Window4.vbs y procesos desconocidos

Buen día foro

Viendo en el Administrador de tareas, en la pestaña de Inicio; me aparecen los siguientes procesos y que están habilitados con un impacto de inicio no medido, no los había visto anteriormente y buscando en Google no encontré suficiente información.

window4.vbs window3.vbs s4server.exe

Me podrían apoyar para ver qué tipo de procesos son estos? y en caso de ser algún malware, si me pueden ayudar a eliminarlo. Se los agradecería mucho!

Windows 10 Home Single Language Versión 1803 SO 64 bits

Saludos.

1 me gusta

Hola @Krysthel_Rivera bienvenida al foro

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

  • Realiza un Análisis de amenazas, actualizando si te lo pide.
  • Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
  • En el apartado del manual Informes >> Informe de análisis encontrarás el reporte de MBAM, clic en Exportar >> Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

  • Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
  • Cierra también todos los programas que tengas abiertos.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
  • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

  • Instala Ccleaner
  • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine >> clic en ejecutar limpiador
  • Clic en la pestaña Registro >> clic en buscar problemas esperas que termine >> clic en Reparar Seleccionadas y haces una copia de seguridad
  • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

¿Cómo pegar reportes en el foro?

Un saludo

Hola Daniela, agradezco tu respuesta. Ejecuté lo que me comentaste y por eso respondo hasta ahora. A continuación te comparto los reportes de Malwarebytes y AdwCleaner, respectivamente:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 12/4/19
Hora del análisis: 12:32
Archivo de registro: f9d5692c-5d48-11e9-a75e-2c56dc1e1d46.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.10132
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.648)
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Programador de tareas
Resultado: Completado
Objetos analizados: 352802
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 2 hr, 57 min, 8 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-12-2019
# Duration: 00:00:33
# OS:       Windows 10 Home Single Language
# Cleaned:  3
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted       Avira SafeSearch Plus

***** [ Chromium URLs ] *****

Deleted       Softonic ES
Deleted       Softonic ES

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1338 octets] - [08/04/2019 15:07:02]
AdwCleaner[C00].txt - [1466 octets] - [08/04/2019 15:12:10]
AdwCleaner[S01].txt - [1460 octets] - [12/04/2019 15:59:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Hola

Como sigue el problema.

Un saludo

Hola, buen día Daniela.

Los procesos siguen ahí, en la pestaña de inicio.

