problema-con-trojan-agent-autoIt


#1

vi el mismo problema en otro post segui los pasos pero no he podido eliminarlo voy a enviar todos los informes que poneis en el otro post


#2

Hola, y bienvenido.

Que herramientas has utilizado? Termina los pasos que as leído en el otro post y pega los reportes de cada uno que usaste, revisare que lo hayas seguido correctamente.

Saludos.


#3

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 9/11/18
Hora del análisis: 23:14
Archivo de registro: e44a6bde-e46c-11e8-a8e9-48ba4e4fa2dc.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.482
Versión del paquete de actualización: 1.0.7775
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.345)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-FG526E6\nacho

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 272620
Amenazas detectadas: 1
Amenazas en cuarentena: 0
Tiempo transcurrido: 1 min, 52 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 1
Trojan.Agent.AutoIt, HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|4C76B0B8, Sin acciones por parte del usuario, [4802], [593741],1.0.7775

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

#4

El reporte indica sin acciones por parte tuya, y te detecto el Trojan.Agent.AutoIt, el virus causante. Seguiras los pasos indicados mas abajo, y pega el contenido de los reportes en tu respuesta, y no el mismo archivo si no te lo es solicitado.

1) Malwarebytes’ Anti-Malware,

Manual Malwarebytes , para que sepas usarlo y configurarlo.

  • Realiza un Análisis Personalizado, haciendo click en la sección “Analizar” y seguidamente haciendo click “Analisis personalizado” en y luego click en “Configurar análisis”, marcando Todas las casillas de la derecha y de la Izquierda actualizando si te lo pide.
  • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
  • Para acceder posteriormente al informe del análisis : Informes >> Registro de análisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

2) Descarga Adwcleaner en el escritorio.

  • Desactiva tu antivirus :arrow_forward: Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona “Ejecutar como Administrador.”)
  • Pulsar en el botón Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Iniciar Reparacion.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Si no encuentra nada, pulsamos “Omitir Reparación”
  • El log lo encontramos en la pestaña “Informes”, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"

Puedes mirar su manual >> Manual de Adwcleaner

3) Descarga Ccleaner

Instalalo y ejecútalo. En la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

Pega los reportes de Malwarebytes, AdwCleaner y comentas como va el problema.

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo :

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA(programas/software/complementos/extensiones del navegador…)
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…)
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

:warning: Muy Importante :warning: Envuelve cada uno de los informes con una etiqueta escrita CODE_Inicial al inicio del informe y otra como este CODE_Final al final del mismo.

Saludos


#5

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 10/11/18
Hora del análisis: 20:36
Archivo de registro: f09e5a04-e51f-11e8-832b-48ba4e4fa2dc.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.482
Versión del paquete de actualización: 1.0.7787
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.345)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-FG526E6\nacho

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 512450
Amenazas detectadas: 9
Amenazas en cuarentena: 8
Tiempo transcurrido: 2 hr, 15 min, 49 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 1
Trojan.Agent.AutoIt, HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|4C76B0B8, En cuarentena, [4803], [593741],1.0.7787

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 8
RiskWare.GameHack, C:\PROGRAM FILES (X86)\SEGA\TOTAL WAR ROME II - EMPEROR EDITION\STEAM_API.DLL, Error durante la eliminación, [7815], [305544],1.0.7787
CrackTool.Agent.Steam, D:\ORDEN DEL EQUIPO\JUEGOS\THE ELDER SCROLLS V SKYRIM - LEGENDARY EDITION\STEAM_API.DLL, En cuarentena, [8214], [352888],1.0.7787
PUP.Optional.ASK, D:\ORDEN DEL EQUIPO\ORDEN DEL EQUIPO\CARPETA CON TODAS LAS CARPETAS\LOCURA Z\SETUPIMGBURN_2.5.7.0.EXE, En cuarentena, [2], [383618],1.0.7787
PUP.Optional.ASK, D:\ORDEN DEL EQUIPO\ORDEN DEL EQUIPO\CARPETA CON TODAS LAS CARPETAS\VARIOS PROGRAMAS BUENOS\SETUPIMGBURN_2.5.6.0.EXE, En cuarentena, [2], [383618],1.0.7787
PUP.Optional.InstallCore, D:\ORDEN DEL EQUIPO\ORDEN DEL EQUIPO\INSTALADORES\ROCKETDOCK-V1.3.5_3677170812.EXE, En cuarentena, [405], [543619],1.0.7787
Generic.Malware/Suspicious, D:\ORDEN DEL EQUIPO\ORDEN DEL EQUIPO\VARIOS PERICO\NUEVA CARPETA (2)\NUEVA CARPETA.ZIP, En cuarentena, [0], [392686],1.0.7787
Generic.Malware/Suspicious, D:\ORDEN DEL EQUIPO\ORDEN DEL EQUIPO\VARIOS PERICO\WINDOWS 10\COMPRIMIDOS\REGISTROS.EXE, En cuarentena, [0], [392686],1.0.7787
PUP.Optional.InstallCore, D:\ORDEN DEL EQUIPO\VARIOS\ROCKETDOCK-V1.3.5_3677170812.EXE, En cuarentena, [405], [543619],1.0.7787

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

#6

-------------------------------


# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-11-05.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-10-2018
# Duration: 00:00:00
# OS:       Windows 10 Home
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\4C76B0B8

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1278 octets] - [09/11/2018 22:43:53]
AdwCleaner[C00].txt - [1444 octets] - [09/11/2018 22:44:02]
AdwCleaner[S01].txt - [1400 octets] - [09/11/2018 23:23:29]
AdwCleaner[C01].txt - [1566 octets] - [09/11/2018 23:23:41]
AdwCleaner[S02].txt - [1522 octets] - [10/11/2018 23:07:58]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

#7

el problema es rarito ya despues de haber hecho las acciones que me has recomendado he pasado el malware en busqueda de amenzas y estaba limpio pero al rato de reiniciarlo y tal lo he vuelto a pasar para decir con toda seguridad que estaba terminado el problema y vuelve a estar el maldito troyano


#8

Hola, con permiso

Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo


#9

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 45%
Total physical RAM: 8146.75 MB
Available physical RAM: 4423.46 MB
Total Virtual: 18146.75 MB
Available Virtual: 12287.41 MB

==================== Drives ================================

Drive c: (Disco SSD Sistema) (Fixed) (Total:223.45 GB) (Free:95.45 GB) NTFS
Drive d: (Disco Almacen) (Fixed) (Total:916.1 GB) (Free:453.27 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:14.18 GB) (Free:14.12 GB) NTFS

\\?\Volume{be664dd2-a461-43f4-b503-4a20b9618c43}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.56 GB) NTFS
\\?\Volume{efa9538e-cdcf-4ba5-911a-736cad146bb8}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 20BAD317)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 266283E0)

Partition: GPT.

==================== End of Addition.txt ============================

#10

LastRegBack: 2018-07-05 00:39

==================== End of FRST.txt ============================

#11

Hola

No están completos los reportes, tienes que poner todo lo que hay en los informes.

Un saludo


#12

estan completos es los dos archivos que ha generado el FRST


#13
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.11.2018
Ran by nacho (administrator) on DESKTOP-FG526E6 (12-11-2018 18:46:25)
Running from C:\Users\nacho\Desktop
Loaded Profiles: nacho (Available Profiles: nacho)
Platform: Windows 10 Home Version 1803 17134.345 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(HP) C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(HP.Inc) C:\Program Files\HP\OMEN Ally\HPOMENBG.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Simnet Ltd. ) C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(BitTorrent Inc.) C:\Users\nacho\AppData\Roaming\uTorrent Web\utweb.exe
(Gaijin Entertainment) C:\Users\nacho\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12091.4.37126.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systeminfo.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Free Time Co., Ltd.) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Spotify Ltd) C:\Users\nacho\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\nacho\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\nacho\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\nacho\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\nacho\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279424 2018-06-28] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-07-21] (Intel Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709160 2018-05-22] (HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324592 2017-10-31] (HP)
HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\Run: [Spotify] => C:\Users\nacho\AppData\Roaming\Spotify\Spotify.exe [25162472 2018-10-24] (Spotify Ltd)
HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-08] (Valve Corporation)
HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\Run: [Simple Sticky Notes] => C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe [1432000 2018-06-19] (Simnet Ltd. )
HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5453776 2018-06-22] (SecureMix LLC)
HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\Run: [utweb] => C:\Users\nacho\AppData\Roaming\uTorrent Web\utweb.exe [5456560 2018-09-06] (BitTorrent Inc.)
HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\Run: [Gaijin.Net Agent] => C:\Users\nacho\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2125384 2018-10-28] (Gaijin Entertainment)
HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19467544 2018-10-23] (Piriform Ltd)
HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\Run: [4c76b0b8] => C:\ProgramData\4c76b0b8\4c76b0b8.exe C:\ProgramData\4c76b0b8\test.au3
HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\Run: [4c76b0b82] => C:\ProgramData\abimRU\4c76b0b8.exe [937776 2018-11-12] (AutoIt Team)
HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\Run: [WallpaperHd] => C:\Users\nacho\AppData\Local\WallpaperHd\WallpaperHd.exe [1820672 2018-01-06] (WallpaperHd)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Windows\System32\Magnify.exe [809472 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Windows\System32\Magnify.exe [809472 2018-04-12] (Microsoft Corporation)
Startup: C:\Users\nacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\14c76b0b8bc6af7c224906cf9a0a4621.lnk [2018-11-10]
ShortcutTarget: 14c76b0b8bc6af7c224906cf9a0a4621.lnk -> C:\ProgramData\DoLPPE\4c76b0b8.exe (AutoIt Team)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{6d625127-bbb9-4ff3-a120-4cf8344ff85d}: [DhcpNameServer] 80.58.61.250 80.58.61.254

