Tengo publicidad sospechosa al buscar en Google

Buenas, tengo un problema muy extraño con el buscador de google.

Cuando hago una busqueda, cualquier tipo de busqueda, en Google Search, me aparece un bloque con 4 enlaces que no tienen nada que ver con mi busqueda, sobre hoteles, como ganar dinero extra y cosas similares. Inclusive aparece el mismo bloque, en Google Imagenes, y aparece a lo largo de las busquedas, no solamente en la parte de arriba.

Trasteando un poco con el inspector de elementos, he descubierto que esta publicidad se debe a una pagina llamada “premium search hub” y pues he buscado sobre ella en google sin resultado alguno.

Ya he probado con Chrome, Firefox y Opera y en los tres el resultado es el mismo. Ya le pasé el antivirus, el adw cleaner y busque por programas sospechosos que no reconozco, y los he desinstalado todos, pero aun sigo teniendo el mismo problema.

¿Alguien sabe como podría solucionarlo? Gracias de antemano.

Realiza los siguientes pasos, , sin cambiar el orden

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware,

Manual Malwarebytes, para que sepas usarlo y configurarlo.

• Realiza un Análisis Personalizado,marcando Todas las casillas de la derecha y de la Izquierda actualizando si te lo pide.
• Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
• Para acceder posteriormente al informe del análisis : Informes >> Registro de análisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

2) Descarga la aplicación ZhpCleaner a Tu escritorio, pulsando en el boton Telecharger de la página.

• Cierra todos los navegadores
• Doble clic para ejecutarlo y Presiona el Botón Scánner. Espera a que termine.
• Se va a generar un reporte en el escritorio llamado ZHPcleaner.
• Presiona el Botón Reparar.
• Cuando termine, cierra todos los programas y reinicia el ordenador.
• copias y pegas en Tu próxima respuesta el contenido del reporte que se había generado.

Manual ZhpCleaner

3) Descarga Ccleaner

Instalalo y ejecútalo. En la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

Pega los reportes de Malwarebytes, Zhpcleaner y comentas como va el problema.

Malwarebytes antimalware tomo como 7 horas en terminar su análisis, este es el log

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 26/12/18
Hora del análisis: 13:34
Archivo de registro: db61471e-093c-11e9-840e-54ee751a2b76.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.508
Versión del paquete de actualización: 1.0.8507
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.472)
CPU: x64
Sistema de archivos: NTFS
Usuario: LENOVO\b-rch_000

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 747015
Amenazas detectadas: 9
Amenazas en cuarentena: 9
Tiempo transcurrido: 6 hr, 49 min, 48 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 9
Adware.Agent, C:\PROGRAM FILES (X86)\USB DISK SECURITY\LINKZB.EXE, En cuarentena, [101], [597820],1.0.8507
CrackTool.Agent, C:\PROGRAM FILES (X86)\VALIANT HEARTS THE GREAT WAR\UPLAY_R1.DLL, En cuarentena, [6134], [324694],1.0.8507
Generic.Malware/Suspicious, C:\USERS\B-RCH_000\DOWNLOADS\JDOWNLOADER2BETA SETUP.ZIP, En cuarentena, [0], [392686],1.0.8507
PUP.Optional.MindSpark.Generic, C:\USERS\GRM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 2\LOCAL STORAGE\HTTP_DISCOVERANCESTRY.DL.MYWAY.COM_0.LOCALSTORAGE, En cuarentena, [1711], [443124],1.0.8507
PUP.Optional.MindSpark.Generic, C:\USERS\GRM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 2\LOCAL STORAGE\HTTP_DISCOVERANCESTRY.DL.TB.ASK.COM_0.LOCALSTORAGE, En cuarentena, [1711], [443123],1.0.8507
PUP.Optional.MindSpark.Generic, C:\USERS\GRM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 2\LOCAL STORAGE\HTTP_TOTALRECIPESEARCH.DL.TB.ASK.COM_0.LOCALSTORAGE, En cuarentena, [1711], [443123],1.0.8507
PUP.Optional.NeroTuneItUp, C:\USERS\GRM\APPDATA\ROAMING\NERO\NEROINSTALLER\NERO2016TRIAL\FILES\NERO_TUNEITUP_FREE.EXE, En cuarentena, [5941], [452415],1.0.8507
HackTool.FilePatch, C:\USERS\GRM\DESKTOP\MAURICIO\OCIO\PROGRAMA\CORELDRAWX7\CORELDRAW.X7.1.0.572.PATCH\PATCH-REPT-32 BITS.EXE, En cuarentena, [7796], [281135],1.0.8507
HackTool.FilePatch, C:\USERS\GRM\DESKTOP\MAURICIO\OCIO\PROGRAMA\CORELDRAWX7\CORELDRAW.X7.1.0.572.PATCH\PATCH-REPT-64 BITS.EXE, En cuarentena, [7796], [281135],1.0.8507

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

no puedo hacer el paso de Manual ZhpCleaner porque el programa no esta disponible para descarga, y me sale un opoup de malwabebytes diciendo que un troyano topshare esta frenandose

Hola chicos y permiso:

@Brayand_Chacaltana:

Te dejo un enlace directo ya que hay un problema con la descarga y @Miguelgrado no esta conectado.

ZHPCleaner.

Luego sigues con el el.

Salu2.

Muchas gracias @SanMar el enlace funciono perfecto! aqui dejo el log de ZHPCleaner, rompi los enlaces porque el foro me dice que como soy nuevo usuario, solo puedo poner dos enlaces XD

~ ZHPCleaner v2018.12.19.207 by Nicolas Coolman (2018/12/19)
~ Run by b-rch_000 (Administrator)  (27/12/2018 02:17:05)
~ Web: https:/ /www.nicolascoolman.com
~ Blog: https:/ /nicolascoolman.eu/
~ Facebook : https:/ /www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scanner
~ Report : C:\Users\b-rch_000\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\b-rch_000\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit  (Build 17134)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Archivo hosts (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Registro ( Claves, Valores, Datos) (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\ Limpieza adicional. (7)
~ Clave de registro Tracing borrados (7)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ ninguna reparación hecha
~ falta este navegador! (Google Chrome)
~ falta este navegador! (Mozilla Firefox)
~ falta este navegador! (Internet Explorer)
~ falta este navegador! (Opera Software)


---\\ STATISTIQUES
~ Items escaneado : 9
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 12/12
~ Ahorro de espacio (bytes) : 0


~ End of search in 00h00mn00s

---\\  Reporte (2)
ZHPCleaner-[S]-27122018-02_16_31.txt
ZHPCleaner-[S]-27122018-02_17_05.txt

Y bueno, creo que esto podria ayudar. Desde que instalé el Malwarebytes me viene saliendo esta pantalla de aviso, creo que se trata efectivamente de un troyano. Dejo el informe.

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del evento de protección: 27/12/18
Hora del evento de protección: 2:20
Archivo de registro: d6acbd1e-09a7-11e9-a1ab-54ee751a2b76.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.508
Versión del paquete de actualización: 1.0.8513
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.472)
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Detalles del sitio web bloqueado-
Sitio web malicioso: 1
, , Bloqueado, [-1], [-1],0.0.0

-Datos de sitio web-
Categoría: Troyano
Dominio: update.topshape.me
Dirección IP: 104.28.15.53
Puerto: [56055]
Tipo: Saliente
Archivo: C:\Users\GRM\AppData\Roaming\TopShape-B4\SoftwareUpdate.exe



(end)

• Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

• Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) ¿Cómo saber si mi Windows es de 32 o 64 bits?

• Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

• En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

• Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

Espero no estar violando ninguna regla del foro. Por motivos personales tuve que alejarme de esta PC por todo este tiempo. Sin embargo, ahora que la tengo de nuevo, abri en navegador y tenia este tema pineado. Recordé el problema y me metí a Google a revisar si continuaba y si, un tengo esos links que parecen búsquedas de google pero que son publicidad. Dejo los reportes y muchas gracias por la ayuda.

FRTS.txt (1/2)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18.04.2019
Ran by b-rch_000 (administrator) on LENOVO (19-04-2019 02:22:08)
Running from C:\Users\b-rch_000\Desktop
Loaded Profiles: GRM & b-rch_000 (Available Profiles: GRM & b-rch_000)
Platform: Windows 10 Home Single Language Version 1803 17134.706 (X64) Language: Español (España, internacional)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(LENOVO -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation-Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Nitro Software, Inc. -> Nitro Software, Inc.) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
(PDFescape -> Red Software) C:\Program Files\PDFescape Desktop\creator-ws.exe
(OpenVPN Technologies, Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SMART Technologies ULC -> SMART Technologies) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTHelperService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Lenovo Information Products (Shenzhen) Co.,Ltd -> LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
(XDisc Corp Ltd) [File not signed] C:\Users\GRM\AppData\Roaming\TopShape-B4\SoftwareUpdate.exe
(SMART Technologies ULC -> SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\SMART Response\ResponseHardwareService.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo(Japan)Ltd. -> Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo(Japan)Ltd. -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(OpenVPN Technologies, Inc. -> ) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ShareX Team) [File not signed] C:\Program Files\ShareX\ShareX.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\GRM\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Opera Software AS -> Opera Software) C:\Users\B-RCH_~1\AppData\Local\Temp\opera autoupdate\CUsersb-rch_000AppDataLocalProgramsOpera\installing\installer.exe
(Opera Software AS -> Opera Software) C:\Users\B-RCH_~1\AppData\Local\Temp\opera autoupdate\CUsersb-rch_000AppDataLocalProgramsOpera\installing\installer.exe
(Opera Software AS -> Opera Software) C:\Users\B-RCH_~1\AppData\Local\Temp\opera autoupdate\CUsersb-rch_000AppDataLocalProgramsOpera\installing\installer.exe
(Opera Software AS -> Opera Software) C:\Users\B-RCH_~1\AppData\Local\Temp\opera autoupdate\CUsersb-rch_000AppDataLocalProgramsOpera\installing\installer.exe
(Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\b-rch_000\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch_000\AppData\Local\Programs\Opera\57.0.3098.106\opera.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch_000\AppData\Local\Programs\Opera\57.0.3098.106\opera_crashreporter.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch_000\AppData\Local\Programs\Opera\57.0.3098.106\opera.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch_000\AppData\Local\Programs\Opera\57.0.3098.106\opera.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch_000\AppData\Local\Programs\Opera\57.0.3098.106\opera.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch_000\AppData\Local\Programs\Opera\57.0.3098.106\opera.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch_000\AppData\Local\Programs\Opera\57.0.3098.106\opera.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch_000\AppData\Local\Programs\Opera\57.0.3098.106\opera.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch_000\AppData\Local\Programs\Opera\57.0.3098.106\opera.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch_000\AppData\Local\Programs\Opera\57.0.3098.106\opera.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch_000\AppData\Local\Programs\Opera\57.0.3098.106\opera.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch_000\AppData\Local\Programs\Opera\58.0.3135.127\installer.exe
(Opera Software AS -> Opera Software) C:\Users\b-rch_000\AppData\Local\Programs\Opera\58.0.3135.127\installer.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (LENOVO(JAPAN)LTD. -> Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [384344 2014-02-17] (Lenovo(Japan)Ltd. -> Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll [74288 2014-03-04] (Lenovo(Japan)Ltd. -> Lenovo Corporation)
HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [163936 2016-10-03] (Synaptics Incorporated -> Synaptics)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1720696 2013-09-27] (Sunplus Innovation Technology Inc. -> SunplusIT, Inc.) [File not signed]
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [917112 2015-09-30] (Bluestack Systems, Inc. -> BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SMARTNotification] => C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTNotification.exe [197048 2015-07-16] (SMART Technologies ULC -> SMART Technologies)
HKLM-x32\...\Run: [SMART Tray Tools] => C:\Program Files (x86)\Common Files\SMART Technologies\SystemMenu\SMARTSystemMenu.exe [928696 2015-08-04] (SMART Technologies ULC -> SMART Technologies)
HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe [1879480 2015-07-16] (SMART Technologies ULC -> SMART Technologies)
HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\sbsdk-server\NodeLauncher.exe [67512 2015-07-13] (SMART Technologies ULC -> SMART Technologies)
HKLM-x32\...\Run: [SMART Ink] => C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTInk.exe [288528 2015-07-29] (SMART Technologies ULC -> SMART Technologies) [File not signed]
HKLM-x32\...\Run: [Response Desktop Menu] => C:\Program Files (x86)\SMART Technologies\SMART Response\DesktopMenu.exe [1293216 2015-07-17] (SMART Technologies ULC -> SMART Technologies ULC)
HKLM-x32\...\Run: [ResponseConnectorService] => C:\Program Files (x86)\SMART Technologies\SMART Response\response-connector-server\NodeLauncher.exe [40448 2015-07-17] (SMART Technologies) [File not signed]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [672384 2018-04-26] (OpenVPN Technologies, Inc. -> )
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\...\MountPoints2: {46614e19-5870-11e8-8346-e82aeabae7a7} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\...\MountPoints2: {5bf0ff86-257d-11e9-837a-54ee751a2b76} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINWE.EXE [298560 2014-03-19] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINWE.EXE [298560 2014-03-19] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-16] (Valve -> Valve Corporation)
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [672384 2018-04-26] (OpenVPN Technologies, Inc. -> )
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\Run: [GoogleChromeAutoLaunch_CB3DD46AAD0B7A2609102874DF97FB4E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1716720 2019-04-03] (Google LLC -> Google Inc.)
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19589208 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\MountPoints2: {807d76ed-9049-11e8-835d-e82aeabae7a7} - "E:\Lenovo_Suite.exe" 
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3570688 2014-12-21] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [254976 2014-11-14] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3588608 2014-12-21] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\SysWOW64\xvidvfw.dll [240128 2014-11-14] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2015-01-13] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [vidc.tscc] => C:\Windows\SysWOW64\tsccvid.dll [110592 2003-02-14] (TechSmith Corporation) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-11] (Google LLC -> Google Inc.)
Startup: C:\Users\b-rch_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2018-07-27]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54
Tcpip\..\Interfaces\{d11da338-a529-492a-8f86-806351e785b9}: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54
Tcpip\..\Interfaces\{fa75fb70-c3d3-4f1c-959f-69523e6bb4f6}: [DhcpNameServer] 190.113.220.18 190.113.220.51 190.113.220.54