Hola

Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo

Daniela, te envío el primer reporte EN PARTES (1/2)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Krysthel (administrator) on DESKTOP-UBPUT75 (13-04-2019 13:14:47)
Running from C:\Users\Krysthel\Desktop
Loaded Profiles: Krysthel &  (Available Profiles: Krysthel)
Platform: Windows 10 Home Single Language Version 1803 17134.706 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc. -> ASUS) [File not signed] C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realtek Semiconductor Corp -> ) C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(WildTangent Inc -> WildTangent, Inc.) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Intel® Trusted Connect Service -> Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() [File not signed] C:\Program Files (x86)\Internet Telcel\ApplicationController.exe
(Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(SafeNet, Inc.) [File not signed] C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc. -> SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(SafeNet, Inc. -> SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\McCSPServiceHost.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(WhatsApp, Inc. -> WhatsApp) C:\Users\Krysthel\AppData\Local\WhatsApp\app-0.3.2386\WhatsApp.exe
(WhatsApp, Inc. -> WhatsApp) C:\Users\Krysthel\AppData\Local\WhatsApp\app-0.3.2386\WhatsApp.exe
(WhatsApp, Inc. -> WhatsApp) C:\Users\Krysthel\AppData\Local\WhatsApp\app-0.3.2386\WhatsApp.exe
(WhatsApp, Inc. -> WhatsApp) C:\Users\Krysthel\AppData\Local\WhatsApp\app-0.3.2386\WhatsApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\tasklist.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PING.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PING.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PING.EXE
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PING.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PING.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599896 2015-06-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc -> Autodesk, Inc.)
HKLM\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.4.0.608\ASUSWSLoader.exe [63928 2018-06-05] (ASUS Cloud Corporation -> ASUS Cloud Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444383\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444547\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Run: [Adobe Flash PlayerHTML5] => C:\backupsys\window3.vbs [91 2018-11-14] () [File not signed]
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Run: [Google Chrome64bits] => C:\backupsys\window4.vbs [90 2018-11-14] () [File not signed]
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35183504 2019-04-12] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [Adobe Flash PlayerHTML5] => C:\backupsys\window3.vbs [91 2018-11-14] () [File not signed]
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [Google Chrome64bits] => C:\backupsys\window4.vbs [90 2018-11-14] () [File not signed]
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35183504 2019-04-12] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Policies\Explorer: [] 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-09] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-06-03]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2019-03-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Servidor de OPUS.lnk [2019-02-06]
ShortcutTarget: Servidor de OPUS.lnk -> C:\OPUSCMS\server\s4server.exe (No File)
Startup: C:\Users\Krysthel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Supervisar alertas de tinta - .lnk [2017-01-30]
ShortcutTarget: Supervisar alertas de tinta - .lnk -> C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPStatusBL.dll (Hewlett Packard -> Hewlett-Packard Development Company, LP)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{8cd3e1a0-5ef7-4636-a120-1779ccb9246a}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{ac784a4f-94b8-4dee-8d52-cbd94d24c176}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q=
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKLM -> {1F096B29-E9DA-4D64-8D63-936BE7762CC5} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKLM -> {4CA7A89B-B509-4CBF-AB97-6307132C0EF3} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKLM -> {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKLM -> {D0196D2A-1578-4CC2-8692-9F617C64D184} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001 -> {1F096B29-E9DA-4D64-8D63-936BE7762CC5} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001 -> {4CA7A89B-B509-4CBF-AB97-6307132C0EF3} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001 -> {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001 -> {D0196D2A-1578-4CC2-8692-9F617C64D184} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770 -> {1F096B29-E9DA-4D64-8D63-936BE7762CC5} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770 -> {4CA7A89B-B509-4CBF-AB97-6307132C0EF3} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770 -> {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770 -> {D0196D2A-1578-4CC2-8692-9F617C64D184} URL = hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-09] (Oracle America, Inc. -> Oracle Corporation)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\mcsniepl64.dll [2019-02-15] (McAfee, Inc. -> McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files (x86)\mcafee\msc\mcsniepl.dll [2019-02-15] (McAfee, Inc. -> McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Krysthel\AppData\Roaming\Mozilla\Firefox\Profiles\MEa2Ai0m.default [2017-03-22]
FF Extension: (Avira Browser Safety) - C:\Users\Krysthel\AppData\Roaming\Mozilla\Firefox\Profiles\MEa2Ai0m.default\Extensions\[email protected] [2017-03-22] [hxxps://download.avira.com/package/abs/firefox/update-webext.rdf]
FF Extension: (Avira Password Manager) - C:\Users\Krysthel\AppData\Roaming\Mozilla\Firefox\Profiles\MEa2Ai0m.default\Extensions\[email protected] [2017-03-22] [hxxps://s3.eu-central-1.amazonaws.com/avira-pwm-extensions/update.rdf]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Krysthel\AppData\Roaming\Mozilla\Firefox\Profiles\MEa2Ai0m.default\Extensions\[email protected] [2017-03-22] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-09-10] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\program files\mcafee\msc\npmcsnffpl64.dll [2019-02-15] (McAfee, Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-09-10] (Adobe Systems Incorporated -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-02] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-02] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\program files (x86)\mcafee\msc\npmcsnffpl.dll [2019-02-15] (McAfee, Inc. -> )