Internet Explorer:
==================
HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2018-11-12] (McAfee, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2018-05-04] (HP Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2018-11-12] (McAfee, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2018-05-04] (HP Inc.)

FireFox:
========
FF DefaultProfile: 0lrb513m.default
FF ProfilePath: C:\Users\nacho\AppData\Roaming\Mozilla\Firefox\Profiles\0lrb513m.default [2018-11-12]
FF Homepage: Mozilla\Firefox\Profiles\0lrb513m.default -> hxxps://greatergood.com/
FF Extension: (Ant Video downloader) - C:\Users\nacho\AppData\Roaming\Mozilla\Firefox\Profiles\0lrb513m.default\Extensions\[email protected] [2018-11-07]
FF Extension: (Video DownloadHelper) - C:\Users\nacho\AppData\Roaming\Mozilla\Firefox\Profiles\0lrb513m.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-11-07]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2018-11-12]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-09] ()
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-09] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-05] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\nacho\AppData\Local\Google\Chrome\User Data\Default [2018-11-12]
CHR Extension: (Documentos) - C:\Users\nacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-05]
CHR Extension: (Google Drive) - C:\Users\nacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-05]
CHR Extension: (YouTube) - C:\Users\nacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-05]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\nacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-11-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\nacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-28]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\nacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-05]
CHR Extension: (Gmail) - C:\Users\nacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-05]
CHR Extension: (Chrome Media Router) - C:\Users\nacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-10-21] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [779392 2018-08-24] (EasyAntiCheat Ltd)
R2 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1651792 2017-10-27] (Intel Corporation)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4328400 2018-06-22] (SecureMix LLC)
S3 HnGService; C:\Program Files (x86)\Heroes & Generals\live\hngservice.exe [754984 2018-08-31] (Reto-Moto ApS)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc.)
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077752 2016-09-28] (HP)
R2 hpsrv; C:\Program Files (x86)\HP\HP 3D DriveGuard\hpservice.exe [28192 2017-11-20] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-07-21] (Intel Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [542320 2017-12-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-16] (Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-16] (Intel(R) Corporation)
S2 IntelAudioService; C:\Windows\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [204128 2018-08-24] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [214672 2018-02-19] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [675736 2018-11-12] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265824 2018-04-17] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [268232 2018-06-28] (Realtek Semiconductor)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [351832 2018-01-17] (Synaptics Incorporated)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2302184 2018-02-27] (Intel Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-22] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-22] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18264 2017-09-27] (Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848288 2018-04-17] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\Windows\System32\drivers\Accelerometer.sys [55696 2018-08-31] (HP)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [76696 2017-10-27] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [70040 2017-10-27] (Intel Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [399264 2017-10-27] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-11-06] (Malwarebytes)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
R0 hpdskflt; C:\Windows\System32\drivers\hpdskflt.sys [42384 2018-08-31] (HP)
S0 iaStorAC; C:\Windows\System32\drivers\iaStorAC.sys [942128 2018-02-13] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [38424 2017-09-15] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198000 2018-11-09] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [119136 2018-11-11] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [63768 2018-11-11] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-11-10] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [111152 2018-11-12] (Malwarebytes)
R3 mfesapsn; C:\Program Files\McAfee\WebAdvisor\mfesapsn.sys [111976 2018-11-12] (McAfee, Inc.)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\Windows\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [8709144 2018-05-13] (Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_35284c26eeac82cf\nvlddmkm.sys [17200392 2018-06-25] (NVIDIA Corporation)
S0 nvpciflt; C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_35284c26eeac82cf\nvpciflt.sys [48040 2018-06-25] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2018-07-05] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1010624 2017-12-21] (Realtek )
R1 rtf64; C:\Windows\system32\DRIVERS\rtf64x64.sys [46592 2017-02-23] (Realtek)
R3 RTSPER; C:\Windows\System32\drivers\RtsPer.sys [864704 2017-11-15] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [46680 2018-01-17] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [32264 2015-07-22] (Creative Technology Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46184 2018-10-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [328696 2018-10-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-22] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [35568 2018-08-31] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-12 18:48 - 2018-11-12 18:48 - 000000000 ____D C:\ProgramData\GsZCeBv
2018-11-12 15:17 - 2012-09-16 17:11 - 000000058 _____ C:\Users\nacho\Downloads\CINE CLASICO ON LINE.url
2018-11-12 15:17 - 2012-09-16 17:11 - 000000057 _____ C:\Users\nacho\Downloads\DESCARGA CINE CLASICO.COM.url
2018-11-12 15:16 - 2013-02-20 19:22 - 825046440 _____ C:\Users\nacho\Downloads\EUROPA_EUROPA_1990_CASTELLANO_FINKBRAU.descargacineclasico.com.avi
2018-11-12 13:56 - 2018-11-12 13:56 - 000000000 ____D C:\Users\nacho\AppData\Local\WallpaperHd
2018-11-12 13:56 - 2018-11-12 13:56 - 000000000 ____D C:\Program Files\McAfee
2018-11-12 13:55 - 2018-11-12 13:56 - 000000000 ____D C:\ProgramData\McAfee
2018-11-12 13:55 - 2018-11-12 13:55 - 000003750 _____ C:\Windows\System32\Tasks\Goodgame Empire2
2018-11-12 13:55 - 2018-11-12 13:55 - 000003750 _____ C:\Windows\System32\Tasks\Goodgame Empire1
2018-11-12 13:55 - 2018-11-12 13:55 - 000003750 _____ C:\Windows\System32\Tasks\Goodgame Empire0
2018-11-12 13:55 - 2018-11-12 13:55 - 000001157 _____ C:\Users\nacho\Desktop\Format Factory.lnk
2018-11-12 13:55 - 2018-11-12 13:55 - 000000000 ____D C:\Users\nacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Empire
2018-11-12 13:55 - 2018-11-12 13:55 - 000000000 ____D C:\Users\nacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2018-11-12 13:55 - 2018-11-12 13:55 - 000000000 ____D C:\Users\nacho\AppData\Roaming\Goodgame Empire
2018-11-12 13:45 - 2018-11-12 15:17 - 1423583232 _____ C:\Users\nacho\Downloads\El amor y otras cosas imposibles (BR-Screener) (EliteTorrent.net).avi
2018-11-12 13:40 - 2018-11-12 13:42 - 000000000 ____D C:\Users\nacho\Desktop\La playa (2000) [WEB-DL-XviD-AC3][Castellano]
2018-11-12 13:39 - 2018-11-12 15:23 - 000000000 ____D C:\Users\nacho\Desktop\Peliculas Victor
2018-11-12 13:39 - 2018-05-22 16:37 - 856522752 _____ C:\Users\nacho\Desktop\K-Pax m1080p www.DESCARGASMIX.com.mkv
2018-11-12 13:08 - 2018-11-12 13:08 - 000000000 ____D C:\Users\nacho\Downloads\La casa de mi vida.[ToDoTorrente.com]
2018-11-12 12:59 - 2018-11-12 18:44 - 375390208 _____ C:\Users\nacho\Downloads\Captain.Fantastic.DVDR.[Eng-Spa].[www.MoviesDVDR.com].iso
2018-11-12 12:58 - 2018-11-12 12:58 - 002194439 _____ C:\Users\nacho\Downloads\yo soy sam movie on Vimeo.mp4
2018-11-12 12:51 - 2018-11-12 14:27 - 2063544320 _____ C:\Users\nacho\Downloads\Recuerdame (BR-Screener) (EliteTorrent.net).avi
2018-11-12 12:46 - 2018-11-12 14:04 - 825046812 _____ C:\Users\nacho\Downloads\EUROPA_CASTELLANO_FINKBRAU.descargacineclasico.com.rar
2018-11-12 11:24 - 2018-11-12 18:47 - 000023585 _____ C:\Users\nacho\Desktop\FRST.txt
2018-11-12 11:24 - 2018-11-12 11:24 - 000001167 _____ C:\Users\nacho\Desktop\Addition.txt
2018-11-12 11:21 - 2018-11-12 11:21 - 000000000 ____D C:\Users\nacho\Desktop\FRST-OlderVersion
2018-11-12 01:04 - 2018-11-12 01:04 - 000000000 ___HD C:\OneDriveTemp
2018-11-11 21:44 - 2018-11-12 17:09 - 000111152 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-11-11 21:44 - 2018-11-11 21:44 - 000119136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-11-11 21:44 - 2018-11-11 21:44 - 000063768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-11-11 21:44 - 2018-11-11 21:44 - 000000000 ___HD C:\ProgramData\temp
2018-11-10 23:20 - 2018-11-10 23:20 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-11-10 23:13 - 2018-11-10 23:13 - 000151238 _____ C:\Users\nacho\Desktop\cc_20181110_231302.reg
2018-11-10 23:09 - 2018-11-10 23:09 - 000001688 _____ C:\Users\nacho\Desktop\AdwCleaner[C02].txt
2018-11-10 23:06 - 2018-11-10 23:06 - 000002876 _____ C:\Users\nacho\Desktop\informe del malwareantimalware.txt
2018-11-09 23:25 - 2018-11-09 23:25 - 000001566 _____ C:\Users\nacho\Desktop\AdwCleaner[C01].txt
2018-11-09 22:47 - 2018-11-09 22:47 - 000000000 ____D C:\ProgramData\eWgqfFK
2018-11-09 22:42 - 2018-11-09 22:43 - 007592144 _____ (Malwarebytes) C:\Users\nacho\Desktop\adwcleaner_7.2.4.0.exe
2018-11-09 22:31 - 2018-11-09 22:31 - 018072104 _____ (Piriform Ltd) C:\Users\nacho\Desktop\ccsetup548.exe
2018-11-09 22:31 - 2018-11-09 22:31 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-11-09 22:31 - 2018-11-09 22:31 - 000002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-11-09 22:31 - 2018-11-09 22:31 - 000000880 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-09 22:31 - 2018-11-09 22:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-11-09 22:31 - 2018-11-09 22:31 - 000000000 ____D C:\Program Files\CCleaner
2018-11-09 22:27 - 2018-11-09 22:27 - 001790024 _____ (Malwarebytes) C:\Users\nacho\Desktop\JRT.exe
2018-11-09 22:26 - 2018-11-09 22:43 - 000000000 ____D C:\AdwCleaner
2018-11-09 22:11 - 2018-11-09 22:56 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2018-11-09 22:04 - 2018-11-09 22:04 - 000000036 _____ C:\Users\nacho\Downloads\Apagar Windows 8-Iniciar a prueba de fallos.bat
2018-11-09 09:03 - 2018-09-04 23:36 - 001476904 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2018-11-09 04:12 - 2018-11-09 04:12 - 000000000 ____D C:\ProgramData\DoLPPE
2018-11-09 04:06 - 2018-11-09 04:10 - 000000000 ____D C:\ProgramData\uEVPOBCc
2018-11-09 04:04 - 2018-11-12 18:46 - 000000000 ____D C:\FRST
2018-11-09 04:03 - 2018-11-12 11:21 - 002415616 _____ (Farbar) C:\Users\nacho\Desktop\FRST64.exe
2018-11-09 03:40 - 2018-11-09 03:40 - 000000036 _____ C:\Users\nacho\Desktop\Apagar Windows 8-Iniciar a prueba de fallos.bat
2018-11-09 03:34 - 2018-11-09 22:54 - 000000247 _____ C:\DelFix.txt
2018-11-09 03:34 - 2018-11-09 03:34 - 000000000 ____D C:\Windows\ERUNT
2018-11-09 03:33 - 2018-11-09 03:33 - 000797760 _____ C:\Users\nacho\Desktop\delfix_1.013.exe
2018-11-08 22:14 - 2018-11-09 00:07 - 000000000 ____D C:\Windows\Minidump
2018-11-08 13:52 - 2018-11-08 14:32 - 1817319424 _____ C:\Users\nacho\Downloads\Sombras tenebrosas (HDRip) (EliteTorrent.net).avi
2018-11-07 15:16 - 2018-11-07 15:16 - 000000000 ____D C:\videos descargados
2018-11-07 15:13 - 2018-11-12 13:36 - 000000000 ____D C:\Users\nacho\Downloads\Ant Videos
2018-11-07 15:12 - 2018-11-10 14:39 - 000000000 ____D C:\Users\nacho\dwhelper
2018-11-07 15:12 - 2018-11-07 15:12 - 000000000 ____D C:\Program Files\net.downloadhelper.coapp
2018-11-07 15:11 - 2018-11-07 15:11 - 000000000 ____D C:\Users\nacho\AppData\Roaming\Ant.com
2018-11-07 15:10 - 2018-11-07 15:11 - 039926376 _____ (DownloadHelper ) C:\Users\nacho\Downloads\VdhCoAppSetup-1.2.4.exe
2018-11-07 15:10 - 2018-11-07 15:10 - 015495168 _____ C:\Users\nacho\Downloads\AVD-NativeApp-3.5.65-Release.msi
2018-11-07 15:05 - 2018-11-07 15:05 - 000000000 _____ C:\Users\nacho\Downloads\Tchaikovsky - Hymn of the Cherubim - USSR Ministry Of Culture Chamber Choir(1).mp4
2018-11-07 15:04 - 2018-11-07 15:04 - 000000000 _____ C:\Users\nacho\Downloads\Tchaikovsky - Hymn of the Cherubim - USSR Ministry Of Culture Chamber Choir.mp4
2018-11-07 14:55 - 2018-11-07 14:57 - 103363481 _____ C:\Users\nacho\Downloads\Duduk Meditation - Memories of Caucasus _ Armenian Flute.mp4
2018-11-06 19:47 - 2018-11-09 22:56 - 000198000 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-11-06 19:43 - 2018-11-06 19:43 - 000000000 ____D C:\Users\nacho\AppData\Local\mbamtray
2018-11-06 19:43 - 2018-11-06 19:43 - 000000000 ____D C:\Users\nacho\AppData\Local\mbam
2018-11-06 19:42 - 2018-11-06 19:46 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-11-06 19:42 - 2018-11-06 19:42 - 000001929 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-06 19:42 - 2018-11-06 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-06 19:42 - 2018-11-06 19:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-06 19:42 - 2018-11-06 19:42 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-06 19:35 - 2018-11-06 19:42 - 080022264 _____ (Malwarebytes ) C:\Users\nacho\Downloads\mb3-setup-35891.35891-3.6.1.2711-1.0.463-1.0.6913.exe
2018-11-04 14:57 - 2018-11-04 17:03 - 781787136 _____ C:\Users\nacho\Downloads\Los Falsificadores.avi
2018-11-04 14:37 - 2018-11-04 20:51 - 367001600 _____ C:\Users\nacho\Downloads\Los.Falsificadores.DVDR.[Audio.Dual].[V.O.-Spa].[www.MoviesDVDR.com].iso
2018-11-04 14:16 - 2018-11-10 23:18 - 000000000 ___HD C:\DESKTOP-FG526E6
2018-11-04 14:16 - 2018-11-09 04:04 - 000000000 ____D C:\Users\nacho\AppData\Roaming\5c61b2d25c78f1c5b4ee2001c9645a01
2018-11-02 16:45 - 2018-11-02 17:02 - 932179577 _____ C:\Users\nacho\Downloads\La Eneida Virgil Libro Auditivo Espanol Audio Book Spanish [360p].mp4
2018-11-01 13:15 - 2018-11-01 14:35 - 000000000 ____D C:\Users\nacho\Downloads\Babylon A.D [MicroHD 1080p][AC3 5.1-DTS-HD 5.1-Castellano-DTS-HD 5.1 Ingles+Subs][ES-EN]
2018-10-28 20:27 - 2018-10-28 20:27 - 000000000 ____D C:\Users\nacho\AppData\Roaming\The Creative Assembly
