Troyano ruso hasta la manija

rancheli · 6 Julio, 2019 18:34

Hola, estoy hasta las manos con un troyano, que hasta me muestra anuncios en Facebook en ruso. he pasado malwarebytes y como que siempre detecta algo y no todo lo elimina, además la pc esta trabajando mucho.

no me deja ingresar a las web de antivirus como malwarebytes, eset … solamente aquí pude ingresar.

que puedo hacer ? aqui les dejo una imagen del aviso de malwarebytes :

y agrego esto:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 6/7/19
Hora del análisis: 15:16
Archivo de registro: 2712b57a-a01a-11e9-b0ab-80fa5b4d2ab7.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.586
Versión del paquete de actualización: 1.0.11432
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.829)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-54N3HAU\CF

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 323037
Amenazas detectadas: 4
Amenazas en cuarentena: 2
Tiempo transcurrido: 13 min, 37 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 4
Adware.MailRu.BatBitRst, C:\USERS\CF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Error durante la eliminación, [337], [481467],1.0.11432
PUP.Optional.MailRu, C:\USERS\CF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Error durante la eliminación, [254], [454830],1.0.11432
PUP.Optional.MailRu, C:\USERS\CF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [254], [454830],1.0.11432
PUP.Optional.MailRu, C:\USERS\CF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [254], [454830],1.0.11432

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

gracias

JavierHF · 6 Julio, 2019 21:26

Buenas @rancheli bienvenido al Foro.

Para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado.

Desactiva temporalmente el Antivirus Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar ) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :

CCleaner + Manual.
Malwarebytes’ Anti-Malware + Manual. revisa en detalle el manual, para que sepas usarlo y configurarlo correctamente.
AdwCleaner + Manual.
Junkware Removal Tool.
Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1] ¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]

Ejecutas las herramientas de una en una y en el orden indicado :

CCleaner.-

Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.
Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.
Realiza un Análisis Completo.
Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.
En el apartado del manual Historial encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

Ejecuta Adwcleaner.exe.
Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.
Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.
El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

Ejecuta JRT.exe.
Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.
Si en algún momento te pide Reiniciar hazlo.
Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

Ejecuta FRST.exe.
En el mensaje de la ventana del Disclaimer, pulsamos Yes
En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Poner los informes en tu próxima respuesta de :

Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado.

Saludos Javier.

rancheli · 8 Julio, 2019 16:00

Hola amigos de momento ya lo he solucionado, tenia secuestrados los DNS, asi que solo tuve que configurar los DNS en automatico y luego volvi a pasar malwarebytes y todo perfecto … muchas gracias a todos !

JavierHF · 8 Julio, 2019 16:04

Hola @rancheli.

Aunque hayas puesto los DNS en automatico, seguro que sigues teniendo las entradas de los DNS infectados dentro del registro de Windows.

Normalmente los antivirus NO suelen verificar o poder ver este tipo de infección/secuestro.

Saca un informe con FRST, siguiendo mis anteriores indicaciones y los pones para verificarlo.

Saludos.

rancheli · 8 Julio, 2019 17:41

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 3-07-2019
Ran by CF (administrator) on DESKTOP-54N3HAU (BANGHO MAX G5) (08-07-2019 14:35:33)
Running from C:\Users\CF\Desktop
Loaded Profiles: CF &  (Available Profiles: CF)
Platform: Windows 10 Home Single Language Version 1803 17134.829 (X64) Language: Español (México)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1905.28.0_x64__8wekyb3d8bbwe\Calculator.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19031.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(CLEVO CO.) [File not signed] C:\Program Files (x86)\Hotkey\HkeyTray.exe
(CLEVO CO.) [File not signed] C:\Program Files (x86)\Hotkey\HotkeyService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
(Intel(R) Trusted Connect Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Logitech Inc -> Logitech Europe S.A.) C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe
(Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(Mega Limited -> Mega Limited) C:\Users\CF\AppData\Local\MEGAsync\MEGAsync.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\CF\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.760_none_eaef1a361d71e348\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16717832 2016-10-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [EikonBoost] => C:\Program Files (x86)\Thomson Reuters\Eikon\Eikon.exe [918848 2019-04-12] (Thomson Reuters -> Thomson Reuters)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5580608 2019-06-24] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [APP_HOTFOLDER] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170228115\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170228709\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\...\Run: [eagleget_setup] => C:\Users\CF\AppData\Local\Temp\is-OTMOV.tmp\eagleget_setup.tmp -V <==== ATTENTION
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9198512 2019-06-25] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\...\Run: [GoogleChromeAutoLaunch_4B814586914C520D2A0E394C53A320E8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1555952 2019-06-17] (Google LLC -> Google LLC)
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411\...\Run: [eagleget_setup] => C:\Users\CF\AppData\Local\Temp\is-OTMOV.tmp\eagleget_setup.tmp -V <==== ATTENTION
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9198512 2019-06-25] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411\...\Run: [GoogleChromeAutoLaunch_4B814586914C520D2A0E394C53A320E8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1555952 2019-06-17] (Google LLC -> Google LLC)
HKLM\...\Drivers32: [VIDC.FICV] => C:\WINDOWS\system32\ficvdec_x64.dll [652288 2013-05-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-28] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-07-06] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{19C7ABD4-4445-48B0-9D02-5A706D080688}] -> C:\Program Files (x86)\Thomson Reuters\Eikon\Eikon.exe [2019-04-12] (Thomson Reuters -> Thomson Reuters)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NewShortcut1.lnk [2017-08-24]
ShortcutTarget: NewShortcut1.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.) [File not signed]
Startup: C:\Users\CF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jarvee.lnk [2019-02-18]
ShortcutTarget: Jarvee.lnk -> C:\Users\CF\Desktop\Jarvee._v2082\Jarvee.exe (No File)
Startup: C:\Users\CF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MassPlanner.lnk [2019-01-27]
ShortcutTarget: MassPlanner.lnk -> C:\Users\CF\Desktop\MassPlanner 2.8.4.3\MassPlannerNew.exe (No File)
Startup: C:\Users\CF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MassPlanner2.lnk [2019-01-27]
ShortcutTarget: MassPlanner2.lnk -> C:\Users\CF\AppData\Roaming\MP\MassPlannerNew.exe (No File)
Startup: C:\Users\CF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-11-22]
ShortcutTarget: MEGAsync.lnk -> C:\Users\CF\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {21F91C67-B8E3-4B7D-9C91-E623D87E8818} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {27903509-AF17-4F12-A37C-077202E8013B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-17] (Dropbox, Inc -> Dropbox, Inc.)
Task: {37D8ADF6-535A-4AC4-B9A8-4947ADDAD2F5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {406AA9B4-7DFA-4B3D-894D-DECD7CD9CD6B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {54E46B8F-D101-402D-8EDB-3BE09216AB94} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-54N3HAU-CF => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {57EB1838-331F-4F45-8C16-B67D494595E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-06] (Google Inc -> Google LLC)
Task: {9F0BC1AC-D9E1-4993-8EB4-0984E663C362} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {A35C5123-BA23-450E-9C27-13A295D082BF} - System32\Tasks\SUPERAntiSpyware Scheduled Task b85c3d23-a35f-47db-bb7b-ba8c90cf1650 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2013-11-07] (SUPERAntiSpyware.com -> SUPERAdBlocker.com)
Task: {A6462F39-CA11-4D7D-A836-77BB488E783A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A9A01CDF-47F6-48EB-836C-0424BB82022E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-17] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C45F5BD7-9A47-43EB-B388-38AF953938E6} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1526051646-4132201309-1756439562-1001 => C:\Users\CF\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-06-05] (Mega Limited -> Mega Limited)
Task: {C79EA1B9-6ED4-4022-BD3B-2C0CF944058F} - System32\Tasks\SUPERAntiSpyware Scheduled Task a6b2c169-2a66-4abe-bf1c-223fe64a8872 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2013-11-07] (SUPERAntiSpyware.com -> SUPERAdBlocker.com)
Task: {CAB88165-ACAC-4D79-B6AD-8C3793900E97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-06] (Google Inc -> Google LLC)
Task: {DB5DA810-6C95-42A4-A174-AC8A477F1778} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task a6b2c169-2a66-4abe-bf1c-223fe64a8872.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b85c3d23-a35f-47db-bb7b-ba8c90cf1650.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.49.130.44 200.42.4.207
Tcpip\..\Interfaces\{3ad9d1aa-0ff3-483c-b97e-2a4447cd0d80}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{65fb8118-56cb-442c-85c8-59a0df41d09f}: [DhcpNameServer] 200.49.130.44 200.42.4.207
Tcpip\..\Interfaces\{845df440-005c-4842-bf03-99124e2db090}: [DhcpNameServer] 200.49.130.28 200.49.130.29 200.49.130.34