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=es
CHR Profile: C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default [2019-04-13]
CHR Extension: (Presentaciones) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (SpiderMan 2 Free Games) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeckkagoklkjfgglnhmgeecfiobmkjab [2017-09-24]
CHR Extension: (Documentos) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-17]
CHR Extension: (YouTube) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-17]
CHR Extension: (Hojas de cálculo) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2019-04-12]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Visualizador de archivos PDF/PowerPoint de Google Docs) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2018-10-18]
CHR Extension: (GIFPAL) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch [2018-10-18]
CHR Extension: (Gmail) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-17]
CHR Extension: (Chrome Media Router) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-03]
CHR Profile: C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-12]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [313488 2015-06-12] (ASUSTeK Computer Inc. -> ASUS) [File not signed]
S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc -> Autodesk, Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-20] (Realtek Semiconductor Corp -> )
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-08] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-08] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> )
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-07-12] (Intel(R) Software -> Intel Corporation)
R2 FLAME II HSPA USB MODEM Service; C:\Program Files (x86)\Internet Telcel\ApplicationController.exe [574464 2015-06-09] () [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent Inc -> WildTangent)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2011-01-21] (HP) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [350312 2015-08-15] (Intel Corporation - pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdatesvr.exe [133480 2015-08-15] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S4 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_12\McApExe.exe [745880 2019-01-23] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\\McCSPServiceHost.exe [2158952 2018-12-17] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [371840 2019-01-15] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [604216 2019-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [509728 2019-03-04] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1692552 2018-12-19] (McAfee, Inc. -> McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1360384 2019-02-05] (McAfee, Inc. -> McAfee, Inc.)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [293344 2017-07-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [376832 2013-01-09] (SafeNet, Inc.) [File not signed]
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259872 2013-01-09] (SafeNet, Inc. -> SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [293216 2013-01-09] (SafeNet, Inc. -> SafeNet, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-26] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-26] (Microsoft Corporation -> Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [101880 2017-01-09] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77384 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 dot4usb; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [49056 2012-10-19] (Hewlett-Packard Company -> Microsoft Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-07-12] (Intel(R) Software -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-07-12] (Intel(R) Software -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-04-03] (Malwarebytes Corporation -> Malwarebytes)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [19976 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218408 2018-12-24] (McAfee, Inc. -> McAfee, Inc.)
S3 HSBDrv64; C:\WINDOWS\System32\drivers\HSBDrv64.sys [107768 2013-02-08] (AhnLab, Inc. -> AhnLab, Inc.)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [5864696 2015-08-15] (Intel Corporation - pGFX -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-04-04] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-04-12] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-04-12] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-12] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-04-12] (Malwarebytes Corporation -> Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [511024 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [373808 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [86136 2019-01-22] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517168 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [981032 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [563728 2018-11-19] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109072 2018-11-19] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [117800 2019-03-04] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254024 2019-01-22] (McAfee, Inc. -> McAfee, LLC)
S3 Mkd2Bthf; C:\WINDOWS\System32\drivers\Mkd2Bthf.sys [98104 2012-08-09] (AhnLab, Inc. -> AhnLab, Inc.)
S3 Mkd3kfNt; C:\WINDOWS\System32\drivers\Mkd3kfNt.sys [166200 2012-10-14] (AhnLab, Inc. -> AhnLab, Inc.)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2016-03-28] (Apple Inc.) [File not signed]
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-14] (Realtek Semiconductor Corp -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [724448 2017-07-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6907240 2017-07-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] (Intel(R) Code Signing External -> )
R2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc. -> SafeNet, Inc.)
S3 SNTUSB64; C:\WINDOWS\System32\drivers\SNTUSB64.SYS [58664 2008-07-11] (SafeNet, Inc. -> SafeNet, Inc.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46592 2018-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-06-26] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-26] (Microsoft Windows -> Microsoft Corporation)