2018-10-28 20:04 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2018-10-28 20:04 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2018-10-28 20:04 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2018-10-28 20:04 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2018-10-28 20:04 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2018-10-28 20:04 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2018-10-28 20:04 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2018-10-28 20:04 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2018-10-28 20:04 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2018-10-28 20:04 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2018-10-28 20:04 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2018-10-28 20:04 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2018-10-28 20:04 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2018-10-28 20:04 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2018-10-28 20:04 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2018-10-28 20:04 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2018-10-28 20:04 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2018-10-28 20:04 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2018-10-28 20:04 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2018-10-28 20:04 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2018-10-28 20:03 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2018-10-28 20:03 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2018-10-28 20:03 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2018-10-28 20:03 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2018-10-28 20:03 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2018-10-28 20:03 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2018-10-28 20:03 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2018-10-28 20:03 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2018-10-28 20:03 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2018-10-28 20:03 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2018-10-28 20:03 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2018-10-28 20:03 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2018-10-28 20:03 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2018-10-28 20:03 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2018-10-28 20:03 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2018-10-28 20:03 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2018-10-28 20:03 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2018-10-28 20:03 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2018-10-28 20:03 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2018-10-28 20:03 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2018-10-28 20:03 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2018-10-28 20:03 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2018-10-28 20:03 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2018-10-28 20:03 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2018-10-28 20:03 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2018-10-28 20:03 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2018-10-28 20:03 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2018-10-28 20:03 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2018-10-28 20:03 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2018-10-28 20:03 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2018-10-28 20:03 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2018-10-28 20:03 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2018-10-28 20:03 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2018-10-28 20:03 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2018-10-28 20:03 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2018-10-28 20:03 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2018-10-28 20:03 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2018-10-28 20:03 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2018-10-28 20:03 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2018-10-28 20:03 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2018-10-28 20:03 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2018-10-28 20:03 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2018-10-28 20:03 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2018-10-28 20:03 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2018-10-28 20:03 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2018-10-28 20:03 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2018-10-28 20:03 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2018-10-28 20:03 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2018-10-28 20:03 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2018-10-28 20:03 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2018-10-28 20:03 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2018-10-28 20:03 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2018-10-28 20:03 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2018-10-28 20:03 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2018-10-28 20:03 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2018-10-28 20:03 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2018-10-28 20:03 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2018-10-28 20:03 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2018-10-28 20:03 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2018-10-28 20:03 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2018-10-28 20:03 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2018-10-28 20:03 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2018-10-28 20:03 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2018-10-28 20:03 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2018-10-28 20:03 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2018-10-28 20:03 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2018-10-28 20:03 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2018-10-28 20:03 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2018-10-28 20:03 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2018-10-28 20:03 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2018-10-28 20:03 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2018-10-28 20:03 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2018-10-28 20:03 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2018-10-28 20:03 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2018-10-28 20:03 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2018-10-28 20:03 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2018-10-28 20:03 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2018-10-28 20:03 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2018-10-28 20:03 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2018-10-28 20:03 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2018-10-28 20:03 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2018-10-28 20:03 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2018-10-28 20:03 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2018-10-28 20:03 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2018-10-28 20:03 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2018-10-28 20:03 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2018-10-28 20:03 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2018-10-28 20:03 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2018-10-28 20:03 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2018-10-28 20:03 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2018-10-28 20:03 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2018-10-28 20:03 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2018-10-28 20:03 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2018-10-28 20:03 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2018-10-28 20:03 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2018-10-28 20:03 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2018-10-28 20:03 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2018-10-28 20:03 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2018-10-28 20:03 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2018-10-28 20:03 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2018-10-28 20:03 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2018-10-28 20:03 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2018-10-28 20:03 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2018-10-28 20:03 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2018-10-28 20:03 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2018-10-28 20:03 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2018-10-28 20:03 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2018-10-28 20:03 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2018-10-28 20:03 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2018-10-28 20:03 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2018-10-28 20:03 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2018-10-28 20:03 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2018-10-28 20:03 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2018-10-28 20:03 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2018-10-28 20:03 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2018-10-28 20:03 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2018-10-28 20:03 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2018-10-28 20:03 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2018-10-28 20:03 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2018-10-28 20:03 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2018-10-28 20:03 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2018-10-28 20:03 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2018-10-28 20:03 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2018-10-28 20:03 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2018-10-28 20:03 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2018-10-28 20:03 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2018-10-28 20:03 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2018-10-28 20:03 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2018-10-28 20:03 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2018-10-28 20:03 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2018-10-28 20:03 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2018-10-28 20:03 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2018-10-28 20:03 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2018-10-28 20:03 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2018-10-28 20:03 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2018-10-28 20:03 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2018-10-28 20:03 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2018-10-28 20:03 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2018-10-28 20:03 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2018-10-28 20:03 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2018-10-28 20:03 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2018-10-28 20:03 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2018-10-28 20:03 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2018-10-28 20:03 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2018-10-28 20:03 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2018-10-28 20:03 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2018-10-28 19:43 - 2018-10-28 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2018-10-28 19:35 - 2018-10-28 23:03 - 634930424 _____ C:\Users\nacho\Downloads\Hstris.Krnen.95.ESP.descargacineclasico.com.part2.rar
2018-10-28 19:32 - 2018-10-28 23:33 - 786432000 _____ C:\Users\nacho\Downloads\Hstris.Krnen.95.ESP.descargacineclasico.com.part1.rar
2018-10-28 19:26 - 2018-10-28 19:26 - 000000000 ____D C:\Program Files (x86)\SEGA
2018-10-28 19:16 - 2018-10-28 19:44 - 000000000 ____D C:\Users\nacho\Downloads\m3n54k4
2018-10-28 19:16 - 2018-10-28 19:16 - 000024823 _____ C:\Users\nacho\Downloads\m3n54k4_archive.torrent
2018-10-28 19:16 - 2018-10-28 19:16 - 000024823 _____ C:\Users\nacho\Downloads\m3n54k4_archive (1).torrent
2018-10-26 19:45 - 2018-10-26 19:46 - 028083963 _____ C:\Users\nacho\Downloads\Parabola de la oveja perdida 2.mp4
2018-10-26 01:00 - 2018-10-26 01:00 - 000000000 ____D C:\Users\nacho\AppData\Local\Gaijin
2018-10-26 01:00 - 2018-10-26 01:00 - 000000000 ____D C:\ProgramData\Gaijin
2018-10-24 19:54 - 2018-10-24 19:54 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-10-24 19:54 - 2018-10-24 19:54 - 000000000 ____D C:\Users\nacho\Documents\PCSX2
2018-10-24 19:54 - 2018-10-24 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2018-10-24 19:54 - 2018-10-24 19:54 - 000000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2018-10-23 20:00 - 2018-10-23 20:00 - 000000294 _____ C:\Users\nacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unidad de DVD (I) DVD2By VictorVal.lnk
2018-10-23 19:59 - 2018-10-23 19:59 - 000000294 _____ C:\Users\nacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unidad de DVD (H) DVD1By VictorVal.lnk
2018-10-23 19:18 - 2018-10-28 20:27 - 000000000 ____D C:\Users\nacho\Desktop\Juegos Instalados
2018-10-23 12:07 - 2018-10-23 12:07 - 000000000 ____D C:\Users\nacho\Documents\NBGI
2018-10-23 12:07 - 2018-10-23 12:07 - 000000000 ____D C:\Users\nacho\AppData\Local\FromSoftware
2018-10-23 12:04 - 2018-10-23 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DARK SOULS REMASTERED
2018-10-23 11:04 - 2018-10-23 11:04 - 000000023 _____ C:\Windows\BlendSettings.ini
2018-10-23 11:02 - 2018-10-23 11:02 - 000000000 ____D C:\Users\nacho\AppData\Local\Oblivion
2018-10-23 03:27 - 2018-10-23 03:27 - 000000000 ____D C:\Program Files (x86)\VictorVal
2018-10-23 03:24 - 2018-10-23 03:24 - 000000000 ____D C:\Users\nacho\AppData\Local\Skyrim
2018-10-23 03:24 - 2018-10-23 03:24 - 000000000 ____D C:\ProgramData\Steam
2018-10-21 03:53 - 2018-10-21 03:53 - 000000000 ____D C:\Users\nacho\Documents\Mount&Blade Warband Savegames
2018-10-21 03:52 - 2018-10-21 03:54 - 000000000 ____D C:\Users\nacho\Documents\Mount&Blade Warband
2018-10-21 03:52 - 2018-10-21 03:53 - 000000000 ____D C:\Users\nacho\AppData\Roaming\Mount&Blade Warband
2018-10-19 17:21 - 2018-10-19 23:56 - 000000000 ____D C:\Users\nacho\AppData\Roaming\audacity
2018-10-19 17:21 - 2018-10-19 17:21 - 000001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2018-10-19 17:21 - 2018-10-19 17:21 - 000000000 ____D C:\Users\nacho\AppData\Local\Audacity
2018-10-19 17:21 - 2018-10-19 17:21 - 000000000 ____D C:\Program Files (x86)\Audacity
2018-10-14 18:18 - 2018-10-23 03:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2018-10-14 18:18 - 2018-10-14 18:18 - 000000000 ____D C:\Program Files (x86)\Bethesda Softworks