Internet Explorer:
==================
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://OEM17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://OEM17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {017D9C33-64F3-472B-ADDA-8C844F0CA0D0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=PRNAM1&pc=NMTE
SearchScopes: HKLM -> {017D9C33-64F3-472B-ADDA-8C844F0CA0D0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=PRNAM1&pc=NMTE
SearchScopes: HKLM-x32 -> DefaultScope {017D9C33-64F3-472B-ADDA-8C844F0CA0D0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=PRNAM1&pc=NMTE
SearchScopes: HKLM-x32 -> {017D9C33-64F3-472B-ADDA-8C844F0CA0D0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=PRNAM1&pc=NMTE
SearchScopes: HKU\S-1-5-21-1526051646-4132201309-1756439562-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
SearchScopes: HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: EGet Class -> {1E871FF8-029C-4732-8AA7-39E3D3872057} -> C:\Program Files (x86)\EagleGet\eagleSniffer.dll [2016-12-22] (Beijing Jiupu Technology Co., Ltd. -> EagleGet.com)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 12uvqoo5.default
FF ProfilePath: C:\Users\CF\AppData\Roaming\Mozilla\Firefox\Profiles\kwmihlku.sebastian [2019-07-06]
FF Homepage: Mozilla\Firefox\Profiles\kwmihlku.sebastian -> audiojungle.net
FF NetworkProxy: Mozilla\Firefox\Profiles\kwmihlku.sebastian -> backup.ftp", ""
FF ProfilePath: C:\Users\CF\AppData\Roaming\Mozilla\Firefox\Profiles\ijzskr7s.gonzalo [2019-07-06]
FF Homepage: Mozilla\Firefox\Profiles\ijzskr7s.gonzalo -> mercadolibre.com.ar
FF NetworkProxy: Mozilla\Firefox\Profiles\ijzskr7s.gonzalo -> backup.ftp", ""
FF ProfilePath: C:\Users\CF\AppData\Roaming\Mozilla\Firefox\Profiles\a9rpsfbg.sergio [2019-07-06]
FF Homepage: Mozilla\Firefox\Profiles\a9rpsfbg.sergio -> yahoo.com.ar/
FF NetworkProxy: Mozilla\Firefox\Profiles\a9rpsfbg.sergio -> backup.ftp", ""
FF ProfilePath: C:\Users\CF\AppData\Roaming\Mozilla\Firefox\Profiles\12uvqoo5.default [2019-07-08]
FF user.js: detected! => C:\Users\CF\AppData\Roaming\Mozilla\Firefox\Profiles\12uvqoo5.default\user.js [2019-07-05]
FF NewTab: Mozilla\Firefox\Profiles\12uvqoo5.default -> hxxps://ar.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180507__yaff
FF HomepageOverride: Mozilla\Firefox\Profiles\12uvqoo5.default -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\12uvqoo5.default -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF NewTabOverride: Mozilla\Firefox\Profiles\12uvqoo5.default -> Enabled: [email protected]
FF Extension: (Blur) - C:\Users\CF\AppData\Roaming\Mozilla\Firefox\Profiles\12uvqoo5.default\Extensions\[email protected] [2019-06-04]
FF Extension: (BlockNote) - C:\Users\CF\AppData\Roaming\Mozilla\Firefox\Profiles\12uvqoo5.default\Extensions\{43c507fe-30de-47e0-8449-3fc7770c0634}.xpi [2018-07-27]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-06] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-06] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-1526051646-4132201309-1756439562-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\CF\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-05-11] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-1526051646-4132201309-1756439562-1001: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2016-08-01] (Beijing Jiupu Technology Co., Ltd. -> EagleGet)
FF Plugin HKU\S-1-5-21-1526051646-4132201309-1756439562-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2018-11-12] (TD Ameritrade -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-1526051646-4132201309-1756439562-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2018-11-12] (TD Ameritrade -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411: @zoom.us/ZoomVideoPlugin -> C:\Users\CF\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-05-11] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2016-08-01] (Beijing Jiupu Technology Co., Ltd. -> EagleGet)
FF Plugin HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2018-11-12] (TD Ameritrade -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2018-11-12] (TD Ameritrade -> TD Ameritrade)

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://mail.ru/cnt/10445?gp=811570","hxxps://www.google.com/"
CHR Profile: C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default [2019-07-08]
CHR Extension: (Google Traductor) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2019-07-06]
CHR Extension: (Presentaciones) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-16]
CHR Extension: (SEOquake) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2019-07-05]
CHR Extension: (Documentos) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-16]
CHR Extension: (Google Drive) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (YouTube) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-16]
CHR Extension: (Facebook Pixel Helper) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2019-02-15]
CHR Extension: (Hojas de cálculo) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-16]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Google Calendar) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2019-03-27]
CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2019-05-28]
CHR Extension: (SEO optimizacion e Internet Marketing) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2018-06-21]
CHR Extension: (SimilarWeb - Traffic Rank & Website Analysis) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoklmmgfnpapgjgcpechhaamimifchmp [2019-06-17]
CHR Extension: (Scan WP - Detect Wordpress Themes and Plugins) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgepgcdhakjacecafilmhdnifekocmcl [2018-03-11]
CHR Extension: (Loom - Video Recorder: Screen, Webcam and Mic) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2019-06-12]
CHR Extension: (PowerAdSpy - Ad Intelligence) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkecaphdplhfmmbkcfnknejeonfnifbn [2019-07-04]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Simple Vimeo Downloader) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaallccmjamifmbnammngacjphelonn [2019-06-06]
CHR Extension: (Downloader for Instagram™ + Direct Message) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkpikmlhoaojbbmmpejnimiglejmboe [2019-07-06]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2019-07-04]
CHR Extension: (Gmail) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-25]
CHR Extension: (Chrome Media Router) - C:\Users\CF\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-06]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\[email protected] [2018-07-02]
CHR HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\[email protected] [2018-07-02]
CHR HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\[email protected] [2018-07-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\[email protected] [2018-07-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe [3367272 2018-11-28] (Intel(R) Software Development Products -> Intel Corporation)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-17] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-17] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-06-24] (Dropbox, Inc -> Dropbox, Inc.)
S2 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [247464 2016-12-22] (Beijing Jiupu Technology Co., Ltd. -> )
S3 EikonUpdateService; C:\Program Files (x86)\Thomson Reuters\Eikon\Y\Bin\EikonDM.exe [339264 2019-04-12] (Thomson Reuters -> )
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [183568 2016-10-06] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-09-14] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 MBAMIService; C:\ProgramData\MB3Install\MBAMIService.exe [231120 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-10-06] (Intel Corporation-Wireless Connectivity Solutions -> )
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-18] (Logitech Inc -> Logitech)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [33280 2016-12-05] (CLEVO CO.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [254568 2016-08-17] (Synaptics Incorporated -> Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-16] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-10-06] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)