Internet Explorer:
==================
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.latinaminternet.com/
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=es-pe
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-2181589896-435413242-1626352173-1001 -> DefaultScope {1E3E8E29-2926-4497-BB84-1488D85E342C} URL = 
SearchScopes: HKU\S-1-5-21-2181589896-435413242-1626352173-1001 -> {1E3E8E29-2926-4497-BB84-1488D85E342C} URL = 
SearchScopes: HKU\S-1-5-21-2181589896-435413242-1626352173-1003 -> DefaultScope {1E3E8E29-2926-4497-BB84-1488D85E342C} URL = 
SearchScopes: HKU\S-1-5-21-2181589896-435413242-1626352173-1003 -> {1E3E8E29-2926-4497-BB84-1488D85E342C} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-03-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-16] (Oracle America, Inc. -> Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-03-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: PDFescape Desktop Helper -> {E5F815EE-1391-4A6C-A0DD-488E9A6EC0F2} -> C:\Program Files (x86)\PDFescape Desktop\creator-ie-helper.dll [2016-08-16] (PDFescape -> Red Software)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\b-rch_000\AppData\Roaming\Mozilla\Firefox\Profiles\zb85zi22.default [2018-12-26]
FF Extension: (Avast Online Security) - C:\Users\b-rch_000\AppData\Roaming\Mozilla\Firefox\Profiles\zb85zi22.default\Extensions\[email protected] [2018-12-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\PDFescape Desktop\resources\pdfescapedesktopfirefoxextension
FF Extension: (PDFescape Desktop Creator) - C:\Program Files\PDFescape Desktop\resources\pdfescapedesktopfirefoxextension [2017-01-05] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-08] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-08] (Adobe Systems Incorporated -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-03] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-03] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll [2016-02-29] (Nero AG -> Nero AG)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [2016-07-22] (Nitro Software, Inc. -> Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) [File not signed]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: PDFescape Desktop -> C:\Program Files (x86)\PDFescape Desktop\np-previewer.dll [2016-08-16] (PDFescape -> Red Software)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=PE&userid=266ef3ae-a2dc-3bcb-ed12-2e3715e557b3&searchtype=hp&installDate={installDate}
CHR StartupUrls: Default -> "hxxps://tweetdeck.twitter.com/","hxxps://www.facebook.com/?ref=tn_tnmn","chrome://newtab/","hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default [2018-12-26]
CHR Extension: (Presentaciones) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-17]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2018-12-26]
CHR Extension: (Documentos) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-17]
CHR Extension: (Google Drive) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-25]
CHR Extension: (Simple Pomodoro®) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blidjjfbdbkcmegfnidmgndgdamhhelp [2016-12-24]
CHR Extension: (YouTube) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-18]
CHR Extension: (Slinky Elegante) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2015-02-01]
CHR Extension: (plugCubed) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfeomlnnfncblkheeneahgmngbnbiaoi [2017-12-24]
CHR Extension: (Búsqueda de Google) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-25]
CHR Extension: (Tampermonkey) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-12-25]
CHR Extension: (Share on Rabbit) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplabnbcafdgpcjmibgkekpaejlfhnkl [2017-06-17]
CHR Extension: (Hojas de cálculo) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-17]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-06]
CHR Extension: (Simple Notepad) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnkdbkeniegahdcjeeikjoaapakeomf [2015-02-01]
CHR Extension: (TweetDeck by Twitter) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-10-18]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-12]
CHR Extension: (4chan X) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohnjgmpcibpbafdlkimncjhflgedgpam [2018-12-09]
CHR Extension: (Click&Clean App) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2018-12-24]
CHR Extension: (Gmail) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-26]
CHR Profile: C:\Users\b-rch_000\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-26]
CHR HKU\S-1-5-21-2181589896-435413242-1626352173-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Tampermonkey) - C:\Users\b-rch_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfdhdgbonjidekjkjmjaneanmdmpmidf [2019-04-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6570352 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [360440 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573488 2014-03-04] (Lenovo(Japan)Ltd. -> Lenovo Corporation)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-09-30] (Bluestack Systems, Inc. -> BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-09-30] (Bluestack Systems, Inc. -> BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-09-30] (Bluestack Systems, Inc. -> BlueStack Systems, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd -> Disc Soft Ltd)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [184064 2017-01-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [353768 2018-07-24] (Intel Corporation -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-10-13] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S2 Lenovo QuickSnip Service; C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe [219976 2013-12-02] (Lenovo Information Products (Shenzhen) Co.,Ltd -> LENOVO INCORPORATED.)
S2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2085184 2014-03-04] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [585032 2013-12-02] (Lenovo Information Products (Shenzhen) Co.,Ltd -> LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [702512 2014-03-04] (Lenovo(Japan)Ltd. -> Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-17] (Lenovo(Japan)Ltd. -> Lenovo)
S2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [468288 2013-12-11] (Lenovo(Japan)Ltd. -> )
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273544 2016-12-07] (LENOVO -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2018-02-07] (Intel(R) Wireless Connectivity Solutions -> )
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [327320 2016-07-22] (Nitro Software, Inc. -> Nitro Software, Inc.)
S3 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [417944 2016-07-22] (Nitro Software, Inc. -> )
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24192 2018-03-06] (OpenVPN Technologies, Inc. ->  )
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 PDFescape Desktop; C:\Program Files\PDFescape Desktop\ws.exe [2142184 2016-08-16] (PDFescape -> Red Software)
S3 PDFescape Desktop CrashHandler; C:\Program Files\PDFescape Desktop\crash-handler-ws.exe [926184 2016-08-16] (PDFescape -> Red Software)
R2 PDFescape Desktop Creator; C:\Program Files\PDFescape Desktop\creator-ws.exe [733672 2016-08-16] (PDFescape -> Red Software)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [59440 2014-02-12] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [322608 2014-02-12] (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
R2 Response Hardware; C:\Program Files (x86)\SMART Technologies\SMART Response\ResponseHardwareService.exe [20384 2015-07-17] (SMART Technologies ULC -> SMART Technologies ULC)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333296 2017-09-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTHelperService.exe [617912 2015-07-16] (SMART Technologies ULC -> SMART Technologies)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [259176 2016-10-03] (Synaptics Incorporated -> Synaptics Incorporated)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer -> TeamViewer GmbH)
R2 TopShape-B4 Service; C:\Users\GRM\AppData\Roaming\TopShape-B4\SoftwareUpdate.exe [917504 2018-08-13] (XDisc Corp Ltd) [File not signed]
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [86544 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [56848 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-26] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-26] (Microsoft Corporation -> Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3851432 2018-02-07] (Intel(R) Wireless Connectivity Solutions -> Intel® Corporation)
S3 Power Manager DBC Service; "C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE" [X]

FRST.txt (2/2)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37320 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205608 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [254408 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196304 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320904 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [58168 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [249152 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42496 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [169104 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88152 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034640 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [476264 2019-04-12] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [220632 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380160 2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-09-30] (Bluestack Systems, Inc. -> BlueStack Systems)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-03-21] (Disc Soft Ltd -> Disc Soft Ltd)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET, spol. s r.o. -> ESET)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [7960800 2018-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [77992 2013-10-04] (Intel(R) Software -> Intel Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
S3 massfilter; C:\WINDOWS\System32\drivers\ztembbmassfilter.sys [15360 2012-11-22] (MBB Incorporated) [File not signed]
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-04-18] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 mtkmbim6.2; C:\WINDOWS\System32\drivers\mtkmbim7.sys [209920 2012-12-15] (MBB) [File not signed]
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3595472 2018-10-12] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2015-11-18] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-06-15] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 SMARTMouseFilterx64; C:\WINDOWS\System32\drivers\SMARTMouseFilterx64.sys [10240 2015-07-16] (Microsoft Windows Hardware Compatibility Publisher -> SMART Technologies)
R3 SMARTVHidMiniVistaAmd64; C:\WINDOWS\System32\drivers\SMARTVHidMiniVistaAmd64.sys [9216 2015-07-16] (Microsoft Windows Hardware Compatibility Publisher -> SMART Technologies)
R3 SMARTVTabletPCx64; C:\WINDOWS\System32\drivers\SMARTVTabletPCx64.sys [70656 2015-07-16] (Microsoft Windows Hardware Compatibility Publisher -> SMART Technologies ULC)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51296 2016-10-03] (Synaptics Incorporated -> Synaptics Incorporated)
R1 SMIDriver; C:\WINDOWS\system32\DRIVERS\smi.sys [39488 2016-07-13] (Synaptics Inc. -> Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [735744 2016-03-11] (Sunplus Innovation Technology Inc. -> Sunplus)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 SWIX64; C:\Program Files (x86)\Lenovo\System Update\tvsuhd64.sys [33856 2012-09-12] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo Group Limited)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 trufos; C:\WINDOWS\System32\drivers\trufos.sys [520032 2016-06-22] (Bitdefender SRL -> BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2018-12-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2018-12-26] (Microsoft Windows -> Microsoft Corporation)
S3 wdf_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [82944 2012-12-14] (MBB) [File not signed]
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-26] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2018-01-23] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-19 02:28 - 2019-04-19 02:28 - 002231920 _____ (Opera Software) C:\Users\b-rch_000\Downloads\OperaSetup.exe
2019-04-19 02:26 - 2019-04-19 02:26 - 000000219 _____ C:\Users\b-rch_000\Desktop\Dota 2.url
2019-04-19 02:22 - 2019-04-19 02:27 - 000045995 _____ C:\Users\b-rch_000\Desktop\FRST.txt
2019-04-19 02:21 - 2019-04-19 02:22 - 000000000 ____D C:\FRST
2019-04-19 02:19 - 2019-04-19 02:19 - 002434048 _____ (Farbar) C:\Users\b-rch_000\Desktop\FRST64.exe
2019-04-19 02:16 - 2019-04-19 02:16 - 000019222 _____ C:\Users\b-rch_000\Downloads\Steam Web Integration.user.js
2019-04-18 00:06 - 2019-04-18 00:06 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-16 20:41 - 2019-04-02 03:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-16 20:41 - 2019-04-02 03:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-16 20:41 - 2019-04-02 02:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-16 20:41 - 2019-04-02 00:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-16 20:40 - 2019-04-02 07:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-16 20:40 - 2019-04-02 07:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-16 20:40 - 2019-04-02 07:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-16 20:40 - 2019-04-02 07:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-16 20:40 - 2019-04-02 04:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-16 20:40 - 2019-04-02 04:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-16 20:40 - 2019-04-02 04:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-16 20:40 - 2019-04-02 03:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-16 20:40 - 2019-04-02 03:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-16 20:40 - 2019-04-02 03:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-16 20:40 - 2019-04-02 03:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-16 20:40 - 2019-04-02 03:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-16 20:40 - 2019-04-02 03:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-16 20:40 - 2019-04-02 03:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-16 20:40 - 2019-04-02 02:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-16 20:40 - 2019-04-02 02:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-16 20:40 - 2019-04-02 02:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-16 20:40 - 2019-04-02 02:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-16 20:40 - 2019-04-02 02:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-16 20:40 - 2019-04-02 02:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-16 20:40 - 2019-04-02 00:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-16 20:40 - 2019-04-01 23:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-16 20:40 - 2019-04-01 23:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-16 20:40 - 2019-04-01 23:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-16 20:40 - 2019-03-14 09:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-16 20:40 - 2019-03-14 09:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-16 20:40 - 2019-03-14 09:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-16 20:40 - 2019-03-14 03:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-16 20:40 - 2019-03-14 03:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-16 20:40 - 2019-03-14 03:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-16 20:40 - 2019-03-14 03:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-16 20:40 - 2019-03-14 03:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-16 20:40 - 2019-03-14 03:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-16 20:40 - 2019-03-14 03:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-16 20:40 - 2019-03-14 03:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-16 20:40 - 2019-03-14 03:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-16 20:40 - 2019-03-14 03:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-16 20:40 - 2019-03-14 03:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-16 20:40 - 2019-03-14 03:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-16 20:40 - 2019-03-14 03:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-16 20:40 - 2019-03-14 03:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-16 20:40 - 2019-03-14 02:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-16 20:40 - 2019-03-14 02:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-16 20:40 - 2019-03-14 02:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-16 20:40 - 2019-03-14 02:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-16 20:40 - 2019-03-14 02:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-16 20:40 - 2019-03-14 02:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-16 20:40 - 2019-03-14 02:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-16 20:40 - 2019-03-14 02:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-16 20:40 - 2019-03-14 02:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-16 20:40 - 2019-03-14 02:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-16 20:40 - 2019-03-14 02:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-16 20:40 - 2019-03-14 02:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-16 20:40 - 2019-03-14 02:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-16 20:40 - 2019-03-14 02:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-16 20:40 - 2019-03-13 20:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-16 20:39 - 2019-04-02 07:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-16 20:39 - 2019-04-02 07:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-16 20:39 - 2019-04-02 07:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-16 20:39 - 2019-04-02 07:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-16 20:39 - 2019-04-02 07:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-16 20:39 - 2019-04-02 07:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-16 20:39 - 2019-04-02 07:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-16 20:39 - 2019-04-02 07:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-16 20:39 - 2019-04-02 07:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-16 20:39 - 2019-04-02 07:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-16 20:39 - 2019-04-02 07:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-16 20:39 - 2019-04-02 07:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-16 20:39 - 2019-04-02 04:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-16 20:39 - 2019-04-02 04:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-16 20:39 - 2019-04-02 04:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-16 20:39 - 2019-04-02 04:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-16 20:39 - 2019-04-02 04:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-16 20:39 - 2019-04-02 04:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-16 20:39 - 2019-04-02 03:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-16 20:39 - 2019-04-02 03:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-16 20:39 - 2019-04-02 03:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-16 20:39 - 2019-04-02 03:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-16 20:39 - 2019-04-02 03:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-16 20:39 - 2019-04-02 03:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-16 20:39 - 2019-04-02 03:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-16 20:39 - 2019-04-02 03:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-16 20:39 - 2019-04-02 02:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-16 20:39 - 2019-04-02 02:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-16 20:39 - 2019-04-02 02:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-16 20:39 - 2019-04-02 02:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-16 20:39 - 2019-04-02 02:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-16 20:39 - 2019-04-02 02:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-16 20:39 - 2019-04-02 02:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-16 20:39 - 2019-04-02 02:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-16 20:39 - 2019-04-02 02:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-16 20:39 - 2019-04-02 02:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-16 20:39 - 2019-04-02 02:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-16 20:39 - 2019-04-02 01:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-16 20:39 - 2019-04-02 00:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-16 20:39 - 2019-04-02 00:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-16 20:39 - 2019-04-02 00:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-16 20:39 - 2019-04-01 23:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-16 20:39 - 2019-04-01 23:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-16 20:39 - 2019-04-01 23:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-16 20:39 - 2019-04-01 23:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-16 20:39 - 2019-04-01 23:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-16 20:39 - 2019-04-01 23:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-16 20:39 - 2019-04-01 23:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-16 20:39 - 2019-04-01 23:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-16 20:39 - 2019-03-16 07:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-16 20:39 - 2019-03-16 04:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-16 20:39 - 2019-03-14 09:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-16 20:39 - 2019-03-14 09:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-16 20:39 - 2019-03-14 09:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-16 20:39 - 2019-03-14 09:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-16 20:39 - 2019-03-14 09:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-16 20:39 - 2019-03-14 09:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-16 20:39 - 2019-03-14 09:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-16 20:39 - 2019-03-14 09:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-16 20:39 - 2019-03-14 09:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-16 20:39 - 2019-03-14 09:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-16 20:39 - 2019-03-14 08:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-16 20:39 - 2019-03-14 08:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-16 20:39 - 2019-03-14 08:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-16 20:39 - 2019-03-14 08:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-16 20:39 - 2019-03-14 08:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-16 20:39 - 2019-03-14 08:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-16 20:39 - 2019-03-14 03:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-16 20:39 - 2019-03-14 03:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-16 20:39 - 2019-03-14 03:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-16 20:39 - 2019-03-14 03:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-16 20:39 - 2019-03-14 03:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-16 20:39 - 2019-03-14 03:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-16 20:39 - 2019-03-14 03:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-16 20:39 - 2019-03-14 03:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-16 20:39 - 2019-03-14 03:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-16 20:39 - 2019-03-14 03:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-16 20:39 - 2019-03-14 03:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-16 20:39 - 2019-03-14 03:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-16 20:39 - 2019-03-14 03:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-16 20:39 - 2019-03-14 03:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-16 20:39 - 2019-03-14 03:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-16 20:39 - 2019-03-14 03:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-16 20:39 - 2019-03-14 03:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-16 20:39 - 2019-03-14 03:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-16 20:39 - 2019-03-14 03:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-16 20:39 - 2019-03-14 03:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-16 20:39 - 2019-03-14 03:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-16 20:39 - 2019-03-14 03:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-16 20:39 - 2019-03-14 03:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-16 20:39 - 2019-03-14 03:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-16 20:39 - 2019-03-14 03:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-16 20:39 - 2019-03-14 03:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-16 20:39 - 2019-03-14 03:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-16 20:39 - 2019-03-14 03:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-16 20:39 - 2019-03-14 03:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-16 20:39 - 2019-03-14 03:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-16 20:39 - 2019-03-14 03:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-16 20:39 - 2019-03-14 03:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-16 20:39 - 2019-03-14 03:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-16 20:39 - 2019-03-14 03:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-16 20:39 - 2019-03-14 03:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-16 20:39 - 2019-03-14 03:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-16 20:39 - 2019-03-14 03:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-16 20:39 - 2019-03-14 02:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-16 20:39 - 2019-03-14 02:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-16 20:39 - 2019-03-14 02:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-16 20:39 - 2019-03-14 02:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-16 20:39 - 2019-03-14 02:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-16 20:39 - 2019-03-14 02:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-16 20:39 - 2019-03-14 02:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-16 20:39 - 2019-03-14 02:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-16 20:39 - 2019-03-14 02:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-16 20:39 - 2019-03-14 02:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-16 20:39 - 2019-03-14 02:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-16 20:39 - 2019-03-14 02:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-16 20:39 - 2019-03-14 02:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-16 20:39 - 2019-03-14 02:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-16 20:39 - 2019-03-14 02:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-16 20:39 - 2019-03-14 02:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-16 20:39 - 2019-03-14 02:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-16 20:39 - 2019-03-14 02:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-16 20:39 - 2019-03-14 02:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-16 20:39 - 2019-03-14 02:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-16 20:39 - 2019-03-14 02:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-16 20:39 - 2019-03-14 02:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-16 20:39 - 2019-03-14 02:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-16 20:39 - 2019-03-14 02:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-16 20:39 - 2019-03-14 02:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-16 20:39 - 2019-03-14 02:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-16 20:39 - 2019-03-14 02:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-16 20:39 - 2019-03-14 02:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-16 20:39 - 2019-03-14 02:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-16 20:39 - 2019-03-14 02:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-16 20:39 - 2019-03-14 02:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-16 20:39 - 2019-03-14 02:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-16 20:39 - 2019-03-14 02:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-16 20:39 - 2019-03-14 02:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-16 20:39 - 2019-03-14 02:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-16 20:39 - 2019-03-14 02:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-16 20:39 - 2019-03-14 02:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-16 20:39 - 2019-03-13 20:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-16 20:39 - 2019-03-13 20:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-16 20:39 - 2019-03-13 20:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-16 20:39 - 2019-03-13 20:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-16 00:09 - 2019-04-16 00:09 - 000118784 _____ C:\Users\GRM\Downloads\3.REPORTE CAS 2019 (1).xls
2019-04-16 00:09 - 2019-04-16 00:09 - 000042969 _____ C:\Users\GRM\Downloads\3.Asist. Serums Reg.-MAR.2019- (1).xlsx
2019-04-16 00:08 - 2019-04-16 00:08 - 001546240 _____ C:\Users\GRM\Downloads\3. REPORTE MAR.2019 (2).xls
2019-04-16 00:06 - 2019-04-16 00:06 - 001568768 _____ C:\Users\GRM\Downloads\1. REPORTE MARZO 2019 GUARDIAS (1).xls
2019-04-15 23:28 - 2019-04-15 23:28 - 000606208 _____ C:\Users\GRM\Downloads\1.Personal CAS ENE-DIC 2019 (2).xls
2019-04-15 23:14 - 2019-04-15 23:14 - 000238080 _____ C:\Users\GRM\Downloads\DESC. FOASES FEBRERO 2019 -   MODIFICADO (4).xls
2019-04-15 23:12 - 2019-04-15 23:12 - 000236544 _____ C:\Users\GRM\Downloads\DESC. FOASES FEBRERO 2019 (1).xls
2019-04-15 23:01 - 2019-04-15 23:11 - 000243200 _____ C:\Users\GRM\Downloads\DESC. FOASES FEBRERO 2019.xls
2019-04-15 22:59 - 2019-04-15 22:59 - 000606208 _____ C:\Users\GRM\Downloads\1.Personal CAS ENE-DIC 2019 (1).xls
2019-04-15 22:58 - 2019-04-15 22:58 - 000042969 _____ C:\Users\GRM\Downloads\3.Asist. Serums Reg.-MAR.2019-.xlsx
2019-04-15 22:56 - 2019-04-15 22:56 - 000118784 _____ C:\Users\GRM\Downloads\3.REPORTE CAS 2019.xls
2019-04-15 22:54 - 2019-04-15 22:54 - 001546752 _____ C:\Users\GRM\Downloads\3. REPORTE MAR.2019 (1).xls
2019-04-15 22:53 - 2019-04-15 22:53 - 001546752 _____ C:\Users\GRM\Downloads\3. REPORTE MAR.2019.xls
2019-04-15 22:51 - 2019-04-15 22:51 - 000058125 _____ C:\Users\GRM\Downloads\01.Asist. Serums Nacional-MARZO2019-.xlsx
2019-04-15 22:49 - 2019-04-15 22:49 - 000606208 _____ C:\Users\GRM\Downloads\1.Personal CAS ENE-DIC 2019.xls
2019-04-15 22:47 - 2019-04-15 22:47 - 000040417 _____ C:\Users\GRM\Downloads\1.Asist. Serums Reg.-MARZO 2019-.xlsx
2019-04-15 22:42 - 2019-04-15 22:42 - 001568768 _____ C:\Users\GRM\Downloads\1. REPORTE MARZO 2019 GUARDIAS.xls
2019-04-12 22:43 - 2019-04-12 22:43 - 000000077 _____ C:\WINDOWS\system32\Drivers\aswSP.sys.sum
2019-04-11 18:07 - 2019-04-11 18:08 - 013524748 _____ C:\Users\GRM\Downloads\Semana Santa para niños (1ª Parte) - Jesús mi Superamigo.mp4
2019-04-11 18:04 - 2019-04-11 18:05 - 009090044 _____ C:\Users\GRM\Downloads\entrada en Jerusalen - Domingo de Ramos.mp4
2019-04-09 19:51 - 2019-04-15 23:33 - 000109056 _____ C:\Users\GRM\Documents\INFORMAC. A CTA. VAC. Y S.V.O. MARZO 2019.xls
2019-04-06 18:07 - 2019-04-16 00:46 - 001517056 _____ C:\Users\GRM\Documents\MARZO 2019 RED.xls
2019-03-26 18:41 - 2019-03-26 18:42 - 034494089 _____ C:\Users\GRM\Downloads\Adivinar Jugando con las 15 Adivinanzas y acertijos de Frutas _ Video para niños.mp4
2019-03-24 13:29 - 2019-03-24 13:31 - 042198876 _____ C:\Users\GRM\Downloads\La hora del Planeta - Canciones Infantiles Ahora el Planeta.mp4
2019-03-23 17:44 - 2019-03-23 17:51 - 187387620 _____ C:\Users\GRM\Downloads\Matemática cuaderno de trabajo 2.pdf
2019-03-23 16:40 - 2019-03-23 16:40 - 000418075 _____ C:\Users\GRM\Downloads\DEUDA SOCIAL UGEL MARISCAL NIETO.pdf
2019-03-21 22:20 - 2019-03-21 22:20 - 021937341 _____ C:\Users\GRM\Downloads\Aprendamos con Paquito_ Utilidades del agua (Otros usos del agua).mp4