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-12 18:46 - 2018-07-05 17:13 - 000000000 ____D C:\Users\nacho\AppData\Roaming\uTorrent Web
2018-11-12 18:44 - 2018-07-05 12:24 - 000000000 ____D C:\Users\nacho\AppData\LocalLow\Mozilla
2018-11-12 18:44 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-12 18:41 - 2018-07-05 12:28 - 000000000 ____D C:\Users\nacho\AppData\Roaming\Spotify
2018-11-12 18:01 - 2018-07-05 12:37 - 000000000 ____D C:\Users\nacho\AppData\Local\Spotify
2018-11-12 18:01 - 2018-07-05 00:39 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-11-12 13:55 - 2018-07-18 13:09 - 000000000 ____D C:\Program Files (x86)\FormatFactory
2018-11-12 13:50 - 2018-04-12 00:30 - 000000000 ____D C:\Windows\CbsTemp
2018-11-12 12:25 - 2018-07-05 01:48 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-12 01:16 - 2018-07-22 15:35 - 000000000 ____D C:\Users\nacho\Documents\Simple Sticky Notes
2018-11-12 01:07 - 2018-07-05 00:46 - 001772030 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-12 01:07 - 2018-04-12 17:18 - 000790318 _____ C:\Windows\system32\perfh00A.dat
2018-11-12 01:07 - 2018-04-12 17:18 - 000156396 _____ C:\Windows\system32\perfc00A.dat
2018-11-12 01:07 - 2018-04-12 00:36 - 000000000 ____D C:\Windows\INF
2018-11-12 01:05 - 2018-07-05 12:39 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-12 01:04 - 2018-07-05 00:54 - 000000000 ___RD C:\Users\nacho\OneDrive
2018-11-11 21:44 - 2018-07-05 00:39 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-11 21:44 - 2018-04-11 22:04 - 000786432 _____ C:\Windows\system32\config\BBI
2018-11-11 14:08 - 2018-07-05 14:06 - 000000000 ____D C:\Users\nacho\AppData\Roaming\vlc
2018-11-10 23:17 - 2018-07-05 00:39 - 000275064 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-10 23:17 - 2017-12-25 00:00 - 000000000 ____D C:\ProgramData\4c76b0b8
2018-11-10 23:12 - 2018-07-18 13:04 - 000000000 ____D C:\Users\nacho\AppData\Local\CrashDumps
2018-11-10 19:19 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\AppReadiness
2018-11-09 22:33 - 2018-07-05 01:38 - 000000000 ____D C:\Windows\Panther
2018-11-09 22:33 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\LiveKernelReports
2018-11-09 18:11 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-09 17:42 - 2018-07-05 14:41 - 000000364 _____ C:\Windows\Tasks\HPCeeScheduleFornacho.job
2018-11-09 12:55 - 2018-07-05 00:56 - 000003378 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3034072527-1753083731-4258197151-1001
2018-11-09 12:55 - 2018-07-05 00:47 - 000002418 _____ C:\Users\nacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-09 10:30 - 2018-07-05 14:41 - 000003256 _____ C:\Windows\System32\Tasks\HPCeeScheduleFornacho
2018-11-09 03:38 - 2018-07-05 00:47 - 000000000 ____D C:\Users\nacho
2018-11-08 14:25 - 2018-07-05 12:23 - 000003966 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1530789811
2018-11-08 14:25 - 2018-07-05 12:23 - 000001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2018-11-08 14:25 - 2018-07-05 12:17 - 000000000 ____D C:\Program Files\Opera
2018-11-06 19:49 - 2018-07-05 12:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-06 19:49 - 2018-07-05 12:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-05 18:56 - 2018-09-03 00:41 - 000000000 ____D C:\Users\nacho\Documents\888poker.es
2018-11-02 12:47 - 2018-07-05 12:24 - 000001022 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-10-30 21:26 - 2018-07-05 12:23 - 000002316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-26 01:01 - 2018-08-24 20:14 - 000000000 ____D C:\Users\nacho\Documents\My Games
2018-10-26 00:52 - 2018-07-15 20:21 - 000000000 ____D C:\Users\nacho\AppData\Local\PokerStars.ES
2018-10-26 00:52 - 2018-07-15 20:21 - 000000000 ____D C:\Program Files (x86)\PokerStars.ES
2018-10-23 20:35 - 2018-07-07 02:24 - 000000875 _____ C:\Users\nacho\Desktop\Orden del equipo - Acceso directo.lnk
2018-10-22 22:53 - 2018-07-05 00:39 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-10-21 03:53 - 2018-07-11 18:10 - 000000000 ____D C:\Users\nacho\AppData\Local\D3DSCache
2018-10-21 02:46 - 2018-07-05 15:15 - 000000000 ____D C:\Users\nacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-10-19 09:45 - 2018-07-05 01:07 - 000000000 ____D C:\Program Files\HPCommRecovery
2018-10-19 09:45 - 2018-07-05 01:03 - 000000000 ____D C:\SwSetup
2018-10-16 00:59 - 2018-07-05 03:45 - 000559880 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-10-14 19:23 - 2018-08-29 14:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No Mans Sky NEXT