(2/2)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-13 13:14 - 2019-04-13 13:22 - 000041855 _____ C:\Users\Krysthel\Desktop\FRST.txt
2019-04-13 13:13 - 2019-04-13 13:14 - 000000000 ____D C:\FRST
2019-04-13 13:09 - 2019-04-13 13:10 - 002434048 _____ (Farbar) C:\Users\Krysthel\Desktop\FRST64.exe
2019-04-12 16:37 - 2019-04-12 16:37 - 000008494 _____ C:\Users\Krysthel\Documents\cc_20190412_163704.reg
2019-04-12 16:22 - 2019-04-12 16:22 - 000001588 _____ C:\Users\Krysthel\Desktop\AdwCleaner[C01].txt
2019-04-12 16:17 - 2019-04-12 16:17 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-04-12 16:16 - 2019-04-12 16:16 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-12 16:16 - 2019-04-12 16:16 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-04-12 16:16 - 2019-04-12 16:16 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-04-12 15:47 - 2019-04-12 15:47 - 000000000 ____D C:\Program Files\Epic Games
2019-04-12 15:45 - 2019-04-12 15:45 - 000001555 _____ C:\Users\Krysthel\Desktop\mb.txt
2019-04-12 14:57 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2019-04-12 14:57 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2019-04-12 14:57 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2019-04-12 14:52 - 2019-04-12 14:52 - 000000000 ____D C:\Users\Krysthel\AppData\Local\UnrealEngineLauncher
2019-04-12 14:51 - 2019-04-12 14:51 - 000000000 ____D C:\Users\Krysthel\AppData\Local\UnrealEngine
2019-04-12 14:51 - 2019-04-12 14:51 - 000000000 ____D C:\Users\Krysthel\AppData\Local\EpicGamesLauncher
2019-04-12 14:50 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2019-04-12 14:47 - 2019-04-12 14:47 - 000001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2019-04-12 14:47 - 2019-04-12 14:47 - 000001280 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2019-04-12 14:46 - 2019-04-12 15:00 - 000000000 ____D C:\ProgramData\Epic
2019-04-12 14:45 - 2019-04-12 14:46 - 000000000 ____D C:\Program Files (x86)\Epic Games
2019-04-12 14:39 - 2019-04-12 14:40 - 033710080 _____ C:\Users\Krysthel\Downloads\EpicInstaller-9.11.2-fortnite.msi
2019-04-12 13:19 - 2019-04-12 13:20 - 021254208 _____ (Piriform Software Ltd) C:\Users\Krysthel\Downloads\ccsetup556.exe
2019-04-09 14:19 - 2019-04-02 03:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-09 14:19 - 2019-04-02 03:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-09 14:19 - 2019-04-02 03:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-09 14:19 - 2019-04-02 03:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-09 14:19 - 2019-04-02 02:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-09 14:19 - 2019-04-02 02:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-09 14:19 - 2019-04-02 02:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-09 14:19 - 2019-04-02 00:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-09 14:19 - 2019-04-02 00:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-09 14:19 - 2019-04-01 23:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-09 14:19 - 2019-04-01 23:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-09 14:19 - 2019-03-14 09:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-09 14:19 - 2019-03-14 09:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-09 14:19 - 2019-03-14 03:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-09 14:19 - 2019-03-14 03:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-09 14:19 - 2019-03-14 02:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-09 14:19 - 2019-03-14 02:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-09 14:19 - 2019-03-14 02:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-09 14:19 - 2019-03-14 02:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-09 14:18 - 2019-04-02 07:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-09 14:18 - 2019-04-02 07:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-09 14:18 - 2019-04-02 07:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-09 14:18 - 2019-04-02 07:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-09 14:18 - 2019-04-02 07:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-09 14:18 - 2019-04-02 07:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-09 14:18 - 2019-04-02 07:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-09 14:18 - 2019-04-02 07:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-09 14:18 - 2019-04-02 07:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-09 14:18 - 2019-04-02 07:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-09 14:18 - 2019-04-02 07:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-09 14:18 - 2019-04-02 07:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-09 14:18 - 2019-04-02 07:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-09 14:18 - 2019-04-02 07:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-09 14:18 - 2019-04-02 04:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-09 14:18 - 2019-04-02 04:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-09 14:18 - 2019-04-02 04:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-09 14:18 - 2019-04-02 04:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-09 14:18 - 2019-04-02 04:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-09 14:18 - 2019-04-02 04:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-09 14:18 - 2019-04-02 04:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-09 14:18 - 2019-04-02 04:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-09 14:18 - 2019-04-02 04:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-09 14:18 - 2019-04-02 03:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-09 14:18 - 2019-04-02 03:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-09 14:18 - 2019-04-02 03:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-09 14:18 - 2019-04-02 03:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-09 14:18 - 2019-04-02 03:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-09 14:18 - 2019-04-02 03:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-09 14:18 - 2019-04-02 03:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-09 14:18 - 