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-19 02:24 - 2017-04-12 23:23 - 000000000 ____D C:\Program Files (x86)\Steam
2019-04-19 02:17 - 2015-04-05 11:45 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-04-19 02:16 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-19 02:08 - 2018-05-20 04:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-19 02:05 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-19 02:03 - 2017-12-20 18:10 - 000000000 ____D C:\Users\b-rch_000\AppData\Local\Packages
2019-04-19 01:54 - 2018-12-08 23:55 - 000000000 ____D C:\Users\b-rch_000\AppData\Local\LenovoServiceBridge
2019-04-19 01:52 - 2019-03-09 10:17 - 000000000 ____D C:\Users\GRM\AppData\Local\AVAST Software
2019-04-19 01:52 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-19 01:50 - 2014-12-20 22:30 - 000000193 _____ C:\Users\b-rch_000\AppData\Local\RegisteredPackageInformation.xml
2019-04-18 14:54 - 2014-08-31 16:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-18 14:47 - 2014-08-31 16:12 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-18 14:44 - 2013-08-22 08:25 - 000000167 _____ C:\WINDOWS\win.ini
2019-04-18 09:55 - 2016-10-02 11:44 - 000000000 ____D C:\Users\GRM\AppData\Roaming\Nitro
2019-04-18 00:32 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-18 00:15 - 2018-12-26 23:40 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-04-18 00:13 - 2018-05-20 04:54 - 001768612 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-18 00:13 - 2018-04-12 11:18 - 000787924 _____ C:\WINDOWS\system32\perfh00A.dat
2019-04-18 00:13 - 2018-04-12 11:18 - 000155520 _____ C:\WINDOWS\system32\perfc00A.dat
2019-04-18 00:13 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-18 00:07 - 2018-09-14 00:14 - 000657464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-18 00:06 - 2018-05-20 05:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-18 00:06 - 2017-04-16 20:40 - 000000933 _____ C:\WINDOWS\Tasks\EPSON L475 Series Update {CA70BF00-F001-4976-A92B-3DEC4B3343EA}.job
2019-04-18 00:06 - 2017-04-16 18:40 - 000000000 ____D C:\ProgramData\Synaptics
2019-04-18 00:06 - 2016-10-09 18:30 - 000000933 _____ C:\WINDOWS\Tasks\EPSON L475 Series Update {58B759E4-F8C4-43B1-8D4E-8FC241F23621}.job
2019-04-18 00:06 - 2016-07-20 16:06 - 000000933 _____ C:\WINDOWS\Tasks\EPSON L475 Series Update {987D8978-2314-4020-8C8E-62495AB28E6E}.job
2019-04-18 00:06 - 2016-04-09 17:17 - 000000933 _____ C:\WINDOWS\Tasks\EPSON L475 Series Update {16A61A19-A1CD-4356-9880-C7005D53033F}.job
2019-04-16 23:20 - 2018-04-11 16:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-04-16 23:18 - 2018-04-11 18:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-16 23:18 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-16 23:18 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-16 23:13 - 2017-09-08 11:48 - 000000000 ____D C:\Users\GRM\AppData\Local\Spotify
2019-04-16 22:43 - 2017-09-08 11:47 - 000000000 ____D C:\Users\GRM\AppData\Roaming\Spotify
2019-04-16 18:57 - 2019-03-07 21:25 - 000000000 ____D C:\Users\GRM\Desktop\SEGUNDO GRADO-2019
2019-04-16 17:53 - 2017-12-20 18:13 - 000000000 ____D C:\Users\GRM\AppData\Local\Packages
2019-04-16 00:49 - 2018-06-07 13:43 - 000000000 ____D C:\Users\GRM\AppData\Local\Deployment
2019-04-15 17:16 - 2017-03-12 10:25 - 000000000 ____D C:\Users\GRM\Documents\DOCUMENTOS DE TRABAJO CRISEIDA
2019-04-12 22:43 - 2018-12-26 23:39 - 000476264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-04-12 22:41 - 2014-08-29 16:07 - 000000000 ____D C:\Users\GRM\AppData\Local\CrashDumps
2019-04-11 15:10 - 2018-12-26 11:54 - 000002310 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-11 15:10 - 2018-12-26 11:54 - 000002269 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-08 00:01 - 2018-12-26 23:32 - 000002988 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-04-08 00:01 - 2018-12-26 23:32 - 000002236 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-04-08 00:01 - 2018-12-26 11:52 - 000003482 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-04-08 00:01 - 2018-12-26 11:52 - 000003258 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-04-08 00:01 - 2018-12-26 11:30 - 000003508 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1545841828
2019-04-08 00:01 - 2018-10-22 16:08 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-04-08 00:01 - 2018-05-20 05:11 - 000003780 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-08 00:01 - 2018-05-20 05:11 - 000003480 _____ C:\WINDOWS\System32\Tasks\EPSON L475 Series Update {CA70BF00-F001-4976-A92B-3DEC4B3343EA}
2019-04-08 00:01 - 2018-05-20 05:11 - 000003480 _____ C:\WINDOWS\System32\Tasks\EPSON L475 Series Update {987D8978-2314-4020-8C8E-62495AB28E6E}
2019-04-08 00:01 - 2018-05-20 05:11 - 000003480 _____ C:\WINDOWS\System32\Tasks\EPSON L475 Series Update {58B759E4-F8C4-43B1-8D4E-8FC241F23621}
2019-04-08 00:01 - 2018-05-20 05:11 - 000003480 _____ C:\WINDOWS\System32\Tasks\EPSON L475 Series Update {16A61A19-A1CD-4356-9880-C7005D53033F}
2019-04-08 00:01 - 2018-05-20 05:11 - 000002878 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2181589896-435413242-1626352173-1002
2019-04-08 00:01 - 2018-05-20 05:11 - 000002858 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2181589896-435413242-1626352173-1001
2019-04-08 00:01 - 2018-05-20 05:11 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2181589896-435413242-1626352173-1003
2019-04-08 00:01 - 2018-05-20 05:11 - 000002318 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2181589896-435413242-1626352173-500
2019-04-08 00:01 - 2018-05-20 05:11 - 000002306 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_Dolby
2019-04-08 00:01 - 2018-05-20 05:11 - 000002302 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2019-04-08 00:01 - 2018-05-20 05:11 - 000002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2019-04-04 19:52 - 2018-11-28 17:57 - 000000000 ____D C:\Program Files\rempl
2019-04-01 14:17 - 2018-09-17 05:53 - 000002439 _____ C:\Users\GRM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-04-01 14:17 - 2014-08-30 15:59 - 000000000 __RDO C:\Users\GRM\OneDrive
2019-04-01 12:51 - 2018-04-11 18:41 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-01 12:51 - 2018-04-11 18:41 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-26 17:06 - 2019-02-06 10:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-03-26 17:06 - 2019-02-06 10:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-03-24 16:59 - 2018-03-10 08:22 - 000000000 ____D C:\Users\GRM\Desktop\PRIMER°-2018

==================== Files in the root of some directories =======

2019-02-06 10:00 - 2019-02-06 10:00 - 000322024 _____ (Mozilla) C:\Users\GRM\Firefox Installer.exe
2014-07-16 16:58 - 2003-03-21 12:45 - 000250544 _____ (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx
2017-06-18 02:37 - 2017-06-18 02:37 - 000000044 _____ () C:\Users\b-rch_000\AppData\Roaming\twow_sysprepdt.dat
2016-03-20 18:21 - 2016-03-20 18:22 - 238722213 _____ () C:\Users\b-rch_000\AppData\Local\ACCCx3_5_1_209.zip.aamdownload
2016-03-20 18:21 - 2016-03-20 18:22 - 000002741 _____ () C:\Users\b-rch_000\AppData\Local\ACCCx3_5_1_209.zip.aamdownload.aamd
2016-03-20 16:24 - 2016-03-20 16:24 - 000007064 _____ () C:\Users\b-rch_000\AppData\Local\recently-used.xbel
2014-12-20 22:30 - 2019-04-19 01:50 - 000000193 _____ () C:\Users\b-rch_000\AppData\Local\RegisteredPackageInformation.xml

Some files in TEMP:
====================
2019-04-19 02:07 - 2019-04-19 02:07 - 003520000 _____ (Opera Software) C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_19041907070032415124.dll
2019-04-19 02:07 - 2019-04-19 02:07 - 003520000 _____ (Opera Software) C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_1904190707152454184.dll
2019-04-19 02:09 - 2019-04-19 02:09 - 003520000 _____ (Opera Software) C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_19041907090107510960.dll
2019-04-19 02:09 - 2019-04-19 02:09 - 003520000 _____ (Opera Software) C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_19041907091812110296.dll
2019-04-19 02:21 - 2019-04-19 02:21 - 003520000 _____ (Opera Software) C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_1904190721460397988.dll
2019-04-19 02:21 - 2019-04-19 02:21 - 003520000 _____ (Opera Software) C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_1904190721477427840.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-20 04:27