rancheli · 8 Julio, 2019 17:42

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AirplaneModeHid; C:\WINDOWS\system32\DRIVERS\AirplaneModeHid.sys [33496 2015-07-17] (Insyde Software Corp. -> Insyde Corporation)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 eagleGet; C:\WINDOWS\System32\Drivers\eagleGet.sys [87192 2016-07-03] (Beijing Jiupu Technology Co., Ltd. -> eagleGet)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [179472 2016-10-06] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-11] (Microsoft Windows -> Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-07-31] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [779232 2016-12-15] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [60008 2016-08-17] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [63592 2016-08-17] (Synaptics Incorporated -> Synaptics Incorporated)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [213216 2018-10-15] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [223000 2018-10-15] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [337632 2019-06-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-08 13:35 - 2019-07-08 13:35 - 000061129 _____ C:\Users\CF\Desktop\adicionalll.txt
2019-07-08 13:23 - 2019-07-08 13:32 - 000061126 _____ C:\Users\CF\Desktop\Addition.txt
2019-07-08 13:19 - 2019-07-08 14:37 - 000038841 _____ C:\Users\CF\Desktop\FRST.txt
2019-07-08 13:18 - 2019-07-08 14:35 - 000000000 ____D C:\FRST
2019-07-08 13:18 - 2019-07-08 13:18 - 002420224 _____ (Farbar) C:\Users\CF\Desktop\FRST64.exe
2019-07-08 13:11 - 2019-06-06 14:14 - 056999272 _____ (LetsExtract Software ) C:\Users\CF\Desktop\LetsExtractSetup.exe
2019-07-08 12:24 - 2019-07-08 12:49 - 000000000 ____D C:\Users\CF\Documents\LetsExtract
2019-07-08 12:05 - 2019-07-08 12:05 - 000000000 ____D C:\Users\CF\AppData\Roaming\LetsExtract Software
2019-07-08 12:05 - 2019-07-08 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LetsExtract Email Studio
2019-07-08 12:04 - 2019-07-08 12:05 - 000000000 ____D C:\Program Files (x86)\LetsExtract Email Studio
2019-07-08 12:02 - 2019-07-08 12:03 - 056541053 _____ C:\Users\CF\Desktop\LetsExtractSetup.zip
2019-07-08 11:31 - 2019-07-08 11:31 - 000000000 ____D C:\ProgramData\MB3Install
2019-07-08 11:30 - 2019-07-08 11:30 - 000000000 ____D C:\ProgramData\MB3Migration
2019-07-08 11:30 - 2019-07-08 11:30 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2019-07-08 10:40 - 2019-07-08 10:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thomson Reuters
2019-07-07 20:12 - 2019-07-07 20:12 - 000281065 _____ C:\Users\CF\Desktop\tomar research internacional 2 semana de julio 2019.odt
2019-07-07 20:12 - 2019-07-07 20:12 - 000281065 _____ C:\Users\CF\Desktop\tomar research internacional 2 semana de julio 2019 (1).odt
2019-07-07 17:29 - 2019-07-07 17:30 - 000010267 _____ C:\Users\CF\Downloads\lumave_com.zip
2019-07-07 10:29 - 2019-07-07 10:29 - 000001076 _____ C:\Users\CF\Desktop\copyyy.txt
2019-07-06 17:21 - 2019-07-06 17:21 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-07-06 17:21 - 2019-07-06 17:21 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-07-06 17:21 - 2019-07-06 17:21 - 000000000 ____D C:\Users\CF\Desktop\Datos viejos de Firefox
2019-07-06 16:41 - 2019-07-06 16:41 - 000002382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-06 16:40 - 2019-07-06 16:40 - 000003556 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-07-06 16:40 - 2019-07-06 16:40 - 000003432 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-07-06 15:50 - 2019-07-06 15:50 - 001151544 _____ (Google LLC) C:\Users\CF\Downloads\ChromeSetup (1).exe
2019-07-06 15:09 - 2019-07-06 15:09 - 000841241 _____ C:\Users\CF\Downloads\rkill.zip
2019-07-06 14:41 - 2019-07-06 14:41 - 000000000 ____D C:\Users\CF\AppData\Local\ElevatedDiagnostics
2019-07-06 14:30 - 2019-07-06 14:32 - 000000000 ____D C:\Users\CF\Desktop\Reto 5-7 - Aprendamos Marketing
2019-07-06 14:13 - 2019-07-06 14:36 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-07-06 14:10 - 2019-07-06 14:10 - 000000000 ____D C:\WINDOWS\pss
2019-07-05 23:05 - 2019-07-06 10:48 - 000000536 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b85c3d23-a35f-47db-bb7b-ba8c90cf1650.job
2019-07-05 23:05 - 2019-07-06 10:48 - 000000536 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task a6b2c169-2a66-4abe-bf1c-223fe64a8872.job
2019-07-05 23:05 - 2019-07-05 23:05 - 000003770 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task a6b2c169-2a66-4abe-bf1c-223fe64a8872
2019-07-05 23:05 - 2019-07-05 23:05 - 000003688 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task b85c3d23-a35f-47db-bb7b-ba8c90cf1650
2019-07-05 23:05 - 2019-07-05 23:05 - 000000000 ____D C:\Users\CF\AppData\Roaming\SUPERAntiSpyware.com
2019-07-05 23:04 - 2019-07-05 23:05 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-07-05 23:04 - 2019-07-05 23:04 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2019-07-05 23:04 - 2019-07-05 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2019-07-05 22:54 - 2019-07-05 22:55 - 042451640 _____ (SUPERAntiSpyware) C:\Users\CF\Downloads\SUPERAntiSpyware.exe
2019-07-05 20:54 - 2019-07-05 22:51 - 000000004 _____ C:\ProgramData\lock.dat
2019-07-05 20:54 - 2019-07-05 22:37 - 000000016 _____ C:\ProgramData\irw.atsd
2019-07-05 20:54 - 2019-07-05 20:54 - 000000008 _____ C:\ProgramData\ts.dat
2019-07-05 20:46 - 2019-07-05 20:46 - 000000000 ____D C:\Users\CF\AppData\Roaming\prunld9277
2019-07-05 20:45 - 2019-07-05 23:01 - 000000000 ____D C:\WINDOWS\System32\Tasks\System
2019-07-05 20:45 - 2019-07-05 20:45 - 000000000 ____D C:\ProgramData\Padur
2019-07-05 20:45 - 2019-07-05 20:45 - 000000000 ____D C:\ProgramData\jslYWaZepO6GsDZ
2019-07-05 20:44 - 2019-07-06 14:28 - 000000000 ____D C:\Users\CF\AppData\Roaming\1337
2019-07-05 20:42 - 2019-07-05 20:42 - 000825856 _____ C:\Default.xml
2019-07-02 11:13 - 2019-07-02 12:53 - 000000153 _____ C:\Users\CF\Desktop\credenciales lumave.txt
2019-07-01 14:32 - 2019-07-01 18:09 - 000000000 ____D C:\Users\CF\Downloads\VIDEOMARKETER - Euge Oller
2019-07-01 14:21 - 2019-07-07 00:37 - 000000000 ____D C:\Users\CF\Downloads\Agencia de Marketing Digital - Revolución Digital
2019-07-01 13:53 - 2019-07-01 14:19 - 000000000 ____D C:\Users\CF\Downloads\3 Cosas que Funcionan Jhon Dani
2019-06-30 12:25 - 2019-06-30 12:26 - 000283096 _____ C:\Users\CF\Desktop\tomar research internacional 1 semana julio 2019.odt
2019-06-29 19:59 - 2019-06-29 19:59 - 003998180 _____ C:\Users\CF\Downloads\Mediafire-VideoMarketing-Euge Oller.pdf
2019-06-27 16:11 - 2019-06-27 16:11 - 003717882 _____ C:\Users\CF\Downloads\El Camino del Lobo.pdf
2019-06-26 13:33 - 2019-06-26 16:39 - 000000000 ____D C:\Users\CF\Downloads\Nick Moreno - Messenger Bots For Entrepreneurs - Procrackteam.com
2019-06-26 11:10 - 2019-06-26 11:10 - 000059904 _____ C:\Users\CF\Downloads\Nuevo Documento de Microsoft Publisher.pub
2019-06-26 11:09 - 2019-06-26 11:11 - 000000000 ____D C:\Users\CF\Downloads\Chatbot para Facebook Messenger-Marria Montt
2019-06-26 11:08 - 2019-06-26 11:21 - 000000000 ____D C:\Users\CF\Downloads\Curso Facebook Messenger Chat Bots
2019-06-24 18:43 - 2019-06-24 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-06-24 18:29 - 2019-06-24 18:52 - 000000000 ____D C:\Users\CF\Downloads\Facebook Expert Secrets
2019-06-24 17:20 - 2019-06-24 18:29 - 000000000 ____D C:\Users\CF\Downloads\Facebook Master
2019-06-24 09:12 - 2019-06-24 09:12 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-06-24 09:12 - 2019-06-24 09:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-06-24 09:12 - 2019-06-24 09:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-06-24 09:12 - 2019-06-24 09:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-06-22 13:08 - 2019-06-22 13:59 - 000000000 ____D C:\Users\CF\Downloads\Escribir para Vender - Maider Tomasena
2019-06-22 11:53 - 2019-06-22 11:53 - 000000000 ____D C:\Users\CF\Downloads\Russell Brunson - Funnel Hacking LIve Notes 2019 - Procrackteam.com
2019-06-21 00:05 - 2019-07-06 17:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-06-20 14:42 - 2019-06-20 15:26 - 000000000 ____D C:\Users\CF\Downloads\Duplica tus Ventas con FB 2019
2019-06-19 15:30 - 2019-06-19 18:52 - 000000000 ____D C:\Users\CF\Downloads\Kevin David - Facebook Ads Ninja Masterclass 2019 - Procrackteam.com
2019-06-18 21:25 - 2019-06-18 21:29 - 000000000 ____D C:\Users\CF\Desktop\Domina los Grupos en Facebook  Crea tu tribu de seguidores
2019-06-18 15:40 - 2019-06-18 15:40 - 000000000 ____D C:\Program Files\UNP
2019-06-18 13:29 - 2019-06-18 13:29 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-06-16 17:38 - 2019-06-23 13:04 - 000022016 _____ C:\Users\CF\Desktop\ggal ok.mwc
2019-06-13 19:58 - 2019-06-14 13:14 - 000000000 ____D C:\Users\CF\Downloads\suprive mastery
2019-06-13 19:53 - 2019-06-13 20:29 - 000000000 ____D C:\Users\CF\Downloads\[ESDMR] 041 Matias Love_ Persuadir es Seducir
2019-06-12 12:00 - 2019-06-07 08:04 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-06-12 12:00 - 2019-06-07 08:04 - 001633136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-06-12 12:00 - 2019-06-07 07:45 - 012756480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-06-12 12:00 - 2019-06-07 07:42 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-06-12 12:00 - 2019-06-07 07:40 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-06-12 12:00 - 2019-06-07 07:40 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-06-12 12:00 - 2019-06-07 07:23 - 001453920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-06-12 12:00 - 2019-06-07 07:19 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-06-12 12:00 - 2019-06-07 07:07 - 011942400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-06-12 12:00 - 2019-06-07 07:04 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-06-12 12:00 - 2019-06-07 07:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-06-12 12:00 - 2019-06-07 03:01 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-06-12 12:00 - 2019-06-07 02:58 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-06-12 12:00 - 2019-06-07 02:58 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-06-12 12:00 - 2019-06-07 02:57 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-06-12 12:00 - 2019-06-07 02:57 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-06-12 12:00 - 2019-06-07 02:57 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-06-12 12:00 - 2019-06-07 02:57 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-06-12 12:00 - 2019-06-07 02:57 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-06-12 12:00 - 2019-06-07 02:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-06-12 12:00 - 2019-06-07 02:46 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-12 12:00 - 2019-06-07 02:46 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-06-12 12:00 - 2019-06-07 02:38 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-06-12 12:00 - 2019-06-07 02:37 - 022019584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-06-12 12:00 - 2019-06-07 02:31 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-06-12 12:00 - 2019-06-07 02:27 - 022718976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-06-12 12:00 - 2019-06-07 02:24 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-06-12 12:00 - 2019-06-07 02:24 - 003400704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-12 12:00 - 2019-06-07 02:22 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-06-12 12:00 - 2019-06-07 02:22 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-06-12 12:00 - 2019-06-07 02:21 - 007588864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-06-12 12:00 - 2019-06-07 02:21 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-06-12 12:00 - 2019-06-07 02:21 - 001778688 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-06-12 12:00 - 2019-06-07 02:21 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-06-12 12:00 - 2019-06-07 02:20 - 002610688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-06-12 12:00 - 2019-06-07 02:20 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-06-12 12:00 - 2019-06-07 02:19 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-06-12 12:00 - 2019-06-07 02:19 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-06-12 12:00 - 2019-06-07 02:19 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-06-12 12:00 - 2019-06-07 02:19 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-06-12 12:00 - 2019-06-07 02:18 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-06-12 12:00 - 2019-06-07 02:18 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-06-12 12:00 - 2019-06-07 02:18 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-06-12 12:00 - 2019-06-07 02:17 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-06-12 12:00 - 2019-06-07 02:17 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-06-12 12:00 - 2019-06-07 02:17 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-06-12 12:00 - 2019-06-07 02:16 - 001102336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-06-12 12:00 - 2019-05-18 19:12 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-06-12 12:00 - 2019-05-17 09:40 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-06-12 12:00 - 2019-05-17 09:27 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-06-12 12:00 - 2019-05-17 09:26 - 004393984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-06-12 12:00 - 2019-05-17 09:25 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-06-12 12:00 - 2019-05-17 09:25 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-06-12 12:00 - 2019-05-17 09:21 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-06-12 12:00 - 2019-05-17 09:00 - 005658112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-06-12 12:00 - 2019-05-17 03:44 - 000550520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-06-12 12:00 - 2019-05-17 03:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-06-12 12:00 - 2019-05-17 03:42 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-06-12 12:00 - 2019-05-17 03:42 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-06-12 12:00 - 2019-05-17 03:42 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-06-12 12:00 - 2019-05-17 03:42 - 001980256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-06-12 12:00 - 2019-05-17 03:42 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-06-12 12:00 - 2019-05-17 03:42 - 001380096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-06-12 12:00 - 2019-05-17 03:30 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-06-12 12:00 - 2019-05-17 03:26 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-06-12 12:00 - 2019-05-17 03:19 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-06-12 