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-05 00:39

==================== End of FRST.txt ============================

#14

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.11.2018
Ran by nacho (12-11-2018 18:48:35)
Running from C:\Users\nacho\Desktop
Windows 10 Home Version 1803 17134.345 (X64) (2018-07-04 23:42:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3034072527-1753083731-4258197151-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3034072527-1753083731-4258197151-503 - Limited - Disabled)
Invitado (S-1-5-21-3034072527-1753083731-4258197151-501 - Limited - Disabled)
nacho (S-1-5-21-3034072527-1753083731-4258197151-1001 - Administrator - Enabled) => C:\Users\nacho
WDAGUtilityAccount (S-1-5-21-3034072527-1753083731-4258197151-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
888poker.es (HKLM-x32\...\{C223A952-4C99-4F37-9469-9EC7A705DE91}) (Version: 7.10.00015 - 888) Hidden
888poker.es (HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\InstallShield_{C223A952-4C99-4F37-9469-9EC7A705DE91}) (Version: 7.10.00015 - 888)
Actualización de NVIDIA 33.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 33.2.0.0 - NVIDIA Corporation) Hidden
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Ant Video downloader (Native messaging host) (HKLM-x32\...\{CBCA16AA-E4E6-40E6-9DE9-4D595304A622}) (Version: 3.5.65 - Ant.com)
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.48 - Piriform)
DARK SOULS REMASTERED (HKLM-x32\...\DARK SOULS REMASTERED_is1) (Version:  - )
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.36 - NVIDIA Corporation) Hidden
FormatFactory 4.4.1.0 (HKLM-x32\...\FormatFactory) (Version: 4.4.1.0 - Free Time)
GlassWire 2.0 (remove only) (HKLM-x32\...\GlassWire 2.0) (Version: 2.0.123 - SecureMix LLC)
Goodgame Empire (HKLM-x32\...\Goodgame Empire) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.1.0.0 - Reto-Moto)
HP 3D DriveGuard (HKLM-x32\...\{D3D0E6C5-4B65-4088-A5A9-A7DF27DB5D1A}) (Version: 6.0.45.1 - HP)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.15.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{AC154691-D9B6-4CD9-BB9B-ACDAF61367E5}) (Version: 2.22.1 - HP Inc.)
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{F322B446-B157-4257-B44F-4F22D41F8EDB}) (Version: 8.6.18.11 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{D13AEB56-7A17-43F1-9839-A30B6C50CC56}) (Version: 12.9.24.3 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{9DD60999-A4F0-4333-9D00-E45C718EA6C1}) (Version: 1.4.30 - HP Inc.)
HP USB-C Mini Dock versión 0.2.8.0518 (HKLM-x32\...\{288A9173-FF17-409E-BBC8-8AC0F56F53EB}_is1) (Version: 0.2.8.0518 - HP)
HP Wireless Button Driver (HKLM-x32\...\{119A6F59-D6D4-4091-A593-019EB9C9300E}) (Version: 1.1.22.1 - HP)
Intel XTU SDK (HKLM-x32\...\{43A58350-CB99-4F4E-9BB6-F058D7B27985}) (Version: 1.0.7 - HP Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.3.1019 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000020-0200-1034-84C8-B8D95FA3C8C3}) (Version: 20.20.0 - Intel Corporation)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.8.19377 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Mozilla Firefox 63.0.1 (x64 es-ES) (HKLM\...\Mozilla Firefox 63.0.1 (x64 es-ES)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.11 - NVIDIA Corporation) Hidden
NVIDIA Controlador de audio HD 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.36 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.15.0.164 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.15.0.164 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Oblivion Gold Repack (HKLM-x32\...\Oblivion Gold Repack) (Version:  - )
OMEN Command Center (HKLM\...\{B13CB0A1-4411-404C-A7DB-BB1441B089EC}) (Version: 1.3.124 - HP Inc.)
Opera Stable 56.0.3051.99 (HKLM-x32\...\Opera 56.0.3051.99) (Version: 56.0.3051.99 - Opera Software)
Panel de control de NVIDIA 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 398.36 - NVIDIA Corporation) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
PokerStars.es (HKLM-x32\...\PokerStars.es) (Version:  - PokerStars.es)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.320.170 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8475 - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Simple Sticky Notes 4.3 (HKLM-x32\...\Simple Sticky Notes_is1) (Version:  - Simnet Ltd.)
Software Intel® PROSet/Wireless (HKLM-x32\...\{b67c644b-bbfa-45cf-a1fa-2e1ef2f99be6}) (Version: 20.60.0 - Intel Corporation)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Software Thunderbolt™ (HKLM-x32\...\{B43DE90F-2638-4FCC-982E-383200E80797}) (Version: 17.3.74.400 - Intel Corporation)
Spotify (HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\Spotify) (Version: 1.0.92.390.g2ce5ec7d - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.62 - Synaptics Incorporated)
The Elder Scrolls V Skyrim - Legendary Edition (HKLM-x32\...\The Elder Scrolls V Skyrim - Legendary Edition_is1) (Version:  - )
Total War ROME II - Emperor Edition (HKLM-x32\...\Total War ROME II - Emperor Edition_is1) (Version:  - )
uTorrent Web (HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\utweb) (Version: 0.18.2 - BitTorrent, Inc.)
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
WallpaperHd (HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\WallpaperHd) (Version: 1.0.0.1 - WallpaperHd)
Windows Desktop Gadgets (HKLM\...\Windows Desktop Gadgets_is1) (Version: 2.0 - hxxp://gadgetsrevived.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3034072527-1753083731-4258197151-1001_Classes\CLSID\{F7B8E2CA-97DF-4974-BDF1-3D93EDC93A5E}\InprocServer32 -> C:\Users\nacho\AppData\Local\WallpaperHd\WallpaperHdLib64.dll (WallpaperHd)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx64_104.dll [2018-03-19] (Free Time)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx64_104.dll [2018-03-19] (Free Time)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-06-24] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01B7857E-F03C-4050-8726-AA5156873187} - System32\Tasks\Opera scheduled Autoupdate 1530789811 => C:\Program Files\Opera\launcher.exe [2018-11-06] (Opera Software)
Task: {039D9A6C-097F-4B90-91E0-08DA5D137A07} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => ConditionalAppStarter.exe
Task: {0ABABD2C-25FF-49EF-BB1C-2049376C5A08} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation)
Task: {11B9DDA3-DFAD-45F0-92B9-6A1619C1ADFF} - System32\Tasks\OMEN Command Center BackGround Process => C:\Program Files\HP\OMEN Ally\HPOMENBG.exe [2017-11-26] (HP.Inc)
Task: {161F1968-6D36-429A-88B2-5A658ED32B47} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-09-12] (NVIDIA Corporation)
Task: {17E27FA9-7926-4A6E-A551-C4F8D4194C81} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {1B3C8095-3D6E-4BC8-8132-26A832970473} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-10-23] (Piriform Ltd)
Task: {349BDAE4-DE0C-4487-8115-B22FD883B846} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-22] (Microsoft Corporation)
Task: {38CBB13E-58AF-4B35-AFCF-914D7516A19D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-09] (Adobe Systems Incorporated)
Task: {3B3F88D4-C1AB-47B4-8812-BA149912BCB1} - System32\Tasks\Goodgame Empire1 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --app=hxxps://empire.goodgamestudios.com/?w=376971 --app-window-size=1360,768
Task: {3C52B843-B0E4-467F-B7F8-6A16F80D7EBD} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation)
Task: {4691EBC9-B611-4D81-AD80-65144492D261} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {476E503D-E257-4E65-8680-EE6E29F43A05} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-05] (Google Inc.)
Task: {49FEC071-CC98-43EB-A40B-D8B9B0AB06EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {5202DDED-052F-4018-B26B-49E0452F6FED} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation)
Task: {55C362C1-D0F3-4A6A-9109-EB51B8F3DC9E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2018-05-04] (HP Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {72AA3AC5-3298-43D8-B708-88B8AED14A1A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {75C2B71F-AC0A-434E-B135-19CB210EEE33} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-09-12] (NVIDIA Corporation)
Task: {7BDDA229-0475-499C-BAAB-28FEB8FE471D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation)
Task: {8454D78D-95F0-42E6-8E63-3E26D94180B3} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-09-12] (NVIDIA Corporation)
Task: {8957D65C-3EB3-4556-B791-DFF45A48CEC6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {8B00EE96-133D-49CC-9F4C-491C5F5952D2} - System32\Tasks\Goodgame Empire2 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --app=hxxps://empire.goodgamestudios.com/?w=376971 --app-window-size=1360,768
Task: {8C42D225-D65D-4CD1-BAFC-D371C7900821} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-22] (Microsoft Corporation)
Task: {99A8D270-58D9-4711-89E5-E64BD94543EF} - System32\Tasks\Goodgame Empire0 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --app=hxxps://empire.goodgamestudios.com/?w=376971 --app-window-size=1360,768
Task: {A22433BA-1379-4BC9-8E8E-4A08A0C2704A} - System32\Tasks\HPCeeScheduleFornacho => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {A648916F-57C4-43DB-9B79-C72469DFFD07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-05] (Google Inc.)