==================== End of FRST.txt ============================

Addition.txt (1/2)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18.04.2019
Ran by b-rch_000 (19-04-2019 02:33:43)
Running from C:\Users\b-rch_000\Desktop
Windows 10 Home Single Language Version 1803 17134.706 (X64) (2018-05-20 10:12:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2181589896-435413242-1626352173-500 - Administrator - Disabled)
b-rch_000 (S-1-5-21-2181589896-435413242-1626352173-1003 - Administrator - Enabled) => C:\Users\b-rch_000
DefaultAccount (S-1-5-21-2181589896-435413242-1626352173-503 - Limited - Disabled)
GRM (S-1-5-21-2181589896-435413242-1626352173-1001 - Administrator - Enabled) => C:\Users\GRM
Invitado (S-1-5-21-2181589896-435413242-1626352173-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2181589896-435413242-1626352173-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Active Protection System de ThinkVantage (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.72 - Hulubulu Software)
AIMP (HKLM-x32\...\AIMP) (Version: v4.01.1705, 19.03.2016 - AIMP DevTeam)
Atenex 4 (HKLM-x32\...\{1899D27D-32AA-4419-8E57-02FA8FA12091}) (Version: 4.3.0 - Atenex)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.3.2369 - AVAST Software)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
BlueStacks App Player (HKLM-x32\...\{F22E13B7-2C58-4BE6-BA9D-24303403B494}) (Version: 0.10.6.8001 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.6795 - CDBurnerXP)
CGS17_Setup_x64 (HKLM\...\{83646B67-A878-4E95-BB4B-AF4A6E61F28C}) (Version: 17.1 - Corel Corporation) Hidden
Compatibilidad con Aplicaciones de Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Construct 2 r195 (HKLM\...\Construct 2_is1) (Version: 1.0.195.0 - Scirra)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B865FDD4-E96E-4166-BB69-6E8C207E3E29}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\{B865FDD4-E96E-4166-BB69-6E8C207E3E29}) (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (HKLM\...\{9464C064-AAC7-4416-BFE4-4C3C0232FC71}) (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (HKLM-x32\...\{5D0275EA-F3CE-450A-A5A3-F852E30CA46F}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (HKLM\...\{2C91CB9D-323D-43E5-A433-229B71CFB773}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (HKLM-x32\...\{994F3055-8433-46A7-8E1F-6CC7B68B01F0}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (HKLM\...\{9178F0A8-B6F6-4DA7-AD63-317CC4875F4B}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (HKLM-x32\...\{EFB8E269-0619-475B-8C5B-96F98551AA33}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (HKLM\...\{BD036E95-A9CD-4DED-B744-95AB1DCAFF0C}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (HKLM-x32\...\{84749C5C-FA80-4779-BD96-544165A8CD31}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (HKLM\...\{5162E418-BB43-4C8F-ACD6-069645EF98C3}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (HKLM-x32\...\{30FAE453-9F77-4F70-928E-042BEF00D011}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (HKLM\...\{2C0DDC74-5234-43DD-BB5A-0645B8FE5289}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - ES (HKLM-x32\...\{168EC2AB-9458-40F7-9C2B-424EFE565CE3}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - ES (x64) (HKLM\...\{65168D5C-A6DD-4C1B-BF5C-860A39CDD05E}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (HKLM-x32\...\{8DADD35F-49CE-4D18-AE6D-135DD150E74F}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (HKLM\...\{D10A5CFA-FE33-4F06-AE37-554604F00A52}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (HKLM-x32\...\{7F5DE3F2-5865-4D4A-89D1-AAEFE1F96E50}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (HKLM\...\{5406029B-67AD-4F8E-9F2D-F1959CD9CD86}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (HKLM-x32\...\{657EAD32-8E7A-43C0-A794-3BB31B00DC34}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (HKLM-x32\...\{D29A4F85-0FB7-4E54-B591-044652C4295F}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (HKLM-x32\...\{0A0143FF-ECB5-4960-A2E0-DC3150ABBBE0}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (HKLM\...\{C922F325-DD52-4E22-B204-431A06E63E51}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (HKLM-x32\...\{950055ED-DC61-4874-8EDB-E5CDE1D218CD}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (HKLM\...\{1A73168F-5983-46A6-AAAB-FD83BC231E02}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (HKLM-x32\...\{F3286FA3-DF68-4948-8D1D-ED3A539077B3}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (HKLM\...\{C57EDB5A-AC8E-4E03-9F1A-DC013A2BB9B2}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (HKLM-x32\...\{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (HKLM\...\{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (HKLM-x32\...\{877522BE-A318-4603-9B00-DF319C6FA2B1}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (HKLM\...\{5672E0DC-7489-4EAC-8CFD-E01B3868FCB5}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (HKLM-x32\...\{4C614BD3-607E-4289-BB51-4D87EC7BBD62}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (HKLM\...\{966996DC-D67C-40E3-8BD4-31FA0F093571}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (HKLM-x32\...\{246FE426-2661-4DD6-9603-DF2E6832387C}) (Version: 17.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: 17.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (HKLM-x32\...\_{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.0.0.491 - Corel Corporation)
CorelDRAW Graphics Suite X7 (HKLM-x32\...\{08A60D9D-C206-46BF-9602-1F2616878CF7}) (Version: 17.0 - Corel Corporation) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0152 - Disc Soft Ltd)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Discord (HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\Discord) (Version: 0.0.301 - Discord Inc.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
En pantalla (HKLM\...\OnScreenDisplay) (Version: 8.26.00 - )
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{DB1C500D-1504-46B1-9976-5CBE008E2C88}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{4B22C430-7EA8-4534-8358-376FD900B953}) (Version: 3.10.0042 - Seiko Epson Corporation)
EPSON L475 Series Printer Uninstall (HKLM\...\EPSON L475 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
Eurobattle.net (HKLM-x32\...\Eurobattle.net) (Version:  - Eurobattle.net)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
GunboundLS (HKLM-x32\...\GunboundLS_is1) (Version:  - Softnyx co.,Ltd.)
HotPotatoes v 6.3.0.5 (HKLM-x32\...\hotpot_is1) (Version:  - HalfBaked)
IBM SPSS Statistics 22 (HKLM-x32\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)
IHMC CmapTools v5.06 (HKLM\...\IHMC CmapTools v5.06) (Version: 5.0.6.0 - Institute for Human & Machine Cognition)
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.35 - Softex Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1015 - Intel Corporation)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4963 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.1) (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
JClic (offline) (HKLM-x32\...\JClic (offline)) (Version:  - )
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 10.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.11 - )
Lenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.6.18.0 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.11.0 - Lenovo)
Lenovo Patch Utility (HKLM-x32\...\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{49A09C2C-FFF4-478E-B397-5E0979F67F5D}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.4 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Lenovo QuickControl (HKLM-x32\...\{4855C42F-5197-4AAD-A50D-5066D2CC4647}) (Version: 2.10 - Lenovo Group Limited)
Lenovo Service Bridge (HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.2.2.0 - Lenovo Corporation)
Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.3.0.10 - Lenovo Group Limited)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.0.0.15 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.1.0.5 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{AFDE512F-7BCD-46B6-91C0-230812139EEF}) (Version: 3.4.002.006 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
LibreOffice 4.2.5.2 (HKLM-x32\...\{8D8F47B2-0E03-4C50-9803-A01120878F96}) (Version: 4.2.5.2 - The Document Foundation)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Manual Epson L455 versión 1.0 (HKLM-x32\...\UsersGuideManual Epson L455_is1) (Version: 1.0 - )
Manual Epson L475 versión 1.0 (HKLM-x32\...\UsersGuideManual Epson L475_is1) (Version: 1.0 - )
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{2F8389AA-C867-49D0-AF30-10479F18C7A7}) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2181589896-435413242-1626352173-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 65.0.2 (x64 es-ES) (HKLM\...\Mozilla Firefox 65.0.2 (x64 es-ES)) (Version: 65.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0 - Mozilla)
Music Recorder (HKLM-x32\...\{2484287D-D3C6-4326-B9B7-5379FCBBB34A}) (Version: 14.0.62200.0 - Audials AG)
Nero 2016 (HKLM-x32\...\{381DEEC4-636E-4494-99B5-7891DD3AE1CC}) (Version: 17.0.04000 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Nero TuneItUp (HKLM-x32\...\Nero_tuneitup_is1) (Version: 2.4.4.82 - Nero AG)
Nitro Pro 10 (HKLM\...\{7242D889-1E07-40C9-8FC6-670707B34EE1}) (Version: 10.5.9.9 - Nitro)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
OpenVPN 2.4.6-I602  (HKLM\...\OpenVPN) (Version: 2.4.6-I602 - OpenVPN Technologies, Inc.)
Opera Stable 58.0.3135.127 (HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\Opera 58.0.3135.127) (Version: 58.0.3135.127 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Paquete de controladores de Windows - Intel (e1dexpress) Net  (07/02/2013 12.9.16.0) (HKLM\...\023677FE062B918F6118988706661111844C0205) (Version: 07/02/2013 12.9.16.0 - Intel)
Paquete de controladores de Windows - Intel Corporation (iaStorA) HDC  (11/15/2013 12.8.10.1005) (HKLM\...\D25E6F494D3225DFE05884186452E2C79AF2E506) (Version: 11/15/2013 12.8.10.1005 - Intel Corporation)
Paquete de controladores de Windows - Lenovo 1.67.04.05 (12/17/2013 1.67.04.05) (HKLM\...\68ECF461D6E85BB67AFC110D2FEBF1955C9F26B5) (Version: 12/17/2013 1.67.04.05 - Lenovo)
Paquete de controladores de Windows - Synaptics (SmbDrv) System  (02/25/2014 18.0.7.34) (HKLM\...\BBCACF7AB7B74509B9506D886F8848A6F9948752) (Version: 02/25/2014 18.0.7.34 - Synaptics)
Paquete de controladores de Windows - Synaptics (SynTP) Mouse  (02/25/2014 18.0.7.34) (HKLM\...\8204BE335A7EB81A42BA39FE41BDB3301B14C2E5) (Version: 02/25/2014 18.0.7.34 - Synaptics)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PDFescape Desktop (HKLM-x32\...\PDFescape Desktop) (Version: 1.0.6.28181 - RedSoftware)
PDFescape Desktop Asian Fonts Pack (HKLM\...\{9ABCCE44-8661-4EF3-8AC3-0E0F2A5F8CF4}) (Version: 1.0.16.29260 - Red Software) Hidden
PDFescape Desktop Convert Module (HKLM\...\{CAB18196-001A-40E8-A912-555DAB873FD9}) (Version: 1.0.16.29260 - Red Software) Hidden
PDFescape Desktop Create Module (HKLM\...\{2358B219-A2CE-430E-A4FB-6C0701D4ECA4}) (Version: 1.0.16.29260 - Red Software) Hidden
PDFescape Desktop Edit Module (HKLM\...\{A83DE20B-3AAB-411B-8BF4-DE2755A7AD47}) (Version: 1.0.16.29260 - Red Software) Hidden
PDFescape Desktop Forms Module (HKLM\...\{98D05006-242D-48BA-A545-AD1A6E7A724D}) (Version: 1.0.16.29260 - Red Software) Hidden
PDFescape Desktop Insert Module (HKLM\...\{F51E9C80-B1D2-4544-8848-1AF651732C22}) (Version: 1.0.16.29260 - Red Software) Hidden
PDFescape Desktop Review Module (HKLM\...\{E7D08575-50CB-415B-B3F1-F98CA3019C08}) (Version: 1.0.16.29260 - Red Software) Hidden
PDFescape Desktop Secure Module (HKLM\...\{FAFB30EB-5FDD-4C63-8F2A-EBBE0147803B}) (Version: 1.0.16.29260 - Red Software) Hidden
PDFescape Desktop View Module (HKLM\...\{EFEB683C-05A4-4BF6-A85B-443DB2AB49CA}) (Version: 1.0.16.29260 - Red Software) Hidden
Power PDF v2.0 Advanced version 2.0 (HKLM-x32\...\{96B11029-0A28-48AA-ABED-E47AF8D7B427}_is1) (Version: 2.0 - SamuRa1)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (HKLM-x32\...\{D6E853EC-8960-4D44-AF03-7361BB93227C}) (Version: 10.0.1.2704 - CyberLink Corp.) Hidden
Prerequisite installer (HKLM-x32\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
qBittorrent 3.3.14 (HKLM-x32\...\qBittorrent) (Version: 3.3.14 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Ragnarok Online 2 (HKLM-x32\...\{1C8B2359-127E-490C-8F0B-CDA75F3C0126}) (Version: 2.5.9 - Gravity Interactive, Inc.)
RaidCall 7.3.6 (HKLM-x32\...\RaidCall 7.3.6) (Version: 7.3.6 - RAIDCALL LIMITED)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Scratch 2 Offline Editor (HKLM-x32\...\{55C50340-9692-5580-2451-B0C73A6788D4}) (Version: 255.3 - MIT Media Lab) Hidden
Scratch 2 Offline Editor (HKLM-x32\...\edu.media.mit.Scratch2Editor) (Version: 439.3 - MIT Media Lab)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 12.3.1 - ShareX Team)
SketchUp 2014 (HKLM-x32\...\{94810EE0-0B44-4C6E-A764-54D4021DE0CC}) (Version: 14.1.1282 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SMART Common Files (HKLM-x32\...\{26A95DBF-A866-4838-A8C9-FA219FCBD22E}) (Version: 11.5.159.0 - SMART Technologies ULC)
SMART Controladores del producto (HKLM-x32\...\{A418B556-1E81-4D42-B54E-979720B3DEBF}) (Version: 12.3.646.0 - SMART Technologies ULC)
SMART Ink (HKLM-x32\...\{52ECF84B-09E9-4C98-B4FD-17EE1BC09921}) (Version: 3.1.1764.0 - SMART Technologies ULC)
SMART Notebook (HKLM-x32\...\{5E112563-E291-4C20-849F-49CE3BAD73D1}) (Version: 15.1.771.0 - SMART Technologies ULC)
SMART Spanish Language Pack (HKLM-x32\...\{72F94F7B-EE9A-418D-9F80-5363A5B89EF9}) (Version: 11.4.27.0 - SMART Technologies ULC)
SMRecorder 1.3.2 (HKLM-x32\...\SMRecorder) (Version: 1.3.2 - SMRecorder)
Software de SMART Response (HKLM-x32\...\{C7CD4D95-F200-4500-867A-4D0359FEAD3F}) (Version: 15.1.740.0 - SMART Technologies ULC)
Software Intel® PROSet/Wireless (HKLM-x32\...\{18ec79fd-8f83-4e12-bfa5-80c9872cc56b}) (Version: 20.40.0 - Intel Corporation)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-2181589896-435413242-1626352173-1001\...\Spotify) (Version: 1.1.2.285.ga97985ef - Spotify AB)
Spotify (HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\Spotify) (Version: 1.0.89.313.g34a58dea - Spotify AB)
Stashimi Stub Installer (HKLM-x32\...\{910B539D-F257-46C8-9CB8-6C95EFF9CF22}) (Version: 18.001.1 - Nero AG) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.115 - Synaptics Incorporated)
Synaptics WBF DDK 5011 (HKLM\...\{366CA58E-2FBE-424A-9B2E-9C8095ABDCD5}) (Version: 4.5.278.0 - Synaptics)
Synaptics WBF DDK 5011 (HKLM\...\{4D70781C-36A9-4335-9568-565C6F61B5EB}) (Version: 4.5.278.0 - )
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.8.911.2013 - Lenovo)
TopShape-B4 (HKLM-x32\...\TopShape-B4) (Version: 1.0.0.5 - XCL)
Tux Paint 0.9.21c (HKLM-x32\...\Tux Paint_is1) (Version:  - New Breed Software)
Twin USB Vibration Gamepad (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - )
UltraISO Premium V9.62 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Update for Skype for Business 2015 (KB4462207) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E91507E0-38E5-4415-BAAB-932075CDE00C}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462207) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E91507E0-38E5-4415-BAAB-932075CDE00C}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4462207) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{E91507E0-38E5-4415-BAAB-932075CDE00C}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
UsbFix (HKLM-x32\...\Usbfix) (Version: 9.001 - www.SOSVirus.Net)
Vegas Pro 13.0 (64-bit) (HKLM\...\{204DC300-0BC8-11E5-B87F-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
WaveEditor (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.4514 - CyberLink Corp.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
XMind 6 (v3.5.1) (HKLM-x32\...\XMind_is1) (Version: 3.5.1.201411201906 - XMind Ltd.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2016-03-21] (Artem Izmaylov -> AIMP DevTeam) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-03-07] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 10\NPShellExtension.dll [2016-07-22] (Nitro Software, Inc. -> Nitro PDF)
ContextMenuHandlers1: [NPDF.ShellExtension] -> {03DDC0E5-AF08-40a2-85B9-FEDF1F4A780C} => C:\Program Files (x86)\Nuance\Power PDF\ShellExt.dll -> No File