12:00 - 2019-05-17 03:19 - 001630720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-06-12 12:00 - 2019-05-17 03:19 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-06-12 12:00 - 2019-05-17 03:18 - 002796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-06-12 12:00 - 2019-05-17 03:08 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-06-12 12:00 - 2019-05-17 03:07 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-06-12 12:00 - 2019-05-17 03:07 - 002768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-06-12 12:00 - 2019-05-17 03:07 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-06-12 12:00 - 2019-05-17 03:07 - 002467320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-06-12 12:00 - 2019-05-17 03:07 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-06-12 12:00 - 2019-05-17 03:07 - 001288712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-06-12 12:00 - 2019-05-17 03:06 - 001943136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-06-12 12:00 - 2019-05-17 03:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-06-12 12:00 - 2019-05-17 02:44 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-12 12:00 - 2019-05-17 02:38 - 004709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-06-12 12:00 - 2019-05-17 02:37 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-06-12 12:00 - 2019-05-17 02:34 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-06-12 12:00 - 2019-05-17 02:34 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-06-12 12:00 - 2019-05-17 02:33 - 003091456 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-06-12 12:00 - 2019-05-17 02:33 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-06-12 12:00 - 2019-05-17 02:33 - 002370560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-06-12 12:00 - 2019-05-17 02:33 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-06-12 12:00 - 2019-05-17 02:31 - 004937216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-06-12 12:00 - 2019-05-17 02:31 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-06-12 12:00 - 2019-05-17 02:31 - 003293184 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-06-12 12:00 - 2019-05-17 02:31 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-06-12 12:00 - 2019-05-17 02:31 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-06-12 12:00 - 2019-05-17 02:31 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-06-12 12:00 - 2019-05-17 02:31 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-06-12 12:00 - 2019-05-17 02:31 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-06-12 12:00 - 2019-05-17 02:31 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-06-12 11:59 - 2019-06-07 07:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-06-12 11:59 - 2019-06-07 07:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-06-12 11:59 - 2019-06-07 07:41 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-06-12 11:59 - 2019-06-07 07:10 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-06-12 11:59 - 2019-06-07 07:04 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-06-12 11:59 - 2019-06-07 03:07 - 000707384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-06-12 11:59 - 2019-06-07 02:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-06-12 11:59 - 2019-06-07 02:58 - 000422416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2019-06-12 11:59 - 2019-06-07 02:58 - 000135176 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-06-12 11:59 - 2019-06-07 02:58 - 000076304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-06-12 11:59 - 2019-06-07 02:57 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-06-12 11:59 - 2019-06-07 02:57 - 000792888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-06-12 11:59 - 2019-06-07 02:57 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-06-12 11:59 - 2019-06-07 02:57 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-06-12 11:59 - 2019-06-07 02:57 - 000494304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-06-12 11:59 - 2019-06-07 02:57 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-06-12 11:59 - 2019-06-07 02:57 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-06-12 11:59 - 2019-06-07 02:57 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-06-12 11:59 - 2019-06-07 02:57 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-06-12 11:59 - 2019-06-07 02:57 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-06-12 11:59 - 2019-06-07 02:57 - 000148280 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-06-12 11:59 - 2019-06-07 02:57 - 000137448 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-06-12 11:59 - 2019-06-07 02:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-06-12 11:59 - 2019-06-07 02:47 - 000380432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-06-12 11:59 - 2019-06-07 02:47 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-06-12 11:59 - 2019-06-07 02:46 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-06-12 11:59 - 2019-06-07 02:46 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-06-12 11:59 - 2019-06-07 02:46 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-06-12 11:59 - 2019-06-07 02:46 - 000357072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-06-12 11:59 - 2019-06-07 02:46 - 000128792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-06-12 11:59 - 2019-06-07 02:24 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-06-12 11:59 - 2019-06-07 02:23 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-06-12 11:59 - 2019-06-07 02:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-06-12 11:59 - 2019-06-07 02:23 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-06-12 11:59 - 2019-06-07 02:22 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-06-12 11:59 - 2019-06-07 02:22 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2019-06-12 11:59 - 2019-06-07 02:22 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2019-06-12 11:59 - 2019-06-07 02:21 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-06-12 11:59 - 2019-06-07 02:21 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-06-12 11:59 - 2019-06-07 02:20 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-06-12 11:59 - 2019-06-07 02:20 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-06-12 11:59 - 2019-06-07 02:19 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-06-12 11:59 - 2019-06-07 02:19 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2019-06-12 11:59 - 2019-06-07 02:16 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-06-12 11:59 - 2019-06-07 02:16 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-06-12 11:59 - 2019-06-07 02:16 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2019-06-12 11:59 - 2019-06-07 01:00 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2019-06-12 11:59 - 2019-05-18 19:12 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-06-12 11:59 - 2019-05-18 19:12 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-06-12 11:59 - 2019-05-18 19:12 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-06-12 11:59 - 2019-05-17 09:44 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-06-12 11:59 - 2019-05-17 09:40 - 000280888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-06-12 11:59 - 2019-05-17 09:25 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-06-12 11:59 - 2019-05-17 09:24 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-06-12 11:59 - 2019-05-17 09:23 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-06-12 11:59 - 2019-05-17 09:22 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-06-12 11:59 - 2019-05-17 09:22 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-06-12 11:59 - 2019-05-17 09:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-06-12 11:59 - 2019-05-17 09:21 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-06-12 11:59 - 2019-05-17 09:21 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
2019-06-12 11:59 - 2019-05-17 09:21 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-06-12 11:59 - 2019-05-17 09:20 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-06-12 11:59 - 2019-05-17 09:19 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-06-12 11:59 - 2019-05-17 09:07 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-06-12 11:59 - 2019-05-17 08:58 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-06-12 11:59 - 2019-05-17 08:56 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-06-12 11:59 - 2019-05-17 08:56 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll
2019-06-12 11:59 - 2019-05-17 08:55 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-06-12 11:59 - 2019-05-17 08:55 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-06-12 11:59 - 2019-05-17 08:55 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2019-06-12 11:59 - 2019-05-17 08:54 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-06-12 11:59 - 2019-05-17 08:54 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-06-12 11:59 - 2019-05-17 06:33 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-06-12 11:59 - 2019-05-17 05:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-06-12 11:59 - 2019-05-17 04:07 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-06-12 11:59 - 2019-05-17 03:44 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-06-12 11:59 - 2019-05-17 03:43 - 000297688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-06-12 11:59 - 2019-05-17 03:42 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-06-12 11:59 - 2019-05-17 03:42 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-06-12 11:59 - 2019-05-17 03:42 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-06-12 11:59 - 2019-05-17 03:23 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-06-12 11:59 - 2019-05-17 03:23 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-06-12 11:59 - 2019-05-17 03:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-06-12 11:59 - 2019-05-17 03:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-06-12 11:59 - 2019-05-17 03:22 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2019-06-12 11:59 - 2019-05-17 03:21 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-06-12 11:59 - 2019-05-17 03:21 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2019-06-12 11:59 - 2019-05-17 03:21 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2019-06-12 11:59 - 2019-05-17 03:20 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-06-12 11:59 - 2019-05-17 03:20 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-06-12 11:59 - 2019-05-17 03:19 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-06-12 11:59 - 2019-05-17 03:19 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-06-12 11:59 - 2019-05-17 03:19 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2019-06-12 11:59 - 2019-05-17 03:18 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-06-12 11:59 - 2019-05-17 03:18 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-06-12 11:59 - 2019-05-17 03:08 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-06-12 11:59 - 2019-05-17 03:08 - 000723432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-06-12 11:59 - 2019-05-17 03:08 - 000401328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-06-12 11:59 - 2019-05-17 03:07 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-06-12 11:59 - 2019-05-17 03:07 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-06-12 11:59 - 2019-05-17 03:07 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-06-12 11:59 - 2019-05-17 03:07 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-06-12 11:59 - 2019-05-17 03:06 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-06-12 11:59 - 2019-05-17 03:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-06-12 11:59 - 2019-05-17 03:06 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-06-12 11:59 - 2019-05-17 03:06 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-06-12 11:59 - 2019-05-17 03:06 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-06-12 11:59 - 2019-05-17 03:06 - 000151888 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-06-12 11:59 - 2019-05-17 03:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-06-12 11:59 - 2019-05-17 02:37 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-06-12 11:59 - 2019-05-17 02:37 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-06-12 11:59 - 2019-05-17 02:36 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-06-12 11:59 - 2019-05-17 02:36 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-06-12 11:59 - 2019-05-17 02:36 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-06-12 11:59 - 2019-05-17 02:36 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-06-12 11:59 - 2019-05-17 02:36 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-06-12 11:59 - 2019-05-17 02:36 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-06-12 11:59 - 2019-05-17 02:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-06-12 11:59 - 2019-05-17 02:35 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-06-12 11:59 - 2019-05-17 02:35 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2019-06-12 11:59 - 2019-05-17 02:35 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-06-12 11:59 - 2019-05-17 02:34 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-06-12 11:59 - 2019-05-17 02:34 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2019-06-12 11:59 - 2019-05-17 02:34 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2019-06-12 11:59 - 2019-05-17 02:34 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-06-12 11:59 - 2019-05-17 02:34 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-06-12 11:59 - 2019-05-17 02:34 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2019-06-12 11:59 - 2019-05-17 02:33 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-06-12 11:59 - 2019-05-17 02:33 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-06-12 11:59 - 2019-05-17 02:33 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2019-06-12 11:59 - 2019-05-17 02:32 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2019-06-12 11:59 - 2019-05-17 02:32 - 000815104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-06-12 11:59 - 2019-05-17 02:31 - 001027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2019-06-12 11:59 - 2019-05-17 02:31 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-06-12 11:59 - 2019-05-17 02:30 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-06-12 11:59 - 2019-05-17 02:30 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-06-12 11:59 - 2019-05-17 02:30 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-06-08 21:23 - 2019-06-08 23:33 - 000000000 ____D C:\Users\CF\Downloads\Venta irresistible