Task: {AE75F9C5-9D3A-4DFD-B8EB-013D49CD1685} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-09-12] (NVIDIA Corporation)
Task: {AF1EE6F8-9A03-4C99-A9F2-D21D98C281DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-09-06] (HP Inc.)
Task: {B1B93DE1-999D-4779-A3A6-320BE101C662} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => ConditionalAppStarter.exe
Task: {B6CFFC72-839A-46DF-A184-86E1671884DE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-09-12] (NVIDIA Corporation)
Task: {B954BCCA-E477-4CF8-9F8F-0CE0BF7757AB} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {C78FD15D-72B7-4946-98E6-89163597BD8C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-09] (Adobe Systems Incorporated)
Task: {D691497C-BA49-42A6-BD19-2A8C93BE8C0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-08-21] (HP Inc.)
Task: {D6B9F5D8-07CE-4D8A-8866-343543B005C6} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-09-12] (NVIDIA Corporation)
Task: {E13E2FA2-A0E2-4F83-92D6-5E1C04C43ACA} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2017-03-13] (HP Development Company, L.P.)
Task: {E28EB537-293E-4673-B547-898DD5C9481F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2018-05-02] (HP Inc.)
Task: {E71FAFE8-800C-4694-8368-5DD0C7A2C1AB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-09-12] (NVIDIA Corporation)
Task: {E9E228B7-4AA7-419B-BC1E-D7673F7DE5B1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-10-23] (Piriform Ltd)
Task: {EA4E4216-AEC2-4AC0-806D-31732B5F97E4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-22] (Microsoft Corporation)
Task: {EEE01A37-204C-4AEF-B20D-68B5F028E6E5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-22] (Microsoft Corporation)
Task: {FF42848C-7FEB-482D-9A40-05DB0DE77910} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => ConditionalAppStarter.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\HPCeeScheduleFornacho.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-05-13 14:35 - 2018-05-13 14:35 - 000165064 _____ () C:\Windows\system32\IntelWifiIhv04.dll
2018-07-05 14:04 - 2018-09-12 12:45 - 001315024 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-11-06 19:42 - 2018-11-06 19:46 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-11-06 19:42 - 2018-11-06 19:46 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-07-05 01:48 - 2018-06-24 16:31 - 000138128 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-10-09 19:34 - 2018-09-20 04:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-04 13:32 - 2018-10-04 13:37 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-10-23 12:20 - 2018-10-23 12:23 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-10-23 12:20 - 2018-10-23 12:23 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-10-23 12:20 - 2018-10-23 12:23 - 010978304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-10-23 12:20 - 2018-10-23 12:23 - 002810368 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\skypert.dll
2018-10-23 12:20 - 2018-10-23 12:23 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-10-23 12:20 - 2018-10-23 12:23 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-07-05 14:18 - 2007-09-02 12:58 - 000495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2018-10-31 04:58 - 2018-10-31 05:04 - 000088888 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12091.4.37126.0_x64__nzyj5cx40ttqa\zlib1.dll
2018-10-31 04:58 - 2018-10-31 05:04 - 001356088 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12091.4.37126.0_x64__nzyj5cx40ttqa\libxml2.dll
2018-07-05 14:04 - 2018-09-12 12:45 - 101252304 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-07-05 14:04 - 2018-09-12 12:45 - 002673360 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-07-05 14:04 - 2018-09-12 12:45 - 000138960 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2018-10-30 21:25 - 2018-10-23 22:24 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libglesv2.dll
2018-10-30 21:25 - 2018-10-23 22:24 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\libegl.dll
2018-10-26 20:57 - 2018-10-26 20:58 - 035118592 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-10-26 20:57 - 2018-10-26 20:58 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-10-26 20:57 - 2018-10-26 20:58 - 005987328 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-04-12 17:25 - 2018-04-12 17:25 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-05 03:58 - 2018-06-08 10:31 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-06-22 07:50 - 2018-06-22 07:50 - 000180688 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2018-02-19 09:49 - 2018-02-19 09:49 - 001604240 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2018-07-05 14:18 - 2007-09-02 12:57 - 000069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2018-07-05 14:04 - 2018-09-12 12:45 - 001032912 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-09-06 21:29 - 2018-09-06 21:29 - 000852992 _____ () C:\Users\nacho\AppData\Roaming\uTorrent Web\avformat-57.dll
2018-09-06 21:29 - 2018-09-06 21:29 - 000465408 _____ () C:\Users\nacho\AppData\Roaming\uTorrent Web\avutil-55.dll
2018-09-06 21:29 - 2018-09-06 21:29 - 001276928 _____ () C:\Users\nacho\AppData\Roaming\uTorrent Web\avcodec-57.dll
2018-09-06 21:29 - 2018-09-06 21:29 - 000152064 _____ () C:\Users\nacho\AppData\Roaming\uTorrent Web\swresample-2.dll
2018-10-24 15:30 - 2018-10-24 15:30 - 003698688 _____ () C:\Program Files (x86)\FormatFactory\FFImage.dll
2018-10-25 04:31 - 2018-10-25 04:31 - 002311680 _____ () C:\Program Files (x86)\FormatFactory\FTCore.dll
2018-07-05 12:37 - 2018-10-24 17:12 - 086734056 _____ () C:\Users\nacho\AppData\Roaming\Spotify\libcef.dll
2018-07-05 12:37 - 2018-10-24 17:12 - 004318952 _____ () C:\Users\nacho\AppData\Roaming\Spotify\libglesv2.dll
2018-07-05 12:37 - 2018-10-24 17:12 - 000098024 _____ () C:\Users\nacho\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\nacho:Heroes & Generals [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 00:38 - 2018-11-09 22:56 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\nacho\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 80.58.61.250 - 80.58.61.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{11C1EF01-22B6-4951-BB63-46B59C19276B}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{6A632A53-D5A2-44A1-8216-CA8887DC2BF3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [TCP Query User{AA0449FA-2A98-4A36-AC7C-D5248DB6D571}C:\users\nacho\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nacho\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{ABA77009-7E8E-4FBB-B872-8605B20E06C0}C:\users\nacho\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nacho\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6F9A0C72-022D-4272-9AF2-F6F1FD755BAB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A643CE7-47D1-4A4D-ADD3-95C2EA57905A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1E7CCC14-E28D-4398-BAA9-CD354D352005}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{489EE2BC-B79C-429C-B2B2-4A478DDE73E6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [TCP Query User{6291EA8C-F6F8-42FF-BD1D-6993A9627BAD}C:\users\nacho\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\nacho\appdata\roaming\utorrent web\utweb.exe
FirewallRules: [UDP Query User{367070FF-A661-476B-AE3C-7767CB2A9B27}C:\users\nacho\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\nacho\appdata\roaming\utorrent web\utweb.exe
FirewallRules: [{3434EBCB-33A0-4967-BD07-AAA4794D6B33}] => (Block) C:\users\nacho\appdata\roaming\utorrent web\utweb.exe
FirewallRules: [{8D03007A-DA1C-4E31-A771-66559D74EDA6}] => (Block) C:\users\nacho\appdata\roaming\utorrent web\utweb.exe
FirewallRules: [{C725DB31-CF75-40A5-AEA7-0A0C7377E0B5}] => (Block) C:\users\nacho\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BD6F799F-8BE4-45AC-8EA2-95200E3A88C4}] => (Block) C:\users\nacho\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F364E660-98FF-4CB8-8CC7-200CCE7803B8}D:\orden del equipo\juegos\steamlibrary\steamapps\common\conan exiles\conansandbox\binaries\win64\conansandbox.exe] => (Allow) D:\orden del equipo\juegos\steamlibrary\steamapps\common\conan exiles\conansandbox\binaries\win64\conansandbox.exe
FirewallRules: [UDP Query User{8845A0C5-E747-4B5C-AC52-95016DB3E8E5}D:\orden del equipo\juegos\steamlibrary\steamapps\common\conan exiles\conansandbox\binaries\win64\conansandbox.exe] => (Allow) D:\orden del equipo\juegos\steamlibrary\steamapps\common\conan exiles\conansandbox\binaries\win64\conansandbox.exe
FirewallRules: [TCP Query User{4D5EF1CF-E047-4158-AC55-94EC0141058C}C:\program files (x86)\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\formatfactory\formatfactory.exe
FirewallRules: [UDP Query User{25E11DEA-F568-4EC1-93D0-E7F33CFC2AE9}C:\program files (x86)\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\formatfactory\formatfactory.exe
FirewallRules: [{1040BCA8-E8A4-43AF-8A6D-024441F226F6}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{0112D876-5E27-4A51-B73B-7BF3279B6153}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{D7B1511F-695A-4399-A428-A8CB4931A258}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{7687F197-000F-4182-87CB-F0488BCC5230}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe

==================== Restore Points =========================

05-11-2018 02:56:41 Instalador de Módulos de Windows
06-11-2018 04:57:09 Instalador de Módulos de Windows
07-11-2018 06:30:49 Instalador de Módulos de Windows
08-11-2018 08:28:44 Instalador de Módulos de Windows
09-11-2018 10:14:50 Instalador de Módulos de Windows
09-11-2018 22:46:51 JRT Pre-Junkware Removal
10-11-2018 11:24:29 Instalador de Módulos de Windows
11-11-2018 12:17:01 Instalador de Módulos de Windows
12-11-2018 13:46:53 Instalador de Módulos de Windows

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2018 01:04:01 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Error al controlar PowerEvent. Error: System.IO.IOException: El proceso no puede obtener acceso al archivo 'C:\Windows\Temp\signtool.exe' porque está siendo utilizado en otro proceso.
   en System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   en System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   en System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
   en System.IO.FileStream..ctor(String path, FileMode mode)
   en _HPCommRecovery.Tools.Signtool.ExtractSignTool()
   en _HPCommRecovery.Tools.Signtool.Verify(String arg)
   en _HPCommRecovery.HPAHAgent.CallAgent()
   en _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
   en _HPCommRecovery.HPAHLogger.NewSession()
   en _HPC....