ContextMenuHandlers1: [PDFescapeDesktop_ManagerExt] -> {EB1F5DDB-7107-4831-BA2B-75FC26DB4224} => C:\Program Files\PDFescape Desktop\creator-context-menu.dll [2016-08-16] (PDFescape -> Red Software)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-02] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll [2016-03-21] (Artem Izmaylov -> AIMP DevTeam) [File not signed]
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-02] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-18] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2014-01-02] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06174DE2-DE3E-469E-864B-1F2F7D8AEE55} - System32\Tasks\adobe flash player updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {07C893E1-1D56-463D-A404-0BAE279A6F8B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0985FD6B-9EAB-471C-970A-5C59D7BE2275} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0A2921D9-3E85-486F-B5E5-5A9296594F7F} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {0C3B8413-44AF-4488-97EA-8F8FC72C4E20} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1B66FAF0-EC40-438D-817C-4EC9FE68E038} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {25CDEABE-C198-4B88-8110-1795943ADB30} - System32\Tasks\Lenovo\LenovoDependencyVersionTask => C:\Program Files\lenovo\SystemAgent\DependencyVersion.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> )
Task: {2BD0CBB1-523D-4A21-9415-CA67634FFA30} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3568D8D9-136E-412A-B236-1C7D56C4EE98} - System32\Tasks\EPSON L475 Series Update {16A61A19-A1CD-4356-9880-C7005D53033F} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNWE.EXE (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {3B54BABA-57A6-41F6-85F9-FC38250791B7} - \WPD\SqmUpload_S-1-5-21-2181589896-435413242-1626352173-1002 -> No File <==== ATTENTION
Task: {4AB96D3D-BEB9-44AF-A3B8-6A0E0CA40376} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {55BCFB17-B7BE-42EE-AD87-99B2BB6DDD5B} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\SystemAgent\AutoUpdate.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> )
Task: {5D0AF940-6892-41AF-A6EC-8C6208C0E8AC} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp. -> CyberLink)
Task: {5D85A02F-BD94-47BA-866D-4E0232EC343B} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {5DD88B19-F835-4781-8DB6-1F8C18C71743} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2181589896-435413242-1626352173-1003 => C:\Users\b-rch_000\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {64AF3CBD-8871-44C9-BE35-6AB1937C5921} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {685B6C9A-0C42-4761-B28C-10416E9C522A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {69D173B7-39A5-43A5-9F59-EFFC68C78B3D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6A696358-6289-4A2C-B2F3-FC5D9E48A077} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgrInst.exe (Lenovo -> )
Task: {6A750171-6830-424A-9D8F-2589AC0C489D} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe (Nero AG -> Nero AG)
Task: {6B930A29-5302-4252-9A71-1EB9DEA9AE6E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe (LENOVO -> Lenovo)
Task: {72786EC0-0C22-43DA-B1F2-57C47FA49DF6} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2181589896-435413242-1626352173-1001 -> No File <==== ATTENTION
Task: {743D2BA7-4E82-4DD0-8D39-5D98978BAF22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7F049AC4-FFF3-4B57-81FB-BDB1E97B6B93} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe (LENOVO -> Lenovo)
Task: {8743A0C0-5597-4B4F-8AA7-ED0583CAE733} - \WPD\SqmUpload_S-1-5-21-2181589896-435413242-1626352173-1001 -> No File <==== ATTENTION
Task: {8A030855-2E49-4ECA-8B11-04A8504565D0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
Task: {8EAB5698-833D-46CD-95D6-89A528991C87} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {8EEFD0ED-87D3-4A73-B75A-F26F6B058149} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {8F445209-DD82-427B-88DF-C94720F595B8} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe (Lenovo -> Lenovo)
Task: {92430A89-5C2C-4D21-97E2-5BC12260381B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated)
Task: {924C6C04-723E-44A2-AA69-5F0CEFAEB56F} - System32\Tasks\Opera scheduled Autoupdate 1545841828 => C:\Users\b-rch_000\AppData\Local\Programs\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {95AF4DA9-D5B5-4090-96E5-1BDB360BCB94} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe () [File not signed]
Task: {96BA7A93-9221-41ED-9224-B4041B959CC0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9A8FF073-4BDE-41B5-8AD7-9FEA4A074F46} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {9C0D1BF3-9EF4-490B-B992-336BC12C05DC} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe (LENOVO -> )
Task: {A28DF693-B9C0-4E91-879D-3127B6C04FA5} - System32\Tasks\Lenovo\Experience Improvement => C:\Users\GRM\AppData\Local\Temp\LenovoExperienceImprovement.exe <==== ATTENTION
Task: {A5F049A0-C8F3-4E93-B2CF-34E94E60A9C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {AAF7B527-7044-4223-A057-0D126BA6851F} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {B0E3FAC3-7A3D-4649-987B-66750690C3FE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {B1DC0E14-69C4-4FD3-9C4D-BA7125EF5032} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B35A9DD5-9089-44D2-A153-44DC4ED8A05C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B5E3429D-5FBD-4B43-BB60-7392FE7B2E92} - \WPD\SqmUpload_S-1-5-21-2181589896-435413242-1626352173-1003 -> No File <==== ATTENTION
Task: {BDA0595D-0A0E-412B-8837-DA27FA86FCC0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C0C69214-19D7-4754-B3BF-F2FF605243FA} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CC5AE2B6-945D-4065-9A3F-146B3B1A425F} - System32\Tasks\EPSON L475 Series Update {58B759E4-F8C4-43B1-8D4E-8FC241F23621} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNWE.EXE (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {D1D64667-DF28-4F0C-9C6C-F2BEF1DF811F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {D49478AF-07DC-4A26-9FF9-5B4D44E33072} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DB1732DF-79D3-4B07-B7BE-BC6E4B9E0049} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe (LENOVO -> )
Task: {DD5398AE-2E19-45F5-AC23-0BF6651F8DC4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E1D298EE-76EB-4945-B55C-2EC16C3665D7} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (LENOVO -> Lenovo)
Task: {EA4303A3-EDCE-45E9-9B38-2AD812BED760} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {EA472F4D-B3A1-425C-82DF-EB8AD93FFA3D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EA60EAA9-3E2E-4541-9ED5-86BB5E1681CF} - System32\Tasks\EPSON L475 Series Update {987D8978-2314-4020-8C8E-62495AB28E6E} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNWE.EXE (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {EC9787C5-82BD-43E3-92D4-A9408EA2751E} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {ECA27CD2-D265-4E88-950A-19EF18A9B991} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp. -> CyberLink Corp.)
Task: {F54A162E-669C-45F7-8956-F227DFE37F67} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {F5FA0BB4-BA3F-4AEB-9AE4-053B35CA4E9A} - System32\Tasks\EPSON L475 Series Update {CA70BF00-F001-4976-A92B-3DEC4B3343EA} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNWE.EXE (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {FA95B6EA-FFD4-460B-82F2-E5A3460F1358} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON L475 Series Update {16A61A19-A1CD-4356-9880-C7005D53033F}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNWE.EXE:/EXE:{16A61A19-A1CD-4356-9880-C7005D53033F} /F:UpdateWORKGROUP\LENOVO$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON L475 Series Update {58B759E4-F8C4-43B1-8D4E-8FC241F23621}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNWE.EXE:/EXE:{58B759E4-F8C4-43B1-8D4E-8FC241F23621} /F:UpdateWORKGROUP\LENOVO$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON L475 Series Update {987D8978-2314-4020-8C8E-62495AB28E6E}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNWE.EXE:/EXE:{987D8978-2314-4020-8C8E-62495AB28E6E} /F:UpdateWORKGROUP\LENOVO$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON L475 Series Update {CA70BF00-F001-4976-A92B-3DEC4B3343EA}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNWE.EXE:/EXE:{CA70BF00-F001-4976-A92B-3DEC4B3343EA} /F:UpdateWORKGROUP\LENOVO$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-03-27 19:09 - 2013-12-05 23:05 - 000179712 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_YLMBNGE.DLL
2015-06-17 16:44 - 2015-06-17 16:44 - 000500736 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2013-08-27 07:32 - 2013-08-27 07:32 - 000747520 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2018-05-20 04:43 - 2018-05-20 04:43 - 000649360 _____ (SMART Technologies ULC -> Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_smarttech.ms.vc120.crt_e7e76aadd9f46776_1.0.19.0_none_affc467131f8f86a\MSVCP120.dll
2018-05-20 04:43 - 2018-05-20 04:43 - 000952464 _____ (SMART Technologies ULC -> Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_smarttech.ms.vc120.crt_e7e76aadd9f46776_1.0.19.0_none_affc467131f8f86a\MSVCR120.dll
2018-08-13 09:47 - 2018-08-13 09:47 - 000917504 _____ (XDisc Corp Ltd) [File not signed] C:\Users\GRM\AppData\Roaming\TopShape-B4\SoftwareUpdate.exe
2016-02-26 01:47 - 2018-11-19 10:32 - 001847808 _____ (ShareX Team) [File not signed] C:\Program Files\ShareX\ShareX.exe
2019-04-19 02:09 - 2019-04-19 02:09 - 003520000 _____ (Opera Software) [File not signed] C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_19041907091812110296.dll
2018-05-20 04:42 - 2018-05-20 04:42 - 000960144 _____ (SMART Technologies ULC -> Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.ms.vc120.crt_e7e76aadd9f46776_1.0.19.0_none_f7a97d4846752170\MSVCR120.dll
2018-05-20 04:42 - 2018-05-20 04:42 - 000144536 _____ (SMART Technologies ULC -> SMART Technologies) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.localization.vc120.2.0_e7e76aadd9f46776_2.0.6.0_none_38bfb285f6631b01\localization-vc120-mt-x86.dll
2018-05-20 04:42 - 2018-05-20 04:42 - 000093368 _____ (SMART Technologies ULC -> SMART Technologies) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.preference.vc120.1.0_e7e76aadd9f46776_1.0.45.0_none_b143556deec5d2a0\preference-vc120-mt-x86.dll
2018-05-20 04:42 - 2018-05-20 04:42 - 000048304 _____ (SMART Technologies ULC -> The ICU Project) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.icu.vc120.53_e7e76aadd9f46776_1.0.25.0_none_49a9c4e0c2af1e3b\icuio53.dll
2018-05-20 04:42 - 2018-05-20 04:42 - 001631408 _____ (SMART Technologies ULC -> The ICU Project) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.icu.vc120.53_e7e76aadd9f46776_1.0.25.0_none_49a9c4e0c2af1e3b\icuin53.dll
2018-05-20 04:41 - 2018-05-20 04:41 - 000022168 _____ (SMART Technologies ULC -> ) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.boost.vc120.1.56_e7e76aadd9f46776_1.0.1.0_none_cacd116f976dee85\boost_system-vc120-mt-1_56.dll
2018-05-20 04:42 - 2018-05-20 04:42 - 000444560 _____ (SMART Technologies ULC -> Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.ms.vc120.crt_e7e76aadd9f46776_1.0.19.0_none_f7a97d4846752170\MSVCP120.dll
2018-05-20 04:41 - 2018-05-20 04:41 - 000045720 _____ (SMART Technologies ULC -> ) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.boost.vc120.1.56_e7e76aadd9f46776_1.0.1.0_none_cacd116f976dee85\boost_date_time-vc120-mt-1_56.dll
2018-05-20 04:41 - 2018-05-20 04:41 - 000087704 _____ (SMART Technologies ULC -> ) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.boost.vc120.1.56_e7e76aadd9f46776_1.0.1.0_none_cacd116f976dee85\boost_thread-vc120-mt-1_56.dll
2018-05-20 04:42 - 2018-05-20 04:42 - 002554544 _____ (SMART Technologies ULC -> Digia Plc) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.qt.vc120.4.8_e7e76aadd9f46776_1.0.81.0_none_740af004a218615f\QtCore4.dll
2018-05-20 04:41 - 2018-05-20 04:41 - 001048760 _____ (SMART Technologies ULC -> SMART Technologies) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.activation.vc120.1.0_e7e76aadd9f46776_1.0.39.0_none_d741fc33f9387374\activation-vc120-mt-x86.dll
2018-05-20 04:41 - 2018-05-20 04:41 - 000633496 _____ (SMART Technologies ULC -> ) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.boost.vc120.1.56_e7e76aadd9f46776_1.0.1.0_none_cacd116f976dee85\boost_regex-vc120-mt-1_56.dll
2018-05-20 04:43 - 2018-05-20 04:43 - 002577048 _____ (SMART Technologies ULC -> ) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.xqilla.vc120.2.3.0_e7e76aadd9f46776_1.0.16.0_none_0fcccb7301c28010\xqilla-vc120-mt-x86.dll
2018-05-20 04:43 - 2018-05-20 04:43 - 000066736 _____ (SMART Technologies ULC -> ) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.zlib.vc120.1.2.8_e7e76aadd9f46776_1.0.1.0_none_a612182f8b93b628\zlib-vc120-mt-x86.dll
2018-05-20 04:42 - 2018-05-20 04:42 - 004436624 _____ (SMART Technologies ULC -> Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.ms.vc120.mfc_e7e76aadd9f46776_1.0.19.0_none_f30e11fc49581065\mfc120u.dll
2018-05-20 04:42 - 2018-05-20 04:42 - 000297136 _____ (SMART Technologies ULC -> The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.openssl.vc120.1.0.1_e7e76aadd9f46776_1.0.21.0_none_7329659be4c06b84\SSLEAY32.dll
2018-05-20 04:42 - 2018-05-20 04:42 - 001328304 _____ (SMART Technologies ULC -> The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.openssl.vc120.1.0.1_e7e76aadd9f46776_1.0.21.0_none_7329659be4c06b84\LIBEAY32.dll
2018-05-20 04:43 - 2018-05-20 04:43 - 001939608 _____ (SMART Technologies ULC -> Apache Software Foundation) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.xerces.vc120.3.1.1_e7e76aadd9f46776_1.0.1.0_none_bcec37e12764709d\xerces-vc120-mt-x86.dll
2018-05-20 04:41 - 2018-05-20 04:41 - 000106136 _____ (SMART Technologies ULC -> ) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.boost.vc120.1.56_e7e76aadd9f46776_1.0.1.0_none_cacd116f976dee85\boost_filesystem-vc120-mt-1_56.dll
2018-05-20 04:41 - 2018-05-20 04:41 - 000030872 _____ (SMART Technologies ULC -> ) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.boost.vc120.1.56_e7e76aadd9f46776_1.0.1.0_none_cacd116f976dee85\boost_chrono-vc120-mt-1_56.dll
2018-05-20 04:42 - 2018-05-20 04:42 - 000315064 _____ (SMART Technologies ULC -> SMART Technologies) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.preference.vc120.1.0_e7e76aadd9f46776_1.0.45.0_none_b143556deec5d2a0\filestore-vc120-mt-x86.dll
2018-05-20 04:42 - 2018-05-20 04:42 - 001118896 _____ (SMART Technologies ULC -> The ICU Project) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.icu.vc120.53_e7e76aadd9f46776_1.0.25.0_none_49a9c4e0c2af1e3b\icuuc53.dll
2018-05-20 04:42 - 2018-05-20 04:42 - 021533872 _____ (SMART Technologies ULC -> The ICU Project) [File not signed] C:\WINDOWS\WinSxS\x86_smarttech.icu.vc120.53_e7e76aadd9f46776_1.0.25.0_none_49a9c4e0c2af1e3b\icudt53.dll
2018-12-26 13:31 - 2019-01-27 19:32 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-12-26 13:31 - 2019-01-27 19:32 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-12-26 13:31 - 2019-01-27 19:32 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-12-26 13:31 - 2019-01-27 19:32 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-12-26 13:31 - 2019-01-27 19:32 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-12-26 13:31 - 2019-01-27 19:32 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-12-26 13:31 - 2019-01-27 19:32 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2018-12-26 13:31 - 2019-01-27 19:32 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2018-12-26 13:31 - 2019-01-27 19:32 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-01-27 19:32 - 2019-01-27 19:32 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-01-27 19:32 - 2019-01-27 19:32 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-12-26 13:31 - 2019-01-27 19:32 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-01-27 19:32 - 2019-01-27 19:32 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-01-27 19:32 - 2019-01-27 19:32 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-01-27 19:32 - 2019-01-27 19:32 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-01-27 19:32 - 2019-01-27 19:32 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-01-27 19:32 - 2019-01-27 19:32 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-01-27 19:32 - 2019-01-27 19:32 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-01-27 19:32 - 2019-01-27 19:32 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll

Addition.txt (2/2)

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:F9CFE070 [318]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2019-01-04 19:50 - 000002131 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   ereg.adobe.com
127.0.0.1                   activate.wip3.adobe.com
127.0.0.1                   3dns-3.adobe.com
127.0.0.1                   3dns-2.adobe.com
127.0.0.1                   adobe-dns.adobe.com
127.0.0.1                   adobe-dns-2.adobe.com
127.0.0.1                   adobe-dns-3.adobe.com
127.0.0.1                   ereg.wip3.adobe.com
127.0.0.1                   activate-sea.adobe.com
127.0.0.1                   wwis-dubc1-vip60.adobe.com
127.0.0.1                   activate-sjc0.adobe.com
127.0.0.1                   hl2rcv.adobe.com
127.0.0.1                   na2m-pr.licenses.adobe.com
127.0.0.1                   na4r.services.adobe.com
127.0.0.1                   ims-na1-prprod.adobelogin.com
127.0.0.1                   na1r.services.adobe.com
127.0.0.1                   hlrcv.stage.adobe.com
127.0.0.1		connect.facebook.com
127.0.0.1		google-analytics.com
127.0.0.1		www.google-analytics.com
127.0.0.1		ssl.google-analytics.com
127.0.0.1		sb.scorecardresearch.com
178.79.157.39		www.gstatic.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %C_EM64T_REDIST11%bin\Intel64;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Lenovo\Fingerprint Manager Pro\;C:\ProgramData\Lenovo\ReadyApps;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\SMART Technologies\SMART Response\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\IBM\SPSS\Statistics\22\JRE\bin;C:\Program Files (x86)\QuickTime\QTSystem\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\b-rch_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 190.113.220.18 - 190.113.220.51
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "LenovoOptMouseUpdate"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "LENOVO.TPKNRRES"
HKLM\...\StartupApproved\Run: => "TpShocks"
HKLM\...\StartupApproved\Run: => "SynLenovoHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Integrated Camera_Monitor"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "ResponseConnectorService"
HKLM\...\StartupApproved\Run32: => "sbsdk-server"
HKLM\...\StartupApproved\Run32: => "IMSS"
HKLM\...\StartupApproved\Run32: => "SMART Board Service"
HKLM\...\StartupApproved\Run32: => "SMARTNotification"
HKLM\...\StartupApproved\Run32: => "Response Desktop Menu"
HKLM\...\StartupApproved\Run32: => "SMART Tray Tools"
HKLM\...\StartupApproved\Run32: => "SMART Ink"
HKLM\...\StartupApproved\Run32: => "USB Security"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Nuance Power PDF Advanced-reminder"
HKLM\...\StartupApproved\Run32: => "PowerPDFInboxMonitor"
HKLM\...\StartupApproved\Run32: => "NuanPowerPdf1NPDFLM"
HKLM\...\StartupApproved\Run32: => "PowerPDF Registry Controller"
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_46362A5B6857AB759B5F5AD138B2764D"
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_CB3DD46AAD0B7A2609102874DF97FB4E"
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\StartupApproved\Run: => "OPENVPN-GUI"
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{74A1326A-D9D1-4D03-918A-9C4B0FE399C3}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe No File
FirewallRules: [{2CF085B1-02F7-4074-9347-AC552AE8FBB2}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe No File
FirewallRules: [UDP Query User{FE18673C-633C-4D92-B824-67990C1DDE11}C:\program files (x86)\ibm\spss\statistics\22\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\22\jre\bin\javaw.exe
FirewallRules: [TCP Query User{7A862CD8-09B5-47F9-B091-C7DC693BAC6C}C:\program files (x86)\ibm\spss\statistics\22\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\22\jre\bin\javaw.exe
FirewallRules: [UDP Query User{B750268E-4A2F-4864-A343-47ED5F01E85A}C:\users\b-rch_000\desktop\games\eurobattle.net\gproxy.exe] => (Allow) C:\users\b-rch_000\desktop\games\eurobattle.net\gproxy.exe () [File not signed]
FirewallRules: [TCP Query User{85C2E105-F5E9-4B72-982C-EFCC2BB83353}C:\users\b-rch_000\desktop\games\eurobattle.net\gproxy.exe] => (Allow) C:\users\b-rch_000\desktop\games\eurobattle.net\gproxy.exe () [File not signed]
FirewallRules: [UDP Query User{0E8BF8D3-C2AC-4A85-9535-C421EA636289}C:\game\softnyxgame\gunboundls\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundls\gunbound.gme (Softnyx Co., Ltd. -> Softnyx)
FirewallRules: [TCP Query User{F769005B-88D2-44E1-A6EA-FF8D9B7E2C95}C:\game\softnyxgame\gunboundls\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundls\gunbound.gme (Softnyx Co., Ltd. -> Softnyx)
FirewallRules: [{682591D3-5696-413F-8CE0-83414F72DC14}] => (Allow) C:\Users\b-rch_000\Desktop\games\warcrafto\Frozen Throne.exe No File
FirewallRules: [{CB86BF13-A5F6-4A04-9FE7-6957AA51C734}] => (Allow) C:\Users\b-rch_000\Desktop\games\warcrafto\Frozen Throne.exe No File
FirewallRules: [{4FF2FFEE-B360-44F6-837D-08218A5A56D2}] => (Allow) C:\Users\b-rch_000\Desktop\games\warcrafto\Frozen Throne.exe No File
FirewallRules: [{1010465C-3021-44FD-BF2D-BF460D68AD4E}] => (Allow) C:\Users\b-rch_000\Desktop\games\warcrafto\Frozen Throne.exe No File
FirewallRules: [{DD116541-6524-4F15-A629-52DC3B331F55}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{051F92A2-FC43-4312-A533-6CD76ACC4558}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{0191068F-E0E5-498F-BDB7-5371306FADB4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{30106C65-282E-4780-8855-E89E555797A2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CF3F5365-F027-4D48-879C-0C6B6A912929}] => (Allow) C:\Users\b-rch_000\Desktop\games\Don't Starve Together.v191480.VeroxPiviGames\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{51DC532A-C4DF-4E5A-B471-BD483829932F}] => (Allow) C:\Users\b-rch_000\Desktop\games\Don't Starve Together.v191480.VeroxPiviGames\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{9B9E0538-49FA-401D-A30F-1E091A7FA342}] => (Allow) C:\Users\b-rch_000\Desktop\games\Don't Starve Together.v191480.VeroxPiviGames\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{F43F78EF-0425-4572-B4C3-8839D90FE6DF}] => (Allow) C:\Users\b-rch_000\Desktop\games\Don't Starve Together.v191480.VeroxPiviGames\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{22C98DF8-76A5-4125-B7F5-EFAE6C2F021C}] => (Allow) C:\Users\b-rch_000\Desktop\games\ppsspp\PPSSPPWindows64.exe (Henrik Rydgård) [File not signed]
FirewallRules: [{E945ED9E-94A1-403F-A703-492B241777C0}] => (Allow) C:\Users\b-rch_000\Desktop\games\ppsspp\PPSSPPWindows64.exe (Henrik Rydgård) [File not signed]
FirewallRules: [{545342AB-0889-4FB2-A799-80C82519809B}] => (Allow) C:\Users\b-rch_000\Desktop\games\ppsspp\PPSSPPWindows64.exe (Henrik Rydgård) [File not signed]
FirewallRules: [{BD62D1CE-716C-4B09-8577-6EBA79DB9997}] => (Allow) C:\Users\b-rch_000\Desktop\games\ppsspp\PPSSPPWindows64.exe (Henrik Rydgård) [File not signed]
FirewallRules: [UDP Query User{3845F562-AF0A-484A-9F5F-F25C9E9AE17A}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{D9E94586-D9DE-4165-AF41-1576E53038B6}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [{E9BF6F0B-E808-4E8F-BED4-77690DBE786B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D81B099C-263A-41C8-8B5D-621136501224}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\22\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{15433A2F-0714-4111-9097-0ECFD00284B3}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\22\stats.com (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{A0163B9A-E57E-4E54-B702-8F7AC501EA3E}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\22\stats.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{25941268-094C-4568-9B4E-DE9C3D77C10E}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\22\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{8B5E3F87-DC88-4A03-B964-A18BA659AD54}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\22\stats.com (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [{CE4D61AB-FBBB-415F-9E15-09E9DCB22E46}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\22\stats.exe (International Business Machines Corporation -> IBM Corp.) [File not signed]
FirewallRules: [UDP Query User{CEA2643C-F7F8-419B-95B3-C739AA559A6D}C:\users\b-rch_000\appdata\local\temp\rarsfx0\hl.exe] => (Allow) C:\users\b-rch_000\appdata\local\temp\rarsfx0\hl.exe No File
FirewallRules: [TCP Query User{6CA6CF70-4AF3-4A9A-8D5B-25D22FE1C1EF}C:\users\b-rch_000\appdata\local\temp\rarsfx0\hl.exe] => (Allow) C:\users\b-rch_000\appdata\local\temp\rarsfx0\hl.exe No File
FirewallRules: [{5D39842F-7223-42ED-AF47-35CABAB14A2C}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Response\ResponseSoftwareService.exe (SMART Technologies ULC -> SMART Technologies ULC)
FirewallRules: [{C5797F7F-940E-4B2A-AC2C-C42022D2CFF8}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Response\ResponseSoftwareService.exe (SMART Technologies ULC -> SMART Technologies ULC)
FirewallRules: [{EE8F7559-5874-45BC-9954-34BD112CF506}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\Notebook.exe (SMART Technologies ULC -> SMART Technologies ULC)
FirewallRules: [{3778D8C7-466B-40E6-85EA-9FAFDB67CEF0}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\Notebook.exe (SMART Technologies ULC -> SMART Technologies ULC)
FirewallRules: [{4DC2584B-DA48-4619-B39C-655C44C561A8}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC -> SMART Technologies)
FirewallRules: [{0FB97833-BC07-4120-A37F-B3C7E7441845}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC -> SMART Technologies)
FirewallRules: [{597CCF76-E72B-4D73-9994-98F2C4425774}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\UCService.exe (SMART Technologies ULC -> SMART Technologies)
FirewallRules: [{2DD22673-3358-4B78-B571-720F3F6B9652}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\UCService.exe (SMART Technologies ULC -> SMART Technologies)
FirewallRules: [{C0477AFB-8D8E-4674-9116-BDFF6B8EC710}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\UCGui.exe (SMART Technologies ULC -> SMART Technologies)
FirewallRules: [{C93C75E9-F76C-431B-8EB5-CDAF4E21EFB7}] => (Allow) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\UCGui.exe (SMART Technologies ULC -> SMART Technologies)
FirewallRules: [UDP Query User{549F41CF-AC4B-4E0F-AB8B-39988362B732}C:\program files\ihmc cmaptools\jre\bin\javaw.exe] => (Block) C:\program files\ihmc cmaptools\jre\bin\javaw.exe
FirewallRules: [TCP Query User{32625D8D-260B-4B63-8726-BB978CB960F4}C:\program files\ihmc cmaptools\jre\bin\javaw.exe] => (Block) C:\program files\ihmc cmaptools\jre\bin\javaw.exe
FirewallRules: [{4C943306-2B51-48BF-88D4-3013CF7C2023}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
FirewallRules: [{62F5F872-0A25-4903-9B96-B59503DF18D8}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe (Lenovo(Japan)Ltd. -> Lenovo Group Limited)
FirewallRules: [{4888004C-5996-4BD4-AC5A-C7ED02235020}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe No File
FirewallRules: [{A30B02B4-3B6F-48D2-9DE0-5BCFAC1ED2D2}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe No File
FirewallRules: [{4CFDBA6A-C274-429C-9892-4347377BBA2F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe No File
FirewallRules: [{C7C106AE-78E4-47AA-BA07-65D7E3867AB4}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe No File
FirewallRules: [{18126F95-3996-4AA0-9FEC-90A67032CB27}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F5D055FC-9C61-499C-9DAC-167E5BD3A15A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{A8A95BE8-F811-4BEC-9FAC-278A0AF15AEF}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe No File
FirewallRules: [{683F67C1-B97C-4A83-9F9F-0F8330D0FC17}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe No File
FirewallRules: [{F1753FFA-6043-4E2A-B9A5-04BB98C48EA1}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe No File
FirewallRules: [{D0DCBA68-F23A-4038-94E6-1D99A77C06C8}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe No File
FirewallRules: [{350D7C9D-EE97-4ADF-98C0-904C5605F7DE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB0E1570-0EE3-451C-B443-1B5D96B2BF11}] => (Allow) LPort=2869
FirewallRules: [{6A61FAB0-DF7E-4C39-88D5-CFE3B4B9B520}] => (Allow) LPort=1900
FirewallRules: [{C3926732-BDB0-4D16-8C3E-184D298AB54C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{48567D0A-5478-413A-956C-26C433FBD5BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [TCP Query User{569DF66D-DC5E-453E-B5BB-A1DA98783A8B}C:\program files (x86)\smart technologies\education software\responsesoftwareservice.exe] => (Block) C:\program files (x86)\smart technologies\education software\responsesoftwareservice.exe No File
FirewallRules: [UDP Query User{E98D2709-2576-417C-B57C-2C53468B4957}C:\program files (x86)\smart technologies\education software\responsesoftwareservice.exe] => (Block) C:\program files (x86)\smart technologies\education software\responsesoftwareservice.exe No File
FirewallRules: [{BC7EDCC0-64E8-43CF-99B1-1B91251BCC25}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (LENOVO -> )
FirewallRules: [{FB45256F-D484-44BB-896D-C7695A82E424}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (LENOVO -> )
FirewallRules: [{C3872044-5231-4221-9307-D7B473AACE94}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe No File
FirewallRules: [{CD255A24-0830-4282-A067-0C09CFC9E871}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe No File
FirewallRules: [{EEAB45CD-98F3-4E05-9530-69DB4FC949E6}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe No File
FirewallRules: [{A24CC76A-068E-4D54-A00D-C31E10E2B07B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe No File
FirewallRules: [{55DF3FE8-93AD-4944-A1D9-54D3BEE701AF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{F653A492-B5F5-495F-A74C-690409B99AA4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{FACD7D17-59B4-4CAC-80E8-36F3406E23DD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{D0443D7F-F9CA-4DF7-B63E-CE5D4A22D5CC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [TCP Query User{94B4F3A8-73EB-48B0-A300-F9F5B8711796}C:\users\b-rch_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\b-rch_000\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{84243574-AD78-45C8-8909-0AEEDC0DD3B3}C:\users\b-rch_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\b-rch_000\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{255A9A6E-5514-4624-B1E1-93E8C6B51680}] => (Allow) C:\Users\b-rch_000\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{AF7AC027-02C0-4091-A40E-8371122BCB40}] => (Allow) C:\Users\b-rch_000\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [TCP Query User{4E2147AE-1725-490A-81D5-3276C272EE3D}C:\program files (x86)\xmind\xmind.exe] => (Allow) C:\program files (x86)\xmind\xmind.exe () [File not signed]
FirewallRules: [UDP Query User{C8BEBE4C-ABF5-482C-BAF9-A3E336BB5041}C:\program files (x86)\xmind\xmind.exe] => (Allow) C:\program files (x86)\xmind\xmind.exe () [File not signed]
FirewallRules: [TCP Query User{FECBA358-C94C-4A2D-8B47-1E2D6C512B88}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin (The Document Foundation) [File not signed]
FirewallRules: [UDP Query User{8290ABBE-CE58-4BDD-A9AB-B5BC570679EE}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin (The Document Foundation) [File not signed]
FirewallRules: [TCP Query User{B47FB633-1352-4F6F-A80F-85630152AC2B}C:\users\b-rch_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\b-rch_000\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{B213BA1B-75C1-45DF-870D-212AFE6F8619}C:\users\b-rch_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\b-rch_000\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F3C07C3B-5E06-426B-AA66-65AAA81A891C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{79C8E0D2-25B8-45C2-92D2-E4EB598E94AD}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9254EF43-DE9E-4DE6-8F7D-0B5A19449491}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{18B1C202-34E6-47FF-A94D-D4E28B965F6D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0E67ED8E-E3C5-4385-8A2F-E2EDDC1137F9}C:\program files (x86)\xmind\xmind.exe] => (Block) C:\program files (x86)\xmind\xmind.exe () [File not signed]
FirewallRules: [UDP Query User{3FE5713D-6A93-41DB-BA65-E04A44175B47}C:\program files (x86)\xmind\xmind.exe] => (Block) C:\program files (x86)\xmind\xmind.exe () [File not signed]
FirewallRules: [TCP Query User{551978FA-B4F8-4675-9A54-CB9E58889928}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{A0B0F69F-7DB7-42D1-9603-3DFF9BD2532A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{1E0A6A32-808A-423C-8A7D-1A2F43871427}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{64B66ABA-8061-4B66-83B2-C691A5872F02}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{46468ADA-C57F-4A41-8BDC-4E8F5F1F60FE}C:\users\b-rch_000\desktop\games\starcraft\starcraft.exe] => (Allow) C:\users\b-rch_000\desktop\games\starcraft\starcraft.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{9979AFA6-1C76-4FEB-8BAC-7EEF4317ECD6}C:\users\b-rch_000\desktop\games\starcraft\starcraft.exe] => (Allow) C:\users\b-rch_000\desktop\games\starcraft\starcraft.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{BB4E7326-2325-4FD3-B746-586B9C1876EB}C:\users\b-rch_000\desktop\games\warcrafto\war3.exe] => (Allow) C:\users\b-rch_000\desktop\games\warcrafto\war3.exe No File
FirewallRules: [UDP Query User{37A32AAC-7A57-44CC-8C0C-0F7908DC17F9}C:\users\b-rch_000\desktop\games\warcrafto\war3.exe] => (Allow) C:\users\b-rch_000\desktop\games\warcrafto\war3.exe No File
FirewallRules: [{F188ACA9-B8C6-427D-B6CB-F786306647C6}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{CA72B032-EB88-41DA-8205-B733019CE347}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{7C1370A4-1675-401A-AF36-C039A1091C4E}] => (Allow) D:\Network\EpsonNetSetup\ENEASYAPP.EXE No File
FirewallRules: [{71A7115F-E749-4461-A91A-A16D2C4468B4}] => (Allow) D:\Network\EpsonNetSetup\ENEASYAPP.EXE No File
FirewallRules: [{B3B2299C-6292-43A2-8A4B-F3F4DE13F7E5}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG)
FirewallRules: [{F4AB9C0F-3FFA-4C6D-BDD6-004F2D770F06}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe (Nero AG -> Nero AG)
FirewallRules: [{3394FCC4-8A4F-424E-91F9-2AD79552D9C3}] => (Allow) C:\Program Files (x86)\Nero\KM\MediaHome.exe (Nero AG -> Nero AG)
FirewallRules: [{588257E9-B078-44EF-B4B3-C8EDFB31229B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe (Nero AG -> Nero AG)
FirewallRules: [{B5B7F944-E449-4E53-939E-88C751A70A85}] => (Allow) C:\Program Files (x86)\Music Recorder\Music Recorder 2016\Audials.exe (Audials AG -> Audials AG)
FirewallRules: [{012F39C2-756A-49EC-9CFB-4B59F4A83CFC}] => (Allow) LPort=12972
FirewallRules: [{1B097BA5-4824-48C6-AACB-EE9F96BD76C1}] => (Allow) LPort=14714
FirewallRules: [{74E4364A-36D9-484A-8BF3-A232479CC6B8}] => (Allow) LPort=31931
FirewallRules: [TCP Query User{F77EE276-FF15-40E2-A077-194DA076E398}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{FD7FF32F-09CD-47C8-BD07-396181072391}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{5BCF1DEC-E65C-43D7-9B8C-2FDAF9EE5B2A}C:\users\b-rch_000\desktop\games\warcrafto\eurobattle.net\gproxy.exe] => (Allow) C:\users\b-rch_000\desktop\games\warcrafto\eurobattle.net\gproxy.exe No File
FirewallRules: [UDP Query User{B6367801-E29F-42BE-A110-E86D91F39A1D}C:\users\b-rch_000\desktop\games\warcrafto\eurobattle.net\gproxy.exe] => (Allow) C:\users\b-rch_000\desktop\games\warcrafto\eurobattle.net\gproxy.exe No File
FirewallRules: [{FF1C1A7C-6C2C-4634-9382-B6E1B6C6D8A5}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{4D959454-2380-47A3-A96A-E6CB75C71B86}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{F666BF38-9C6B-4F90-918D-46A58FD7E6DB}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe No File
FirewallRules: [{EF5A4D4C-E0C0-44C7-953C-DA839BB83AB2}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe No File
FirewallRules: [{123CE129-8DDF-45D1-AEED-EE9F459E00B6}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe No File
FirewallRules: [{D3B165A8-7895-4FBD-B07E-D671E338A618}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe No File
FirewallRules: [{863B0884-51BE-4021-9B98-5E412F44607F}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFIFilterSrv.exe No File
FirewallRules: [{3D973B09-ECB8-453C-92B3-58FC4FA57339}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFIFilterSrv.exe No File
FirewallRules: [{30FEA78D-B73A-49E0-95B6-F61BF33A9F69}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFIFilterSrv.exe No File
FirewallRules: [{C03062F2-A78D-49E7-B17D-7300303BCDAE}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFIFilterSrv.exe No File
FirewallRules: [{14804EB3-C673-41BF-AB7F-C2370F0DD28D}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe No File
FirewallRules: [{4CC68653-A382-4DA0-829D-415EE7B18682}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe No File
FirewallRules: [{B7EDF786-5787-46A3-81C5-D9AA96BCD6FB}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe No File
FirewallRules: [{13BB5FD9-CE9B-41B5-BC52-CCF98E289B6E}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe No File
FirewallRules: [{B9C38828-EA69-48EB-8FC7-2FE6C60192A6}] => (Allow) C:\Users\b-rch_000\Desktop\games\Trine 2 - Complete Story\trine2_32bit.exe No File
FirewallRules: [{BD1259C4-0B48-4C07-9419-DECB177DBEE5}] => (Allow) C:\Users\b-rch_000\Desktop\games\Trine 2 - Complete Story\trine2_32bit.exe No File
FirewallRules: [{68B2EE27-8EE9-4F3F-97BF-25E4BA4F4B45}] => (Allow) C:\Users\b-rch_000\Desktop\games\Trine 2 - Complete Story\trine2_32bit.exe No File
FirewallRules: [{901CB6FC-3533-4435-B62C-F5D2A3727C96}] => (Allow) C:\Users\b-rch_000\Desktop\games\Trine 2 - Complete Story\trine2_32bit.exe No File
FirewallRules: [{A7B671B4-AAB7-4091-8B3B-3A7E9C04994B}] => (Allow) C:\Users\b-rch_000\Desktop\games\Snes\snes9x-x64.exe No File
FirewallRules: [{26928858-9B00-49C8-BC1A-A716A95BEC3B}] => (Allow) C:\Users\b-rch_000\Desktop\games\Snes\snes9x-x64.exe No File
FirewallRules: [{4443761B-A52D-47DE-B555-BD500A501991}] => (Allow) C:\Users\b-rch_000\Desktop\games\Snes\snes9x-x64.exe No File
FirewallRules: [{9AEFE6E4-4FFF-4913-9943-CB0D39520F68}] => (Allow) C:\Users\b-rch_000\Desktop\games\Snes\snes9x-x64.exe No File
FirewallRules: [{2D0E70E9-7376-4303-B456-5CB87E3D115E}] => (Allow) C:\Users\b-rch_000\Desktop\games\Snes\zsnesw.exe () [File not signed]
FirewallRules: [{1A7147FA-0EDB-4650-9640-E6E94AAA1BB6}] => (Allow) C:\Users\b-rch_000\Desktop\games\Snes\zsnesw.exe () [File not signed]
FirewallRules: [{193B5D89-E409-488A-A728-B96C50AF5EE4}] => (Allow) C:\Users\b-rch_000\Desktop\games\Snes\zsnesw.exe () [File not signed]
FirewallRules: [{FEA467CC-1858-4962-8C9B-5C09CE775F94}] => (Allow) C:\Users\b-rch_000\Desktop\games\Snes\zsnesw.exe () [File not signed]
FirewallRules: [{53A8B008-F0AF-457D-BABA-CFA0CFE00FDB}] => (Allow) C:\Gravity\Ragnarok Online 2\RO2Client.exe (Gravity Interactive, Inc. -> Gravity)
FirewallRules: [{251F3247-797B-4CBB-83A8-B3805D5A37D2}] => (Allow) C:\Gravity\Ragnarok Online 2\RO2Client.exe (Gravity Interactive, Inc. -> Gravity)
FirewallRules: [{287BB223-D33D-434D-9950-E7FDDD0CF379}] => (Allow) C:\Gravity\Ragnarok Online 2\RO2Client.exe (Gravity Interactive, Inc. -> Gravity)
FirewallRules: [{1B209D0E-F8D5-4B04-A0E9-66B030BAA8AD}] => (Allow) C:\Gravity\Ragnarok Online 2\RO2Client.exe (Gravity Interactive, Inc. -> Gravity)
FirewallRules: [TCP Query User{1A40C12E-74FC-4CC0-B983-11AE02964778}C:\users\grm\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\grm\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{E7C94070-27FD-42CC-A6CB-64E32CCF6E25}C:\users\grm\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\grm\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4863A1EE-58AB-48BF-B526-3FD5EA759F93}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2977C2A3-3D18-455D-9CA7-3BF62E0FAC4A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DDC7CB89-E85C-4534-AC01-1A79E7B08F8E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7139B042-82DF-44D1-8930-61F07212F30B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{307F423D-712E-4634-8A7F-2232E7877092}C:\users\grm\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\grm\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{FACE0B54-5A83-4602-8A49-F7E358EA7B00}C:\users\grm\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\grm\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{81F26435-2556-4384-BE61-CC64935D4CCA}C:\program files (x86)\smart technologies\smart response\responsesoftwareservice.exe] => (Allow) C:\program files (x86)\smart technologies\smart response\responsesoftwareservice.exe (SMART Technologies ULC -> SMART Technologies ULC)
FirewallRules: [UDP Query User{52B16577-9674-4F72-98C6-82A1A9E71592}C:\program files (x86)\smart technologies\smart response\responsesoftwareservice.exe] => (Allow) C:\program files (x86)\smart technologies\smart response\responsesoftwareservice.exe (SMART Technologies ULC -> SMART Technologies ULC)
FirewallRules: [{2E0BE79A-A0A2-49E0-90B4-9F9ADFFFC7E8}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{8AF64ED2-E435-4B61-8278-208615ED4487}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [TCP Query User{12020D68-42E9-42DB-9BA7-29FAEA6D7815}C:\program files (x86)\ibm\spss\statistics\22\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\22\jre\bin\javaw.exe
FirewallRules: [UDP Query User{13694CDC-E5EF-419B-9AC3-C154564B4157}C:\program files (x86)\ibm\spss\statistics\22\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\22\jre\bin\javaw.exe
FirewallRules: [{75E5BE05-193F-4338-88C0-FFB1E3BF1809}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe No File
FirewallRules: [{E1744DD9-5AC6-46D1-9B1A-AB68A3621183}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe No File
FirewallRules: [{59564DD3-9F54-4BFD-A6B1-35F44ED42DA9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel(R) Wireless Connectivity Solutions -> )
FirewallRules: [{360944CA-23A1-4899-8254-B31020E61ACE}] => (Allow) LPort=1688
FirewallRules: [{97614CCB-1926-4DD0-BBCC-A0CEFCE9C947}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [{BCCFFF33-6325-43A7-8E84-F6B130A4FDA3}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe No File
FirewallRules: [TCP Query User{5ABC630A-8915-4814-A4E4-5DFCAD4CD904}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{7460D3D3-8A1D-4660-B407-059FFC9EE51E}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [{C3B9E679-C099-460C-A344-7D2BFFBE9A34}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{5CFBC009-0BE1-4C71-BC30-AC4593DA67C7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{DA17A83A-837B-44F1-A486-1372004DCEE5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B65B312F-A3DF-4C97-8C65-7C81EFEA8B07}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CDAFBA22-E1A4-45A4-A1E0-C45228DF5F53}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{BD986146-D61A-4F10-B513-DD1E613FD895}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{0330CD28-CD78-4573-B1E7-14B77EF550EE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