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-08 14:35 - 2018-05-22 20:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-08 14:35 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-08 13:09 - 2019-03-20 15:57 - 000000000 ____D C:\Users\CF\AppData\Local\CEF
2019-07-08 11:31 - 2018-04-11 20:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-08 10:59 - 2019-01-27 16:09 - 000002310 ____H C:\Users\CF\Documents\Default.rdp
2019-07-08 10:39 - 2018-02-20 15:16 - 000000000 ____D C:\Users\CF\AppData\LocalLow\Mozilla
2019-07-08 10:35 - 2018-02-16 13:25 - 000000000 __SHD C:\Users\CF\IntelGraphicsProfiles
2019-07-07 12:35 - 2018-03-15 21:56 - 000000000 ____D C:\Users\CF\AppData\LocalLow\Temp
2019-07-06 18:30 - 2019-02-21 00:05 - 000000000 ____D C:\Users\CF\Desktop\backupss
2019-07-06 17:21 - 2018-02-20 15:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-06 17:01 - 2019-02-07 16:16 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-07-06 17:01 - 2018-05-22 21:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-06 17:00 - 2018-04-11 18:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-07-06 16:51 - 2018-05-06 22:59 - 000000000 ____D C:\Users\CF\AppData\Roaming\Lavasoft
2019-07-06 16:51 - 2018-05-06 22:59 - 000000000 ____D C:\Users\CF\AppData\Local\Lavasoft
2019-07-06 16:51 - 2018-05-06 22:59 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2019-07-06 16:51 - 2018-05-06 22:58 - 000000000 ____D C:\ProgramData\Lavasoft
2019-07-06 16:41 - 2018-02-16 13:33 - 000000000 ____D C:\Program Files (x86)\Google
2019-07-06 16:26 - 2018-06-03 14:41 - 000000000 ____D C:\Users\CF\AppData\Local\D3DSCache
2019-07-06 14:40 - 2018-07-03 22:20 - 000000000 ____D C:\Users\CF\AppData\Roaming\vlc
2019-07-06 14:02 - 2018-05-22 20:48 - 000000000 ____D C:\Users\CF
2019-07-05 23:01 - 2018-12-05 13:58 - 000000000 ____D C:\Program Files (x86)\BROWSEO v3.1.3 (BBHF)
2019-07-05 23:01 - 2018-02-28 14:35 - 000000000 ____D C:\Users\CF\Desktop\MAILS BURSATIL
2019-07-05 20:52 - 2018-03-17 23:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-07-05 20:45 - 2017-03-18 18:03 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-07-05 20:44 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-07-05 20:41 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2019-07-04 17:09 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-01 20:24 - 2019-01-10 23:32 - 000000000 ____D C:\Users\CF\AppData\Local\JDownloader 2.0
2019-06-29 16:27 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-26 23:10 - 2018-05-06 22:58 - 000000000 ____D C:\Users\CF\AppData\Roaming\uTorrent Web
2019-06-26 12:59 - 2018-03-17 23:07 - 000001289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2019-06-24 18:44 - 2018-04-17 16:17 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-06-23 19:27 - 2019-03-19 11:52 - 000000000 ____D C:\Users\CF\Desktop\backup2
2019-06-23 12:28 - 2017-01-21 20:55 - 000000000 ____D C:\Users\CF\Desktop\METAS 2
2019-06-20 20:45 - 2018-02-17 08:07 - 000000000 ____D C:\Program Files\rempl
2019-06-18 13:30 - 2017-08-24 12:54 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-06-18 13:30 - 2017-08-24 12:52 - 000000000 ____D C:\Program Files\Intel
2019-06-14 11:55 - 2018-05-22 21:04 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1526051646-4132201309-1756439562-1001
2019-06-14 11:55 - 2018-05-22 20:48 - 000002365 _____ C:\Users\CF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-14 11:55 - 2018-02-16 13:29 - 000000000 ___RD C:\Users\CF\OneDrive
2019-06-13 11:56 - 2018-05-22 20:56 - 001766294 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-13 11:56 - 2018-04-12 13:18 - 000783498 _____ C:\WINDOWS\system32\perfh00A.dat
2019-06-13 11:56 - 2018-04-12 13:18 - 000152772 _____ C:\WINDOWS\system32\perfc00A.dat
2019-06-13 11:51 - 2018-03-01 22:21 - 000000000 ___RD C:\Users\CF\3D Objects
2019-06-13 11:51 - 2017-04-19 15:18 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-13 11:48 - 2018-05-22 20:42 - 000436864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-06-12 22:54 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-06-12 22:54 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2019-06-12 22:54 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2019-06-12 22:54 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-06-12 22:54 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-06-12 22:54 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-06-12 12:08 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-12 11:59 - 2017-08-24 13:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-06-12 11:53 - 2017-08-24 13:47 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-06-08 21:17 - 2018-11-22 22:43 - 000000000 ____D C:\Users\CF\Documents\MEGAsync Downloads