Error: (11/10/2018 02:55:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: backgroundTaskHost.exe, versión: 10.0.17134.1, marca de tiempo: 0xcb43d9c5
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.254, marca de tiempo: 0xa5a334d4
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000032648
Identificador del proceso con errores: 0x1d8a8
Hora de inicio de la aplicación con errores: 0x01d478fd0a971998
Ruta de acceso de la aplicación con errores: C:\Windows\system32\backgroundTaskHost.exe
Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll
Identificador del informe: 06035c15-3edf-4fa9-a6e4-64e031504ade
Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: CortanaUI

Error: (11/09/2018 10:42:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: adwcleaner-7-0-7-0.exe, versión: 7.0.7.0, marca de tiempo: 0x5a613aa4
Nombre del módulo con errores: adwcleaner-7-0-7-0.exe, versión: 7.0.7.0, marca de tiempo: 0x5a613aa4
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0004c7aa
Identificador del proceso con errores: 0x3410
Hora de inicio de la aplicación con errores: 0x01d47874f534d8b8
Ruta de acceso de la aplicación con errores: C:\Users\nacho\Desktop\adwcleaner-7-0-7-0.exe
Ruta de acceso del módulo con errores: C:\Users\nacho\Desktop\adwcleaner-7-0-7-0.exe
Identificador del informe: c77a129f-c50c-4a8a-9c6f-349c3aaecdbf
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/09/2018 04:13:10 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x8007001f, Uno de los dispositivos conectados al sistema no funciona.
.


Operación:
   Ejecutando operación asincrónica

Contexto:
   Estado actual: DoSnapshotSet

Error: (11/09/2018 04:12:46 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {4b2f8a83-d7af-4e5c-89a9-95cf66b5b41c}

Error: (11/09/2018 04:06:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x8007001f, Uno de los dispositivos conectados al sistema no funciona.
.


Operación:
   Ejecutando operación asincrónica

Contexto:
   Estado actual: DoSnapshotSet

Error: (11/09/2018 04:06:04 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {431d351d-e6d1-4082-9990-3f625afcc8e6}

Error: (11/06/2018 11:27:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SkypeApp.exe, versión: 8.33.0.41, marca de tiempo: 0x5bca1f01
Nombre del módulo con errores: twinapi.appcore.dll, versión: 10.0.17134.137, marca de tiempo: 0xb5d50228
Código de excepción: 0xc000027b
Desplazamiento de errores: 0x000000000009cad5
Identificador del proceso con errores: 0x18c0
Hora de inicio de la aplicación con errores: 0x01d47606f4e6a501
Ruta de acceso de la aplicación con errores: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\twinapi.appcore.dll
Identificador del informe: f264ab0a-423e-4974-975c-f07382ca01fd
Nombre completo del paquete con errores: Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c
Identificador de aplicación relativa del paquete con errores: App


System errors:
=============
Error: (11/12/2018 06:01:45 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-FG526E6)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-FG526E6\nacho con SID (S-1-5-21-3034072527-1753083731-4258197151-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/12/2018 04:09:27 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-FG526E6)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-FG526E6\nacho con SID (S-1-5-21-3034072527-1753083731-4258197151-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/12/2018 03:21:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-FG526E6)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-FG526E6\nacho con SID (S-1-5-21-3034072527-1753083731-4258197151-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/12/2018 02:02:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-FG526E6)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-FG526E6\nacho con SID (S-1-5-21-3034072527-1753083731-4258197151-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/12/2018 12:50:58 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-FG526E6)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-FG526E6\nacho con SID (S-1-5-21-3034072527-1753083731-4258197151-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/12/2018 12:49:30 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-FG526E6)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-FG526E6\nacho con SID (S-1-5-21-3034072527-1753083731-4258197151-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/12/2018 03:11:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/12/2018 01:27:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2018-11-10 23:06:16.438
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Woreflint.A!cl&threatid=2147723317&enterprise=0
Nombre: Trojan:Win32/Woreflint.A!cl
Id.: 2147723317
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_D:\Orden del equipo\varios\ROCKETDOCK-V1.3.5_3677170812.EXE
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Versión de firma: AV: 1.279.1522.0, AS: 1.279.1522.0, NIS: 1.279.1522.0
Versión de motor: AM: 1.1.15400.4, NIS: 1.1.15400.4

Date: 2018-11-10 23:05:26.616
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Woreflint.A!cl&threatid=2147723317&enterprise=0
Nombre: Trojan:Win32/Woreflint.A!cl
Id.: 2147723317
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_D:\Orden del equipo\varios\ROCKETDOCK-V1.3.5_3677170812.EXE
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Versión de firma: AV: 1.279.1522.0, AS: 1.279.1522.0, NIS: 1.279.1522.0
Versión de motor: AM: 1.1.15400.4, NIS: 1.1.15400.4

Date: 2018-11-10 23:05:17.666
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Woreflint.A!cl&threatid=2147723317&enterprise=0
Nombre: Trojan:Win32/Woreflint.A!cl
Id.: 2147723317
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_D:\Orden del equipo\Orden del equipo\Instaladores\ROCKETDOCK-V1.3.5_3677170812.EXE
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.279.1522.0, AS: 1.279.1522.0, NIS: 1.279.1522.0
Versión de motor: AM: 1.1.15400.4, NIS: 1.1.15400.4

Date: 2018-11-10 15:10:41.464
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {D3196451-2618-45DD-A0CB-8B5C6DF065EC}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-11-10 14:56:31.644
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {5465DE60-30CE-4802-AEDD-ED7DA4905BC9}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2018-11-09 22:55:57.327
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2018-11-09 22:17:45.606
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2018-11-09 22:11:10.847
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2018-11-09 22:06:30.039
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2018-11-09 03:52:50.774
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

CodeIntegrity:
===================================

Date: 2018-11-09 03:50:39.303
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 50%
Total physical RAM: 8146.75 MB
Available physical RAM: 4033.84 MB
Total Virtual: 18146.75 MB
Available Virtual: 11208.18 MB

==================== Drives ================================

Drive c: (Disco SSD Sistema) (Fixed) (Total:223.45 GB) (Free:53.12 GB) NTFS
Drive d: (Disco Almacen) (Fixed) (Total:916.1 GB) (Free:453.27 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:14.18 GB) (Free:14.12 GB) NTFS

\\?\Volume{be664dd2-a461-43f4-b503-4a20b9618c43}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.56 GB) NTFS
\\?\Volume{efa9538e-cdcf-4ba5-911a-736cad146bb8}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 20BAD317)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 266283E0)

Partition: GPT.

==================== End of Addition.txt ============================

#15

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\Run: [utweb] => C:\Users\nacho\AppData\Roaming\uTorrent Web\utweb.exe [5456560 2018-09-06] (BitTorrent Inc.)
HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\Run: [Gaijin.Net Agent] => C:\Users\nacho\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2125384 2018-10-28] (Gaijin Entertainment)
HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\Run: [4c76b0b8] => C:\ProgramData\4c76b0b8\4c76b0b8.exe C:\ProgramData\4c76b0b8\test.au3
HKU\S-1-5-21-3034072527-1753083731-4258197151-1001\...\Run: [4c76b0b82] => C:\ProgramData\abimRU\4c76b0b8.exe [937776 2018-11-12] (AutoIt Team)
Startup: C:\Users\nacho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\14c76b0b8bc6af7c224906cf9a0a4621.lnk [2018-11-10]
ShortcutTarget: 14c76b0b8bc6af7c224906cf9a0a4621.lnk -> C:\ProgramData\DoLPPE\4c76b0b8.exe (AutoIt Team)
CHR Extension: (Chrome Media Router) - C:\Users\nacho\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-04]
2018-11-12 18:48 - 2018-11-12 18:48 - 000000000 ____D C:\ProgramData\GsZCeBv
2018-11-09 04:12 - 2018-11-09 04:12 - 000000000 ____D C:\ProgramData\DoLPPE
2018-11-09 04:06 - 2018-11-09 04:10 - 000000000 ____D C:\ProgramData\uEVPOBCc
2018-11-04 14:16 - 2018-11-09 04:04 - 000000000 ____D C:\Users\nacho\AppData\Roaming\5c61b2d25c78f1c5b4ee2001c9645a01
2018-11-10 23:17 - 2017-12-25 00:00 - 000000000 ____D C:\ProgramData\4c76b0b8
Task: {3B3F88D4-C1AB-47B4-8812-BA149912BCB1} - System32\Tasks\Goodgame Empire1 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --app=hxxps://empire.goodgamestudios.com/?w=376971 --app-window-size=1360,768
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {8B00EE96-133D-49CC-9F4C-491C5F5952D2} - System32\Tasks\Goodgame Empire2 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --app=hxxps://empire.goodgamestudios.com/?w=376971 --app-window-size=1360,768
Task: {99A8D270-58D9-4711-89E5-E64BD94543EF} - System32\Tasks\Goodgame Empire0 => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --app=hxxps://empire.goodgamestudios.com/?w=376971 --app-window-size=1360,768
AlternateDataStreams: C:\Users\nacho:Heroes & Generals [38]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo