------------------------------------------------------------------------------------------
Display Name: DDS Converter
Display Version: 
Install Location: C:\Program Files (x86)\DDS Converter\
Publisher: ddsconverter.com
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F5E193F-D7E8-4BC5-9B23-DE46BE1014DF}_is1
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Defcon v1.43
Display Version: 
Install Location: C:\Program Files (x86)\Defcon\
Publisher: Introversion Software Ltd
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Defcon_is1
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Destinations
Display Version: 130.0.0.0
Install Location: 
Publisher: Hewlett-Packard
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: DeviceDiscovery
Display Version: 130.0.465.000
Install Location: 
Publisher: Hewlett-Packard
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: DocProc
Display Version: 13.0.0.0
Install Location: 
Publisher: Hewlett-Packard
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B362566-EC1B-4700-BB9C-EC661BDE2175}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Estudio para la mejora del producto HP DeskJet 3630 series
Display Version: 35.0.61.54677
Install Location: 
Publisher: Hewlett-Packard Co.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5739BABA-CEA7-4977-81AB-9C42B9897F8A}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Extended Asian Language font pack for Adobe Reader XI
Display Version: 11.0.09
Install Location: C:\Program Files (x86)\Adobe\Reader 11.0\
Publisher: Adobe Systems Incorporated
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-2530-0000-A00000000049}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Fax
Display Version: 130.0.418.000
Install Location: 
Publisher: Hewlett-Packard
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{440B915A-0C85-45DB-92AE-75AE14704A64}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: FBReader for Windows
Display Version: 
Install Location: 
Publisher: 
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FBReader for Windows
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Google Chrome
Display Version: 79.0.3945.88
Install Location: C:\Program Files (x86)\Google\Chrome\Application
Publisher: Google LLC
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Google Toolbar for Internet Explorer
Display Version: 1.0.0
Install Location: C:\Program Files (x86)\Google\Installers\
Publisher: Google Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Google Toolbar for Internet Explorer
Display Version: 7.5.8231.2252
Install Location: C:\Program Files (x86)\Google\Google Toolbar\
Publisher: Google Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Google Update Helper
Display Version: 1.3.35.421
Install Location: 
Publisher: Google LLC
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Google Update Helper
Display Version: 1.3.25.11
Install Location: 
Publisher: Google Inc.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: GPBaseService2
Display Version: 130.0.371.000
Install Location: 
Publisher: Hewlett-Packard
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63FF21C9-A810-464F-B60A-3111747B1A6D}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: Grand Theft Auto Vice City
Display Version: 1.00.000
Install Location: C:\Program Files (x86)\Rockstar Games\Grand Theft Auto Vice City
Publisher: 
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: HP DeskJet 3630 series Ayuda
Display Version: 35.0.0
Install Location: 
Publisher: Hewlett Packard
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B53FAA7E-9898-42BE-8C80-A9CA84298CAB}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: HP DeskJet 3630 series Software básico del dispositivo
Display Version: 35.0.61.54677
Install Location: 
Publisher: Hewlett-Packard Co.
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC268722-D47E-4BB9-A8F7-E205978D45E8}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: HP Imaging Device Functions 13.0
Display Version: 13.0
Install Location: 
Publisher: HP
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Imaging Device Functions
--------------------------------------------------------------------------------------------------------------------------------
Display Name: HP Photo Creations
Display Version: 1.0.0.7702
Install Location: C:\ProgramData\HP Photo Creations
Publisher: HP
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo Creations
--------------------------------------------------------------------------------------------------------------------------------
Display Name: HP Photosmart All-In-One Driver Software 13.0 Rel. A
Display Version: 13.0
Install Location: 
Publisher: HP
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{17016DA1-F040-4032-BD36-34DD317BC9D5}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: HP Photosmart Essential 3.5
Display Version: 3.5
Install Location: 
Publisher: HP
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Photosmart Essential
--------------------------------------------------------------------------------------------------------------------------------
Display Name: HP Smart Web Printing 4.51
Display Version: 4.51
Install Location: 
Publisher: HP
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Smart Web Printing
--------------------------------------------------------------------------------------------------------------------------------
Display Name: HP Solution Center 13.0
Display Version: 13.0
Install Location: 
Publisher: HP
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Solution Center & Imaging Support Tools
--------------------------------------------------------------------------------------------------------------------------------
Display Name: HP Update
Display Version: 5.005.002.002
Install Location: C:\Program Files (x86)\Hp\HP Software Update
Publisher: Hewlett-Packard
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}
--------------------------------------------------------------------------------------------------------------------------------
Display Name: HPPhotoGadget
Display Version: 130.0.282.000
Install Location: 
Publisher: Hewlett-Packard
Registry Path: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CAE4213F-F797-439D-BD9E-79B71D115BE3}
--------------------------------------------------------------------------------------------------------------------------------

vuelvas a usar/ejecutar FRST, pero en esta ocasión lo haces de la siguiente manera, en el cuadro de búsqueda/Search escribes lo siguiente :

SearchAll: *.au3

Copia y pegalo tal cual esta escrito y a continuación pulsas en el botón Search_Files.

Esperas a que se realice el proceso de búsqueda y al terminar se abrirá un archivo(search.txt) que ademas quedara ubicado en tu escritorio, copia y pega su contenido en tu próxima respuesta.

1 me gusta

2 mensajes han sido unidos a un tema existente: Windows 7 e internet muy lento. Desespera hacer algo

No parece haber encontrado nada

Farbar Recovery Scan Tool (x64) Versión: 24-12-2019 01
Ejecutado por Usuario (24-12-2019 16:23:09)
Ejecutado desde C:\Users\Usuario\Desktop
Modo de Inicio: Normal

================== Buscar Archivos: "SearchAll: *.au3" =============

Archivo:
========

carpeta:
========

Registro:
========


====== Final de Buscar ======

Habilita la vista de carpetas y archivos ocultos y mira si tienes esta carpeta:

C:\ProgramData\Intel \ Wireless

1 me gusta

La carpeta existe y contiene un ejecutable en su interior.

Entra en modo seguro y elimina la carpeta que te indique, si te deja, reinicias el PC y comentas cómo va el problema

Tras la eliminacion y el reinicio, el proceso malicioso no ha aparecido de nuevo en el administrador de tareas.

Lo monitonizare durante el resto del dia para confirmar su eliminacion.

Ok, pruebas y comenta.

Despues de 10 horas de uso ordinario, incluidos varios apagados, el proceso malicioso no ha reaparecido.

El caso puede darse por cerrado. Muchas gracias por su tiempo y la ayuda prestada.

MAMV

Para eliminar las herramientas usadas en la desinfección, realizas:

  • Descargas y Ejecutas >> Delfix, en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)

  • Marca solamente la casilla Remove disinfection tools

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.


Me alegro de haberte podido ayudar! :+1:


TEMA SOLUCIONADO