==================== Files in the root of some directories ================

2019-07-05 20:54 - 2019-07-05 22:51 - 000000004 _____ () C:\ProgramData\lock.dat
2019-07-05 20:54 - 2019-07-05 20:54 - 000000008 _____ () C:\ProgramData\ts.dat
2019-04-20 15:12 - 2019-04-20 15:29 - 000000132 _____ () C:\Users\CF\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2018-06-03 19:17 - 2018-06-03 19:17 - 000001456 _____ () C:\Users\CF\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2018-04-05 05:06 - 2019-03-21 21:35 - 000006656 _____ () C:\Users\CF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-28 15:50 - 2018-09-28 15:50 - 000000000 _____ () C:\Users\CF\AppData\Local\oobelibMkey.log

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

rancheli · 8 Julio, 2019 17:42

y el ultimo:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Ran by CF (08-07-2019 14:37:47)
Running from C:\Users\CF\Desktop
Windows 10 Home Single Language Version 1803 17134.829 (X64) (2018-05-23 00:05:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1526051646-4132201309-1756439562-500 - Administrator - Disabled)
CF (S-1-5-21-1526051646-4132201309-1756439562-1001 - Administrator - Enabled) => C:\Users\CF
DefaultAccount (S-1-5-21-1526051646-4132201309-1756439562-503 - Limited - Disabled)
Invitado (S-1-5-21-1526051646-4132201309-1756439562-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1526051646-4132201309-1756439562-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Issue 9.1 (HKLM-x32\...\{246F5C1B-059C-4338-BCD9-19B72B1FAE41}) (Version: 9.1.4 - 3D Issue Ltd) Hidden
3D Issue 9.1 (HKLM-x32\...\3D Issue 9.1) (Version: 9.1.4 - 3D Issue Ltd)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 3.9.1 - Mirillis)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Bridge CC (HKLM-x32\...\{B42E718A-AAE9-4C7D-8990-2AE4C4FE87DF}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.10 - Adobe Systems Incorporated)
Advanced GET EOD (HKLM-x32\...\{68E0FD0F-6392-40EA-9AB3-1245DBA49555}) (Version: 9.1 - eSignal)
Airplane Mode Hid Installer (HKLM-x32\...\{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 5.0.0.2 - )
ATAS (HKLM-x32\...\{9744BAB0-F9A7-40EF-AF45-6271FD3AB7BA}_is1) (Version:  - OrderFlowTrading.NET)
Ava MetaTrader (HKLM-x32\...\Ava MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
Boxshot (HKLM\...\Boxshot) (Version: 4.14.2 - Appsforlife Ltd)
BROWSEO v3.1.3 (BBHF) version 3.1.3 (HKLM-x32\...\{7471601F-8134-4600-81FB-E0980E16D6FB}_is1) (Version: 3.1.3 - Browz.io)
calibre (HKLM-x32\...\{1E7FE48B-D11C-4B7A-BEEE-461ECC16BAAA}) (Version: 3.44.0 - Kovid Goyal)
Camtasia Studio 8 (HKLM-x32\...\{2B1F8DD0-873D-4AC3-8400-766F255FE263}) (Version: 8.1.0.1281 - TechSmith Corporation)
Configuración de cámara Logitech (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
Control Center 5.0001.1.23 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 5.0001.1.23 - )
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (HKLM\...\{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}) (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (HKLM-x32\...\{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (HKLM-x32\...\{CA3861BA-1D96-4D66-B577-318E1602C4F3}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (HKLM-x32\...\{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (HKLM-x32\...\{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (HKLM-x32\...\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - ES (HKLM-x32\...\{68EE5C41-2F79-4F36-BE85-22A814F55AF7}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (HKLM-x32\...\{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (HKLM-x32\...\{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (HKLM-x32\...\{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (HKLM-x32\...\{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (HKLM-x32\...\{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (HKLM-x32\...\{59123CCF-FED2-46FF-9293-D1DC80042219}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (HKLM-x32\...\{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (HKLM-x32\...\{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (HKLM-x32\...\{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (HKLM-x32\...\{260ED378-2B8C-4831-ADAE-D0712D119AC5}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (HKLM-x32\...\{9244E956-5939-4B88-930C-0699D4AB2B95}) (Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (HKLM-x32\...\{B399C91E-96F2-4265-9884-1C9A10E9FCF4}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
Cover Commander versión 5.5.0 (HKLM-x32\...\{98E713B1-7825-4B6B-8F10-5EDC1102816D}_is1) (Version: 5.5.0 - Insofta Development)
Darwinex MT4 (HKLM-x32\...\Darwinex MT4) (Version: 4.00 - MetaQuotes Software Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 75.4.141 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
EagleGet version 2.0.4.19 (HKLM-x32\...\{F6D8142A-B30B-454B-9EE0-08A7B997DFE4}_is1) (Version: 2.0.4.19 - EagleGet)
Epic Pen version v3.6.0.0 (HKLM-x32\...\Epic Pen_is1) (Version: v3.6.0.0 - TANK Studios)
eSignal (HKLM\...\{B52F18C1-0249-49C4-A40D-686BBA09709F}) (Version: 12.7.4540.617 - Interactive Data)
FonePaw Grabador de Pantalla 1.10.0 (HKLM-x32\...\{B3975585-8333-4F6A-AFBD-490F7D7243D3}_is1) (Version: 1.10.0 - FonePaw)
Free Svg Viewer (HKLM-x32\...\{E41E4918-BE0E-4E5F-B40A-F0055D437792}) (Version: 1.0.0 - Free Picture Solutions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.4.0.3 - Insyde Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6373 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{39638376-A270-445E-89B2-9B7A3358D2B6}) (Version: 19.11.1639.0649 - Intel Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jigsaw Trading Tools (HKLM-x32\...\Jigsaw Trading Tools) (Version:  - JigsawTrading)
JigsawTools (HKLM-x32\...\JigsawTools v5.7 (WWW.FOREX-WAREZ.COM)_is1) (Version: 5.7 - www.forex-warez.com)
LetsExtract Email Studio versión 5.1 (HKLM-x32\...\{A0268B4C-9D2E-40DC-B76B-0DC27B3D6716}_is1) (Version: 5.1 - LetsExtract Software)
Local by Flywheel 2.4.6 (HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\...\67ab15dc-0a8b-5db2-8ebe-bd4994c956f6) (Version: 2.4.6 - Flywheel)
Local by Flywheel 2.4.6 (HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411\...\67ab15dc-0a8b-5db2-8ebe-bd4994c956f6) (Version: 2.4.6 - Flywheel)
Logitech Capture (HKLM\...\Capture) (Version: 1.0.553 - Logitech)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
MetaStock Pro Retail Add-on (HKLM-x32\...\{15BE56A3-336C-487C-9851-39F674315156}) (Version: 15.00.4330 - Innovative Market Analysis)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - ESN (HKLM-x32\...\{6D972506-DC01-39BC-A5DD-06DA86E00031}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - ESN (HKLM-x32\...\{4A28444E-0532-3264-B07D-5AFE590E30BE}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 67.0.4 (x64 es-AR) (HKLM\...\Mozilla Firefox 67.0.4 (x64 es-AR)) (Version: 67.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.4 - Mozilla)
Mozilla Thunderbird 60.7.2 (x86 es-AR) (HKLM-x32\...\Mozilla Thunderbird 60.7.2 (x86 es-AR)) (Version: 60.7.2 - Mozilla)
MTPredictor 8 (32-bit) (HKLM-x32\...\MTPredictor 8 (32-bit)_is1) (Version: 8.0.0.8 - MTPredictor, Ltd.)
MTPredictor Addons for NinjaTrader 8 v8.0.11.0 (HKLM-x32\...\{18B14704-0805-4D4B-8E6A-5F34FC9EB87B}_is1) (Version: 8.0.11.0 - MTPredictor, Ltd.)
Multilogin version 2.3.565 (HKLM-x32\...\Multilogin_is1) (Version: 2.3.565 - Multiloginapp.com)
MySQL Connector/ODBC 8.0 (HKLM\...\{23E46103-4512-46CE-99DD-F3B75B20F22C}) (Version: 8.0.12 - Oracle Corporation)
NinjaTrader 7 (HKLM-x32\...\{772B1187-7608-4ECF-A2CF-73B5EDE1D853}) (Version: 7.0.1039 - NinjaTrader)
NinjaTrader 8 (HKLM-x32\...\{5886B905-0F79-4710-9FDF-61B6472A7401}) (Version: 8.0.12.0 - NinjaTrader, LLC)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.1.0 - OBS Project)
Oracle VM VirtualBox 5.2.20 (HKLM\...\{B7EC6E32-AA9F-4EC8-ACE6-1DCECE6E4C08}) (Version: 5.2.20 - Oracle Corporation)
Paquete de controladores de Windows - Insyde (AirplaneModeHid) HIDClass  (07/14/2015 1.4.0.3) (HKLM\...\F6EE2AD6575789BFA9536FE4637A2E06B7F2DD0F) (Version: 07/14/2015 1.4.0.3 - Insyde)
RapidTraderPro (HKLM-x32\...\RapidTraderPro v1.0 (WWW.FOREX-WAREZ.COM)_is1) (Version: 1.0 - www.forex-warez.com)
RapidTraderPro (HKLM-x32\...\RapidTraderPro1.0.1.10) (Version: 1.0.1.10 - Jigsaw Trading)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21294 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7968 - Realtek Semiconductor Corp.)
Revisión para Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{6D972506-DC01-39BC-A5DD-06DA86E00031}.KB947789) (Version: 1 - Microsoft Corporation)
Software Intel® PROSet/Wireless (HKLM-x32\...\{aa2c2346-d0c0-4d3e-9ab1-11a48b4cb9f3}) (Version: 19.20.3 - Intel Corporation)
Sparkol VideoScribe (HKLM-x32\...\{0998FB32-1208-49AC-A8C8-2B462FE040EF}) (Version: 2.3.2002 - Sparkol) Hidden
Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.3.2002) (Version: 2.3.2002 - Sparkol)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1040 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.31 - Synaptics Incorporated)
TBS Cover Editor 2.6.1 (HKLM-x32\...\{0F99457D-9D88-4CB8-8E7D-5B7C464CA8CE}}_is1) (Version: 2.6.1 - trueboxshot.com)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.9025 - TeamViewer)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Thomson Reuters Eikon (HKLM-x32\...\{19C7ABD4-4445-48B0-9D02-5A706D080688}) (Version: 4.0.48064 - Thomson Reuters)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
uTorrent Web (HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\...\utweb) (Version: 0.16.0 - BitTorrent, Inc.)
uTorrent Web (HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411\...\utweb) (Version: 0.16.0 - BitTorrent, Inc.)
Vector Magic (HKLM-x32\...\Vector Magic) (Version: 1.15 - Vector Magic, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Web Companion (HKLM-x32\...\{abfa1078-adcf-440e-ab78-86aac928e1b8}) (Version: 4.2.1846.3481 - Lavasoft)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wondershare Filmora9(Build 9.0.8) (HKLM\...\Wondershare Filmora9_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\...\ZoomUMX) (Version: 4.4 - Zoom Video Communications, Inc.)
Zoom (HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411\...\ZoomUMX) (Version: 4.4 - Zoom Video Communications, Inc.)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-27] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.6.3.0_x86__kgqvnymyfvs32 [2019-06-13] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.142.300.0_x86__kgqvnymyfvs32 [2019-06-26] (king.com)
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa [2019-05-28] (Apple Inc.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.1.0.6_x86__h6adky7gbf63m [2019-06-18] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11723.0_x64__8wekyb3d8bbwe [2019-06-26] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-17] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.11.402.0_x64__8wekyb3d8bbwe [2019-05-24] (Microsoft Studios)
MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2018-10-16] (Samsung Electronics Co. Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0 [2019-06-28] (Spotify AB)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1526051646-4132201309-1756439562-1001_Classes\CLSID\{6C357D1A-949F-452A-B85B-9E3759A5B592}\InprocServer32 -> C:\Program Files (x86)\Thomson Reuters\Eikon\X\Bin\Apps\TR.OFFICE.CORE\0.0.0.0\Bin\Eikon.Office.Automation64.dll (Thomson Reuters -> Thomson Reuters)
CustomCLSID: HKU\S-1-5-21-1526051646-4132201309-1756439562-1001_Classes\CLSID\{BF52341B-8845-48DB-B2D2-58002DC9EE73}\InprocServer32 -> C:\Program Files (x86)\Thomson Reuters\Eikon\X\Bin\Apps\TR.OFFICE.CORE\0.0.0.0\Bin\Eikon.Office.Automation64.dll (Thomson Reuters -> Thomson Reuters)
CustomCLSID: HKU\S-1-5-21-1526051646-4132201309-1756439562-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\CF\Documents\Dropbox [2018-07-18 09:58]
CustomCLSID: HKU\S-1-5-21-1526051646-4132201309-1756439562-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1526051646-4132201309-1756439562-1001_Classes\CLSID\{F42131D8-85D4-4C85-9E3C-AE39692FB621}\InprocServer32 -> C:\Program Files (x86)\Thomson Reuters\Eikon\X\Bin\Apps\TR.OFFICE.CORE\0.0.0.0\Bin\Eikon.Office.Automation64.dll (Thomson Reuters -> Thomson Reuters)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6722448 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\CF\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\CF\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\CF\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\CF\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\CF\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\CF\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\CF\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\CF\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\CF\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\CF\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> )
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxDTCM.dll [2018-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-03-17 12:03 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2019-03-17 12:03 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-08-24 12:57 - 2017-03-09 17:01 - 001575424 _____ (CLEVO CO.) [File not signed] C:\Program Files (x86)\Hotkey\HkeyTray.exe
2017-08-24 12:57 - 2016-12-05 16:51 - 000033280 _____ (CLEVO CO.) [File not signed] C:\Program Files (x86)\Hotkey\HotkeyService.exe
2017-09-14 03:37 - 2017-09-14 03:37 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Users\CF\AppData\Local\MEGAsync\imageformats\qgif.dll
2017-09-14 03:42 - 2017-09-14 03:42 - 000033280 _____ (The Qt Company Ltd) [File not signed] C:\Users\CF\AppData\Local\MEGAsync\imageformats\qicns.dll
2017-09-14 03:37 - 2017-09-14 03:37 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\Users\CF\AppData\Local\MEGAsync\imageformats\qico.dll
2017-09-14 03:37 - 2017-09-14 03:37 - 000245760 _____ (The Qt Company Ltd) [File not signed] C:\Users\CF\AppData\Local\MEGAsync\imageformats\qjpeg.dll
2017-09-14 03:42 - 2017-09-14 03:42 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Users\CF\AppData\Local\MEGAsync\imageformats\qsvg.dll
2017-09-14 03:42 - 2017-09-14 03:42 - 000020992 _____ (The Qt Company Ltd) [File not signed] C:\Users\CF\AppData\Local\MEGAsync\imageformats\qtga.dll
2017-09-14 03:42 - 2017-09-14 03:42 - 000316416 _____ (The Qt Company Ltd) [File not signed] C:\Users\CF\AppData\Local\MEGAsync\imageformats\qtiff.dll
2017-09-14 03:42 - 2017-09-14 03:42 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\Users\CF\AppData\Local\MEGAsync\imageformats\qwbmp.dll
2017-09-14 03:42 - 2017-09-14 03:42 - 000322560 _____ (The Qt Company Ltd) [File not signed] C:\Users\CF\AppData\Local\MEGAsync\imageformats\qwebp.dll
2017-09-14 03:37 - 2017-09-14 03:37 - 001010688 _____ (The Qt Company Ltd) [File not signed] C:\Users\CF\AppData\Local\MEGAsync\platforms\qwindows.dll
2017-08-24 12:58 - 2016-10-11 13:52 - 002061824 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\Hotkey\audio10ec.dll
2017-08-24 12:58 - 2016-10-11 20:01 - 002037248 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\Hotkey\powerlife.dll
2019-03-17 12:03 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-10-10 23:03 - 2019-05-10 13:51 - 000002255 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1                   65.52.240.48
127.0.0.1                   activation.cloud.techsmith.com
127.0.0.1 platform.wondershare.com
127.0.0.1	www.cursowordpress.dev.cc
127.0.0.1	marketingcursos.dev.cc
127.0.0.1 loc1.mtpredictor.com
127.0.0.1 loc2.mtpredictor.com
127.0.0.1 mtploc2.co.uk
127.0.0.1 mtploc3.co.uk
127.0.0.1 cbs.wondershare.com
127.0.0.1 www.cbs.wondershare.com
127.0.0.1 platform.wondershare.com
127.0.0.1 www.wondershare.com
192.168.95.100 marketingcursos.local #Local Site
192.168.95.100 www.marketingcursos.local #Local Site
192.168.95.100 membersitemigration.local #Local Site
192.168.95.100 www.membersitemigration.local #Local Site
192.168.95.100 membersitelearndash.local #Local Site
192.168.95.100 www.membersitelearndash.local #Local Site
192.168.95.100 learnidesdecero.local #Local Site
192.168.95.100 www.learnidesdecero.local #Local Site
192.168.95.100 avadatheme.local #Local Site
192.168.95.100 www.avadatheme.local #Local Site
192.168.95.100 comoinvertirenbolsa.local #Local Site
192.168.95.100 www.comoinvertirenbolsa.local #Local Site
192.168.95.100 probamoss.local #Local Site
192.168.95.100 www.probamoss.local #Local Site