==================== Restore Points =========================

27-03-2019 15:59:33 Windows Update
03-04-2019 21:11:52 Windows Update
11-04-2019 18:56:17 Punto de control programado
16-04-2019 20:36:32 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2019 02:48:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (04/19/2019 02:43:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: svchost.exe_WbioSrvc, versión: 10.0.17134.556, marca de tiempo: 0xf23cada5
Nombre del módulo con errores: wbiosrvc.dll, versión: 10.0.17134.319, marca de tiempo: 0xa6651c54
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x0000000000002b38
Identificador del proceso con errores: 0x289c
Hora de inicio de la aplicación con errores: 0x01d4f68375ab5723
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\svchost.exe
Ruta de acceso del módulo con errores: c:\windows\system32\wbiosrvc.dll
Identificador del informe: 97ec1535-9704-4cb4-abba-02ea8adedca0
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (04/19/2019 02:23:41 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Producto: Microsoft Office Standard 2013 - la actualización "Update for Microsoft Office 2013 (KB4022212) 64-Bit Edition" no se pudo instalar. Código de error 1603. Windows Installer no puede crear registros para ayudar a solucionar problemas de instalación de paquetes de software. Use el vínculo siguiente para obtener instrucciones sobre la activación de la compatibilidad de registro: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (04/19/2019 02:23:40 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: Microsoft Office Standard 2013 -- Error 1706. El programa de instalación no encuentra los archivos necesarios. Compruebe la conexión de red o la unidad de CD-ROM.    Si desea consultar otras posibles soluciones para este problema, vea SETUP.CHM.

Error: (04/19/2019 02:11:13 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Producto: Microsoft Office Standard 2013 - la actualización "Update for Microsoft Office 2013 (KB4011155) 64-Bit Edition" no se pudo instalar. Código de error 1603. Windows Installer no puede crear registros para ayudar a solucionar problemas de instalación de paquetes de software. Use el vínculo siguiente para obtener instrucciones sobre la activación de la compatibilidad de registro: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (04/19/2019 02:11:12 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Producto: Microsoft Office Standard 2013 -- Error 1706. El programa de instalación no encuentra los archivos necesarios. Compruebe la conexión de red o la unidad de CD-ROM.    Si desea consultar otras posibles soluciones para este problema, vea SETUP.CHM.

Error: (04/19/2019 02:09:43 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe

Error: (04/18/2019 09:56:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa SearchUI.exe, versión 10.0.17134.706, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 1aa4

Hora de inicio: 01d4f5f6c5a8c910

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Identificador de informe: 2560772e-8077-4fc6-9b8f-19dcbd6fd178

Nombre completo de paquete con errores: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy

Identificador de aplicación relativa del paquete con errores: CortanaUI


System errors:
=============
Error: (04/19/2019 02:44:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Servicio biométrico de Windows se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (04/19/2019 02:44:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio NcdAutoSetup.

Error: (04/19/2019 02:43:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio NcdAutoSetup.

Error: (04/19/2019 02:23:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x8024002d: Actualización para Microsoft Office 2013 (KB4022212) Edición de 64 bits.

Error: (04/19/2019 02:17:14 AM) (Source: DCOM) (EventID: 10016) (User: LENOVO)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario Lenovo\b-rch_000 con SID (S-1-5-21-2181589896-435413242-1626352173-1003) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/19/2019 02:16:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Steam Client Service no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (04/19/2019 02:16:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Steam Client Service.

Error: (04/19/2019 02:13:52 AM) (Source: DCOM) (EventID: 10016) (User: LENOVO)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario Lenovo\b-rch_000 con SID (S-1-5-21-2181589896-435413242-1626352173-1003) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2018-12-26 21:26:51.266
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nombre: HackTool:MSIL/AutoKMS
Id.: 2147711767
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\KMSELDI.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.283.1568.0, AS: 1.283.1568.0, NIS: 1.283.1568.0
Versión de motor: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-26 21:26:51.261
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0
Nombre: HackTool:Win32/Keygen
Id.: 2147593794
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Users\GRM\Desktop\Mauricio\Ocio\programa\CorelDrawX7\C0R3LDR4WbLEw\Keygen\Keygen.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.283.1568.0, AS: 1.283.1568.0, NIS: 1.283.1568.0
Versión de motor: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-26 21:26:51.233
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\scripts\Install_Service.cmd
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.283.1568.0, AS: 1.283.1568.0, NIS: 1.283.1568.0
Versión de motor: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-26 21:01:50.266
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Media
Categoría: Herramienta
Ruta de acceso: file:_C:\Program Files\KMSpico\KMSELDI.exe;file:_C:\Program Files\KMSpico\scripts\Install_Service.cmd;file:_C:\Program Files\KMSpico\scripts\Install_Task.cmd;file:_C:\Program Files\KMSpico\scripts\UnInstall_Service.cmd;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1;uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.237.323.0, AS: 1.237.323.0, NIS: 1.237.323.0
Versión de motor: AM: 1.1.13504.0, NIS: 1.1.13504.0

Date: 2018-12-26 21:01:50.262
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0
Nombre: HackTool:Win32/Keygen
Id.: 2147593794
Gravedad: Media
Categoría: Herramienta
Ruta de acceso: file:_C:\Users\GRM\Desktop\Mauricio\Ocio\programa\CorelDrawX7\C0R3LDR4WbLEw\Keygen\Keygen.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.237.323.0, AS: 1.237.323.0, NIS: 1.237.323.0
Versión de motor: AM: 1.1.13504.0, NIS: 1.1.13504.0

Date: 2019-01-09 13:26:52.349
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 1.283.2606.0
Versión de firma anterior: 1.283.1568.0
Origen de actualización: Usuario
Tipo de firma: AntiSpyware
Tipo de actualización: Diferencia
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 1.1.15500.2
Versión de motor anterior: 1.1.15500.2
Código de error: 0x80509004
Descripción del error: Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-01-09 13:26:52.349
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 1.283.2606.0
Versión de firma anterior: 1.283.1568.0
Origen de actualización: Usuario
Tipo de firma: AntiVirus
Tipo de actualización: Diferencia
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 1.1.15500.2
Versión de motor anterior: 1.1.15500.2
Código de error: 0x80509004
Descripción del error: Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

CodeIntegrity:
===================================

Date: 2019-04-05 06:19:15.431
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-03-18 13:16:55.115
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-03-16 19:49:22.294
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-03-07 21:22:51.445
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-03-01 19:48:43.311
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-06 18:09:36.238
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-10 21:11:08.647
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\ashShA64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-26 13:32:08.390
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\b-rch_000\AppData\Local\Programs\Opera\57.0.3098.106\opera.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4300M CPU @ 2.60GHz
Percentage of memory in use: 88%
Total physical RAM: 3973.75 MB
Available physical RAM: 446.54 MB
Total Virtual: 5690.2 MB
Available Virtual: 714.95 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:450.45 GB) (Free:115.91 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{0f645db7-2cfd-46f0-baa3-a8c188fe21b8}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.7 GB) NTFS
\\?\Volume{6a2887a5-b1f4-4a9d-8ba2-b27dac959894}\ (Lenovo_Recovery) (Fixed) (Total:13.96 GB) (Free:3.77 GB) NTFS
\\?\Volume{5b84ec7a-da6d-4849-ae6f-2a99a168b6f1}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 958FF0C5)

Partition: GPT.

==================== End of Addition.txt ============================

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

• Para hacerlo descarga Delfix en tu escritorio.

• Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

• Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

• Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:

Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-2181589896-435413242-1626352173-1001\...\MountPoints2: {46614e19-5870-11e8-8346-e82aeabae7a7} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\...\MountPoints2: {5bf0ff86-257d-11e9-837a-54ee751a2b76} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\MountPoints2: {807d76ed-9049-11e8-835d-e82aeabae7a7} - "E:\Lenovo_Suite.exe" 
SearchScopes: HKU\S-1-5-21-2181589896-435413242-1626352173-1001 -> DefaultScope {1E3E8E29-2926-4497-BB84-1488D85E342C} URL = 
SearchScopes: HKU\S-1-5-21-2181589896-435413242-1626352173-1001 -> {1E3E8E29-2926-4497-BB84-1488D85E342C} URL = 
SearchScopes: HKU\S-1-5-21-2181589896-435413242-1626352173-1003 -> DefaultScope {1E3E8E29-2926-4497-BB84-1488D85E342C} URL = 
SearchScopes: HKU\S-1-5-21-2181589896-435413242-1626352173-1003 -> {1E3E8E29-2926-4497-BB84-1488D85E342C} URL = 
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
2019-04-19 02:07 - 2019-04-19 02:07 - 003520000 _____ (Opera Software) C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_19041907070032415124.dll
2019-04-19 02:07 - 2019-04-19 02:07 - 003520000 _____ (Opera Software) C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_1904190707152454184.dll
2019-04-19 02:09 - 2019-04-19 02:09 - 003520000 _____ (Opera Software) C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_19041907090107510960.dll
2019-04-19 02:09 - 2019-04-19 02:09 - 003520000 _____ (Opera Software) C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_19041907091812110296.dll
2019-04-19 02:21 - 2019-04-19 02:21 - 003520000 _____ (Opera Software) C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_1904190721460397988.dll
ContextMenuHandlers1: [NPDF.ShellExtension] -> {03DDC0E5-AF08-40a2-85B9-FEDF1F4A780C} => C:\Program Files (x86)\Nuance\Power PDF\ShellExt.dll -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
C:\Program Files (x86)\Panda Security
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
Task: {07C893E1-1D56-463D-A404-0BAE279A6F8B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0985FD6B-9EAB-471C-970A-5C59D7BE2275} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0C3B8413-44AF-4488-97EA-8F8FC72C4E20} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1B66FAF0-EC40-438D-817C-4EC9FE68E038} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2BD0CBB1-523D-4A21-9415-CA67634FFA30} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3B54BABA-57A6-41F6-85F9-FC38250791B7} - \WPD\SqmUpload_S-1-5-21-2181589896-435413242-1626352173-1002 -> No File <==== ATTENTION
Task: {69D173B7-39A5-43A5-9F59-EFFC68C78B3D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8743A0C0-5597-4B4F-8AA7-ED0583CAE733} - \WPD\SqmUpload_S-1-5-21-2181589896-435413242-1626352173-1001 -> No File <==== ATTENTION
Task: {96BA7A93-9221-41ED-9224-B4041B959CC0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B1DC0E14-69C4-4FD3-9C4D-BA7125EF5032} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B35A9DD5-9089-44D2-A153-44DC4ED8A05C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B5E3429D-5FBD-4B43-BB60-7392FE7B2E92} - \WPD\SqmUpload_S-1-5-21-2181589896-435413242-1626352173-1003 -> No File <==== ATTENTION
Task: {D49478AF-07DC-4A26-9FF9-5B4D44E33072} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DD5398AE-2E19-45F5-AC23-0BF6651F8DC4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EA472F4D-B3A1-425C-82DF-EB8AD93FFA3D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:F9CFE070 [318]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

• Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro (Aplicable a Windows 10)?, para trabajar desde ese modo de windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2)

• Ejecutas Frst.exe.

• Presionas el botón Fix y aguardas a que termine.

• La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema

Muchisimas gracias por la respuesta! Hice todo lo que pediste y ahora al parecer los anuncios disfrazados de búsquedas de google han desaparecido. Dejo el reporte

Fix result of Farbar Recovery Scan Tool (x64) Version: 18.04.2019
Ran by b-rch_000 (19-04-2019 16:41:11) Run:1
Running from C:\Users\b-rch_000\Desktop
Loaded Profiles: b-rch_000 (Available Profiles: GRM & b-rch_000)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-2181589896-435413242-1626352173-1001\...\MountPoints2: {46614e19-5870-11e8-8346-e82aeabae7a7} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2181589896-435413242-1626352173-1001\...\MountPoints2: {5bf0ff86-257d-11e9-837a-54ee751a2b76} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\...\MountPoints2: {807d76ed-9049-11e8-835d-e82aeabae7a7} - "E:\Lenovo_Suite.exe" 
SearchScopes: HKU\S-1-5-21-2181589896-435413242-1626352173-1001 -> DefaultScope {1E3E8E29-2926-4497-BB84-1488D85E342C} URL = 
SearchScopes: HKU\S-1-5-21-2181589896-435413242-1626352173-1001 -> {1E3E8E29-2926-4497-BB84-1488D85E342C} URL = 
SearchScopes: HKU\S-1-5-21-2181589896-435413242-1626352173-1003 -> DefaultScope {1E3E8E29-2926-4497-BB84-1488D85E342C} URL = 
SearchScopes: HKU\S-1-5-21-2181589896-435413242-1626352173-1003 -> {1E3E8E29-2926-4497-BB84-1488D85E342C} URL = 
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
2019-04-19 02:07 - 2019-04-19 02:07 - 003520000 _____ (Opera Software) C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_19041907070032415124.dll
2019-04-19 02:07 - 2019-04-19 02:07 - 003520000 _____ (Opera Software) C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_1904190707152454184.dll
2019-04-19 02:09 - 2019-04-19 02:09 - 003520000 _____ (Opera Software) C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_19041907090107510960.dll
2019-04-19 02:09 - 2019-04-19 02:09 - 003520000 _____ (Opera Software) C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_19041907091812110296.dll
2019-04-19 02:21 - 2019-04-19 02:21 - 003520000 _____ (Opera Software) C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_1904190721460397988.dll
ContextMenuHandlers1: [NPDF.ShellExtension] -> {03DDC0E5-AF08-40a2-85B9-FEDF1F4A780C} => C:\Program Files (x86)\Nuance\Power PDF\ShellExt.dll -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
C:\Program Files (x86)\Panda Security
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
Task: {07C893E1-1D56-463D-A404-0BAE279A6F8B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0985FD6B-9EAB-471C-970A-5C59D7BE2275} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0C3B8413-44AF-4488-97EA-8F8FC72C4E20} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1B66FAF0-EC40-438D-817C-4EC9FE68E038} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2BD0CBB1-523D-4A21-9415-CA67634FFA30} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3B54BABA-57A6-41F6-85F9-FC38250791B7} - \WPD\SqmUpload_S-1-5-21-2181589896-435413242-1626352173-1002 -> No File <==== ATTENTION
Task: {69D173B7-39A5-43A5-9F59-EFFC68C78B3D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8743A0C0-5597-4B4F-8AA7-ED0583CAE733} - \WPD\SqmUpload_S-1-5-21-2181589896-435413242-1626352173-1001 -> No File <==== ATTENTION
Task: {96BA7A93-9221-41ED-9224-B4041B959CC0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B1DC0E14-69C4-4FD3-9C4D-BA7125EF5032} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B35A9DD5-9089-44D2-A153-44DC4ED8A05C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B5E3429D-5FBD-4B43-BB60-7392FE7B2E92} - \WPD\SqmUpload_S-1-5-21-2181589896-435413242-1626352173-1003 -> No File <==== ATTENTION
Task: {D49478AF-07DC-4A26-9FF9-5B4D44E33072} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DD5398AE-2E19-45F5-AC23-0BF6651F8DC4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EA472F4D-B3A1-425C-82DF-EB8AD93FFA3D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:F9CFE070 [318]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKU\S-1-5-21-2181589896-435413242-1626352173-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46614e19-5870-11e8-8346-e82aeabae7a7}" => not found
HKLM\Software\Classes\CLSID\{46614e19-5870-11e8-8346-e82aeabae7a7} => not found
"HKU\S-1-5-21-2181589896-435413242-1626352173-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bf0ff86-257d-11e9-837a-54ee751a2b76}" => not found
HKLM\Software\Classes\CLSID\{5bf0ff86-257d-11e9-837a-54ee751a2b76} => not found
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{807d76ed-9049-11e8-835d-e82aeabae7a7} => removed successfully
HKLM\Software\Classes\CLSID\{807d76ed-9049-11e8-835d-e82aeabae7a7} => not found
"HKU\S-1-5-21-2181589896-435413242-1626352173-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
"HKU\S-1-5-21-2181589896-435413242-1626352173-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E3E8E29-2926-4497-BB84-1488D85E342C}" => not found
HKLM\Software\Classes\CLSID\{1E3E8E29-2926-4497-BB84-1488D85E342C} => not found
"HKU\S-1-5-21-2181589896-435413242-1626352173-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2181589896-435413242-1626352173-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E3E8E29-2926-4497-BB84-1488D85E342C} => removed successfully
HKLM\Software\Classes\CLSID\{1E3E8E29-2926-4497-BB84-1488D85E342C} => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => removed successfully
"C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_19041907070032415124.dll" => not found
"C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_1904190707152454184.dll" => not found
"C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_19041907090107510960.dll" => not found
"C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_19041907091812110296.dll" => not found
"C:\Users\b-rch_000\AppData\Local\Temp\Opera_installer_1904190721460397988.dll" => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\NPDF.ShellExtension => removed successfully
HKLM\Software\Classes\CLSID\{03DDC0E5-AF08-40a2-85B9-FEDF1F4A780C} => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\UAContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => removed successfully
"C:\Program Files (x86)\Panda Security" => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UAContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07C893E1-1D56-463D-A404-0BAE279A6F8B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07C893E1-1D56-463D-A404-0BAE279A6F8B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0985FD6B-9EAB-471C-970A-5C59D7BE2275}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0985FD6B-9EAB-471C-970A-5C59D7BE2275}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C3B8413-44AF-4488-97EA-8F8FC72C4E20}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3B8413-44AF-4488-97EA-8F8FC72C4E20}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1B66FAF0-EC40-438D-817C-4EC9FE68E038}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B66FAF0-EC40-438D-817C-4EC9FE68E038}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2BD0CBB1-523D-4A21-9415-CA67634FFA30}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BD0CBB1-523D-4A21-9415-CA67634FFA30}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B54BABA-57A6-41F6-85F9-FC38250791B7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B54BABA-57A6-41F6-85F9-FC38250791B7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2181589896-435413242-1626352173-1002" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69D173B7-39A5-43A5-9F59-EFFC68C78B3D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69D173B7-39A5-43A5-9F59-EFFC68C78B3D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8743A0C0-5597-4B4F-8AA7-ED0583CAE733}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8743A0C0-5597-4B4F-8AA7-ED0583CAE733}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2181589896-435413242-1626352173-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96BA7A93-9221-41ED-9224-B4041B959CC0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96BA7A93-9221-41ED-9224-B4041B959CC0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1DC0E14-69C4-4FD3-9C4D-BA7125EF5032}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1DC0E14-69C4-4FD3-9C4D-BA7125EF5032}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B35A9DD5-9089-44D2-A153-44DC4ED8A05C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B35A9DD5-9089-44D2-A153-44DC4ED8A05C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5E3429D-5FBD-4B43-BB60-7392FE7B2E92}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5E3429D-5FBD-4B43-BB60-7392FE7B2E92}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2181589896-435413242-1626352173-1003" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D49478AF-07DC-4A26-9FF9-5B4D44E33072}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D49478AF-07DC-4A26-9FF9-5B4D44E33072}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD5398AE-2E19-45F5-AC23-0BF6651F8DC4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD5398AE-2E19-45F5-AC23-0BF6651F8DC4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA472F4D-B3A1-425C-82DF-EB8AD93FFA3D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA472F4D-B3A1-425C-82DF-EB8AD93FFA3D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
C:\ProgramData\Temp => ":F9CFE070" ADS removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2181589896-435413242-1626352173-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2181589896-435413242-1626352173-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Wi-Fi mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 3 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 4 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Ethernet 2 mientras los medios
est‚n desconectados.

Adaptador de LAN inal mbrica Wi-Fi:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 3:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 4:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Ethernet:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::bdb0:3913:3f97:b61f%24
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.11
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

Adaptador de Ethernet Ethernet 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54498393 B
Java, Flash, Steam htmlcache => 368981943 B
Windows/system/drivers => 235507 B
Edge => 3694 B
Chrome => 4226300 B
Firefox => 32764700 B
Opera => 389143669 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 99399 B
LocalService => 25206 B
LocalService => 0 B
NetworkService => 12252 B
NetworkService => 0 B
GRM => 143846131 B
b-rch_000 => 2243909 B

RecycleBin => 2056 B
EmptyTemp: => 958.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:44:16 ====

Ok, prueba ese 24-48 horas y me comentas cómo va todo

Que tal! Al parecer todo eta solucionado, ya no volvieron a aparecer los anuncios camuflados, muchas gracias!

Para eliminar las herramientas usadas en la desinfección, realizas:

• Descargas y Ejecutas >> Delfix, en tu escritorio.

• Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)

• Marca solamente la casilla Remove disinfection tools

• Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.

Me alegro de haberte podido ayudar!

Este tema se cerró automáticamente 2 días después del último post. No se permiten nuevas respuestas.