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170228115\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170228709\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 200.49.130.44 - 200.42.4.207
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "Dropbox"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8EC6E6EA-CE2D-4EB6-A7DA-CECEF109F95D}] => (Allow) C:\Users\CF\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{80E6E243-2758-4AF2-A7FA-BCA597236F89}] => (Allow) C:\Users\CF\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{111769CD-51A3-44E2-8B79-6F69D4E06481}C:\program files (x86)\common files\interactive data\dm\winros.exe] => (Allow) C:\program files (x86)\common files\interactive data\dm\winros.exe (Interactive Data Corporation -> Interactive Data) [File not signed]
FirewallRules: [TCP Query User{D1BB5A51-7880-43B0-8800-450F5836CE22}C:\program files (x86)\common files\interactive data\dm\winros.exe] => (Allow) C:\program files (x86)\common files\interactive data\dm\winros.exe (Interactive Data Corporation -> Interactive Data) [File not signed]
FirewallRules: [UDP Query User{0FF8E51B-0D34-432E-8E08-2600FA4948F1}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe (NinjaTrader) [File not signed]
FirewallRules: [TCP Query User{8A506863-0DE8-4913-9FC7-918F53235412}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe (NinjaTrader) [File not signed]
FirewallRules: [{CDD7893A-A930-4118-AD2E-C5C7C4E4C19F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{A7D7A3E3-95E8-4577-ADE4-F0F2319A3D75}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{84A37169-61C6-49DB-9D47-FF72A02E5D83}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Block) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe (NinjaTrader) [File not signed]
FirewallRules: [UDP Query User{D21BEAD4-A484-4FA4-923D-A9D1A009A3D9}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Block) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe (NinjaTrader) [File not signed]
FirewallRules: [TCP Query User{81C3A036-9F6C-4DDD-9225-804470F4B000}C:\bitnami\wordpress-4.9.6-0\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wordpress-4.9.6-0\apache2\bin\httpd.exe No File
FirewallRules: [UDP Query User{11E479A3-3508-4732-9455-EF57FC56C589}C:\bitnami\wordpress-4.9.6-0\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wordpress-4.9.6-0\apache2\bin\httpd.exe No File
FirewallRules: [TCP Query User{94892045-F69E-4C48-8466-C19479EDEF81}C:\xampplite\apache\bin\httpd.exe] => (Allow) C:\xampplite\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{87A06483-A635-4B6F-9BE9-3C6B692B9073}C:\xampplite\apache\bin\httpd.exe] => (Allow) C:\xampplite\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{C0CF1AFB-3F61-419B-BDD3-9207213E871A}C:\xampplite\mysql\bin\mysqld.exe] => (Allow) C:\xampplite\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [UDP Query User{FCFD149B-8171-41BF-8F9C-500DE44984D3}C:\xampplite\mysql\bin\mysqld.exe] => (Allow) C:\xampplite\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [TCP Query User{2939F085-9880-4EF8-966E-1EFCFCAF3636}C:\program files (x86)\multilogin\multilogin.exe] => (Allow) C:\program files (x86)\multilogin\multilogin.exe (Multilogin Ltd. -> Multilogin Ltd.)
FirewallRules: [UDP Query User{51082932-9528-464F-A456-703101478F63}C:\program files (x86)\multilogin\multilogin.exe] => (Allow) C:\program files (x86)\multilogin\multilogin.exe (Multilogin Ltd. -> Multilogin Ltd.)
FirewallRules: [TCP Query User{5EF001E2-58D8-4E12-867E-FCC58FF37C46}C:\users\cf\.multiloginapp.com\data\deps\com\multiloginapp\browser-mimic\61.180\browser-mimic-61.180-win64.tar.gz\chromedriver.exe] => (Allow) C:\users\cf\.multiloginapp.com\data\deps\com\multiloginapp\browser-mimic\61.180\browser-mimic-61.180-win64.tar.gz\chromedriver.exe (Multilogin Ltd. -> )
FirewallRules: [UDP Query User{574ED525-7DE2-4494-8595-D5CF8D251DA4}C:\users\cf\.multiloginapp.com\data\deps\com\multiloginapp\browser-mimic\61.180\browser-mimic-61.180-win64.tar.gz\chromedriver.exe] => (Allow) C:\users\cf\.multiloginapp.com\data\deps\com\multiloginapp\browser-mimic\61.180\browser-mimic-61.180-win64.tar.gz\chromedriver.exe (Multilogin Ltd. -> )
FirewallRules: [TCP Query User{158D331A-72F3-4A95-B873-1DBB11ABE2A1}C:\program files (x86)\ultimate pluginz\5.0\5.50.0.0\investor.exe] => (Allow) C:\program files (x86)\ultimate pluginz\5.0\5.50.0.0\investor.exe No File
FirewallRules: [UDP Query User{15AC1EAC-3008-49D5-A666-3F5838EC2446}C:\program files (x86)\ultimate pluginz\5.0\5.50.0.0\investor.exe] => (Allow) C:\program files (x86)\ultimate pluginz\5.0\5.50.0.0\investor.exe No File
FirewallRules: [TCP Query User{992353BE-5D14-482E-9A9A-5CF496C66D65}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe (NinjaTrader LLC, hxxp://www.ninjatrader.com) [File not signed]
FirewallRules: [UDP Query User{7D417429-2466-4736-B63C-2E625CC5B733}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe (NinjaTrader LLC, hxxp://www.ninjatrader.com) [File not signed]
FirewallRules: [{52CE1D61-69B2-4DE7-8332-E340D7478BED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{F9159008-2562-492E-A22A-40DB55D0E16F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{D776D01B-6BEC-4CBE-9B26-464B9845C1F3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{987B92B9-5323-439A-B42F-DD5403D33D98}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{AA649454-9573-438F-83A5-491B7D819780}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4E838A8D-21AC-4B93-AA2D-1CA7D1C2C332}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C619FC28-02B4-46CD-B2E3-B27B4C61BFE5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{40AE170C-6DDF-4106-BBA3-87F7D21A2C65}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4F026343-8CC9-4B5C-B8F0-9EB5F0BEC894}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9E1AA190-1562-480F-B25B-657CD0E96AF3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A8CE3493-1FB2-4DA2-B650-F3CABE2518D9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{714957EF-8D2D-40AC-9FCC-88F6200F1BCB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BF6FF1B1-D8CC-41CA-9BAF-39A7F5C817B7}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{833C853C-A9DB-40A5-9E76-9DB36D46FE5C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D3F877B1-F534-447D-AF64-C12062A00D0F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4A51E32E-669B-4152-87F5-5DDFDCF74ECD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8555ED24-F108-4852-85AE-64A0C4461CAE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3C451A5B-BA74-42B2-8AA4-70B50726BF95}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B6777A76-C081-4C22-A111-EA01BDD2DE17}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2F0FF4E0-9564-4625-8A6C-15D48789609E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{53AE4E72-1ED3-40BE-BC30-921729092D19}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B7B30C1F-4491-4F89-870E-83E30F18EF63}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{09CE300F-6B35-4D97-A8C4-3CAA79934338}] => (Allow) C:\Program Files (x86)\LetsExtract Email Studio\LetsExtract.exe (Proma Grupp, OOO -> LetsExtract Software)
FirewallRules: [{CBDD5E06-A632-4778-A33D-85BEB5007E01}] => (Allow) C:\Program Files (x86)\LetsExtract Email Studio\LetsExtract.exe (Proma Grupp, OOO -> LetsExtract Software)

==================== Restore Points =========================

26-06-2019 16:22:20 Punto de control programado
05-07-2019 21:56:11 Punto de control programado

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2019 05:57:55 PM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.

Error: (07/06/2019 05:57:55 PM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.

Error: (07/06/2019 05:21:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\Mozilla Firefox\firefox.exe".
No se encontró el ensamblado dependiente mozglue,language="&#x2a;",type="win32",version="1.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.

Error: (07/06/2019 02:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamtray.exe, versión: 3.1.0.1807, marca de tiempo: 0x5cc0b4e2
Nombre del módulo con errores: Qt5Core.dll, versión: 5.11.1.0, marca de tiempo: 0x5cba0161
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0018dc19
Identificador del proceso con errores: 0x1c9c
Hora de inicio de la aplicación con errores: 0x01d5341cbefcd9aa
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Identificador del informe: 428a9f9b-848e-4062-9469-335e047382da
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (07/06/2019 02:02:52 PM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.

Error: (07/06/2019 02:02:52 PM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.

Error: (07/05/2019 10:49:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: firefox.exe, versión: 0.0.0.0, marca de tiempo: 0x5d0adee5
Nombre del módulo con errores: xul.dll, versión: 0.0.0.0, marca de tiempo: 0x5d0ae005
Código de excepción: 0x80000003
Desplazamiento de errores: 0x00000000045481bc
Identificador del proceso con errores: 0x320
Hora de inicio de la aplicación con errores: 0x01d5339cd18e840d
Ruta de acceso de la aplicación con errores: C:\Program Files\Mozilla Firefox\firefox.exe
Ruta de acceso del módulo con errores: C:\Program Files\Mozilla Firefox\xul.dll
Identificador del informe: 1f0a0b48-de55-429d-b440-822b9f7ea3eb
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (07/05/2019 08:46:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: lxQGkNsJqq.exe, versión: 1.0.1098.31, marca de tiempo: 0x5d1fa098
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x6f697463
Identificador del proceso con errores: 0x2adc
Hora de inicio de la aplicación con errores: 0x01d5338b3b89daaf
Ruta de acceso de la aplicación con errores: C:\Users\CF\AppData\Local\Temp\is-90DR5.tmp\lxQGkNsJqq.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: ace3de9f-2efd-472c-9948-8e205cc62c03
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:


System errors:
=============
Error: (07/08/2019 10:43:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (07/08/2019 10:38:40 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-54N3HAU)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-54N3HAU\CF con SID (S-1-5-21-1526051646-4132201309-1756439562-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0 (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (07/08/2019 10:38:14 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Error de DCOM "1053" al intentar iniciar el servicio gupdate con argumentos "/comsvc" para ejecutar el servidor:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/08/2019 10:38:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Google Update Servicio (gupdate) no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (07/08/2019 10:38:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Google Update Servicio (gupdate).

Error: (07/08/2019 10:37:48 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-54N3HAU)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-54N3HAU\CF con SID (S-1-5-21-1526051646-4132201309-1756439562-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (07/08/2019 10:37:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (07/08/2019 10:35:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2019-07-01 16:04:40.528
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {6CF5A3AC-E0A2-4D92-AB5B-69FC99C92C5A}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-06-30 21:54:44.975
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {F9DF8C32-3FB3-483C-8F53-EE40DD70093E}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-06-21 20:14:10.449
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {7A3F82CC-B70A-4B24-BCCA-915C03F00D51}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-06-21 13:02:39.790
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {0BF89477-2B00-43AE-96CE-1E17158A47E4}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-06-18 13:24:24.635
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {16C208E2-E123-47F2-8402-96C152179B49}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-07-06 14:47:24.069
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.297.539.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16100.4
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 

Date: 2019-07-06 14:37:20.546
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-07-06 14:24:48.297
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.297.539.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16100.4
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 

Date: 2019-07-06 14:14:41.182
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2019-05-22 11:19:23.687
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.293.2046.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15900.4
Código de error: 0x8024402c
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulta Ayuda y soporte técnico. 

CodeIntegrity:
===================================

Date: 2019-07-06 17:01:56.842
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-06 14:51:34.901
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-06 11:08:19.664
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-06 10:49:37.013
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-07-05 22:55:21.241
Description: 
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-05 22:55:11.971
Description: 
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-05 22:55:11.966
Description: 
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-05 22:55:11.961
Description: 
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 5.12 03/22/2017
Motherboard: BANGHO MAX G5
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 79%
Total physical RAM: 8080.23 MB
Available physical RAM: 1678.5 MB
Total Virtual: 10205.77 MB
Available Virtual: 2501.62 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.41 GB) (Free:438.58 GB) NTFS

\\?\Volume{a7946c49-f25d-42d9-bb9c-9c94316f25d1}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.45 GB) NTFS
\\?\Volume{8e0f0613-0bd5-4582-8598-488613327644}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6132B31D)

Partition: GPT.

==================== End of Addition.txt ============================

JavierHF · 8 Julio, 2019 21:13

Bien… y ahora sigue estos pasos, MUY Importante Realiza una copia de seguridad del registro :

Para hacerlo descarga DelFix.exe(en tu escritorio).
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
Atención, ahora marca/selecciona únicamente la casilla Create registry backup, las demás casillas NO.
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.

Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKLM-x32\...\Run: [APP_HOTFOLDER] => [X]
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\...\Run: [eagleget_setup] => C:\Users\CF\AppData\Local\Temp\is-OTMOV.tmp\eagleget_setup.tmp -V <==== ATTENTION
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411\...\Run: [eagleget_setup] => C:\Users\CF\AppData\Local\Temp\is-OTMOV.tmp\eagleget_setup.tmp -V <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NewShortcut1.lnk [2017-08-24]
ShortcutTarget: Jarvee.lnk -> C:\Users\CF\Desktop\Jarvee._v2082\Jarvee.exe (No File)
ShortcutTarget: MassPlanner.lnk -> C:\Users\CF\Desktop\MassPlanner 2.8.4.3\MassPlannerNew.exe (No File)
ShortcutTarget: MassPlanner2.lnk -> C:\Users\CF\AppData\Roaming\MP\MassPlannerNew.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 200.49.130.44 200.42.4.207
Tcpip\..\Interfaces\{65fb8118-56cb-442c-85c8-59a0df41d09f}: [DhcpNameServer] 200.49.130.44 200.42.4.207
Tcpip\..\Interfaces\{845df440-005c-4842-bf03-99124e2db090}: [DhcpNameServer] 200.49.130.28 200.49.130.29 200.49.130.34
FF HomepageOverride: Mozilla\Firefox\Profiles\12uvqoo5.default -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\12uvqoo5.default -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF NewTabOverride: Mozilla\Firefox\Profiles\12uvqoo5.default -> Enabled: [email protected]
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://mail.ru/cnt/10445?gp=811570","hxxps://www.google.com/"
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.

Nota Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
Presionar el botón FIX y aguardar a que termine.
La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.

rancheli · 8 Julio, 2019 22:09

Fix result of Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Ran by CF (08-07-2019 18:49:05) Run:1
Running from C:\Users\CF\Desktop
Loaded Profiles: CF (Available Profiles: CF)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKLM-x32\...\Run: [APP_HOTFOLDER] => [X]
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\...\Run: [eagleget_setup] => C:\Users\CF\AppData\Local\Temp\is-OTMOV.tmp\eagleget_setup.tmp -V <==== ATTENTION
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411\...\Run: [eagleget_setup] => C:\Users\CF\AppData\Local\Temp\is-OTMOV.tmp\eagleget_setup.tmp -V <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NewShortcut1.lnk [2017-08-24]
ShortcutTarget: Jarvee.lnk -> C:\Users\CF\Desktop\Jarvee._v2082\Jarvee.exe (No File)
ShortcutTarget: MassPlanner.lnk -> C:\Users\CF\Desktop\MassPlanner 2.8.4.3\MassPlannerNew.exe (No File)
ShortcutTarget: MassPlanner2.lnk -> C:\Users\CF\AppData\Roaming\MP\MassPlannerNew.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 200.49.130.44 200.42.4.207
Tcpip\..\Interfaces\{65fb8118-56cb-442c-85c8-59a0df41d09f}: [DhcpNameServer] 200.49.130.44 200.42.4.207
Tcpip\..\Interfaces\{845df440-005c-4842-bf03-99124e2db090}: [DhcpNameServer] 200.49.130.28 200.49.130.29 200.49.130.34
FF HomepageOverride: Mozilla\Firefox\Profiles\12uvqoo5.default -> Enabled: [email protected]
FF NewTabOverride: Mozilla\Firefox\Profiles\12uvqoo5.default -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF NewTabOverride: Mozilla\Firefox\Profiles\12uvqoo5.default -> Enabled: [email protected]
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://mail.ru/cnt/10445?gp=811570","hxxps://www.google.com/"
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\APP_HOTFOLDER" => removed successfully
"HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\Software\Microsoft\Windows\CurrentVersion\Run\\eagleget_setup" => removed successfully
HKU\S-1-5-21-1526051646-4132201309-1756439562-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07062019170229411\...\Run: [eagleget_setup] => C:\Users\CF\AppData\Local\Temp\is-OTMOV.tmp\eagleget_setup.tmp -V <==== ATTENTION => Error: No automatic fix found for this entry.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NewShortcut1.lnk => moved successfully
"C:\Users\CF\Desktop\Jarvee._v2082\Jarvee.exe" => not found
"C:\Users\CF\Desktop\MassPlanner 2.8.4.3\MassPlannerNew.exe" => not found
"C:\Users\CF\AppData\Roaming\MP\MassPlannerNew.exe" => not found
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{65fb8118-56cb-442c-85c8-59a0df41d09f}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{845df440-005c-4842-bf03-99124e2db090}\\DhcpNameServer" => removed successfully
"Firefox HomepageOverride ([email protected]) " => removed successfully
"Firefox NewTabOverride ({a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}) " => removed successfully
"Firefox NewTabOverride ([email protected]) " => removed successfully
"Chrome StartupUrls" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1526051646-4132201309-1756439562-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c

========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 711414461 B
Java, Flash, Steam htmlcache => 379 B
Windows/system/drivers => 163433 B
Edge => 4535544 B
Chrome => 427658437 B
Firefox => 1194262982 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3746 B
LocalService => 0 B
NetworkService => 6496 B
NetworkService => 0 B
CF => 9052956 B

RecycleBin => 556568010 B
EmptyTemp: => 2.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:54:17 ====

JavierHF · 8 Julio, 2019 22:29

Perfecto @rancheli ahora YA ya quedo el problema completamente arreglado, ahora solo queda eliminar las herramientas usadas.

Para hacerlo descarga DelFix.exe en tu escritorio.

Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador -).
Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.

Para cualquier otro problema, no dudes en volver a postear., ya sabes dónde estamos.

Tema Solucionado.

Saludos, Javier.