2019-04-02 03:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-09 14:18 - 2019-04-02 03:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-09 14:18 - 2019-04-02 03:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-09 14:18 - 2019-04-02 03:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-09 14:18 - 2019-04-02 03:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-09 14:18 - 2019-04-02 03:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-09 14:18 - 2019-04-02 02:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-09 14:18 - 2019-04-02 02:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-09 14:18 - 2019-04-02 02:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-09 14:18 - 2019-04-02 02:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-09 14:18 - 2019-04-02 02:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-09 14:18 - 2019-04-02 02:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-09 14:18 - 2019-04-02 02:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-09 14:18 - 2019-04-02 02:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-09 14:18 - 2019-04-02 02:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-09 14:18 - 2019-04-02 02:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-09 14:18 - 2019-04-02 02:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-09 14:18 - 2019-04-02 02:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-09 14:18 - 2019-04-02 02:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-09 14:18 - 2019-04-02 00:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-09 14:18 - 2019-04-02 00:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-09 14:18 - 2019-04-02 00:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-09 14:18 - 2019-04-01 23:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-09 14:18 - 2019-04-01 23:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-09 14:18 - 2019-04-01 23:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-09 14:18 - 2019-04-01 23:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-09 14:18 - 2019-04-01 23:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-09 14:18 - 2019-04-01 23:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-09 14:18 - 2019-04-01 23:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-09 14:18 - 2019-03-16 07:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-09 14:18 - 2019-03-16 04:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-09 14:18 - 2019-03-14 09:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-09 14:18 - 2019-03-14 09:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-09 14:18 - 2019-03-14 09:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-09 14:18 - 2019-03-14 09:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-09 14:18 - 2019-03-14 09:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-09 14:18 - 2019-03-14 09:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-09 14:18 - 2019-03-14 09:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-09 14:18 - 2019-03-14 09:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-09 14:18 - 2019-03-14 09:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-09 14:18 - 2019-03-14 08:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-09 14:18 - 2019-03-14 08:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-09 14:18 - 2019-03-14 08:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-09 14:18 - 2019-03-14 08:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-09 14:18 - 2019-03-14 08:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-09 14:18 - 2019-03-14 03:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-09 14:18 - 2019-03-14 03:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-09 14:18 - 2019-03-14 03:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-09 14:18 - 2019-03-14 03:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-09 14:18 - 2019-03-14 03:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-09 14:18 - 2019-03-14 03:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-09 14:18 - 2019-03-14 03:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-09 14:18 - 2019-03-14 03:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-09 14:18 - 2019-03-14 03:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-09 14:18 - 2019-03-14 03:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-09 14:18 - 2019-03-14 03:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-09 14:18 - 2019-03-14 03:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-09 14:18 - 2019-03-14 03:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-09 14:18 - 2019-03-14 03:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-09 14:18 - 2019-03-14 03:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-09 14:18 - 2019-03-14 03:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-09 14:18 - 2019-03-14 03:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-09 14:18 - 2019-03-14 03:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-09 14:18 - 2019-03-14 03:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-09 14:18 - 2019-03-14 03:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-09 14:18 - 2019-03-14 03:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-09 14:18 - 2019-03-14 03:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-09 14:18 - 2019-03-14 03:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-09 14:18 - 2019-03-14 03:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-09 14:18 - 2019-03-14 03:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-09 14:18 - 2019-03-14 03:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-09 14:18 - 2019-03-14 03:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-09 14:18 - 2019-03-14 03:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-09 14:18 - 2019-03-14 03:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-09 14:18 - 2019-03-14 03:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-09 14:18 - 2019-03-14 03:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-09 14:18 - 2019-03-14 03:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-09 14:18 - 2019-03-14 03:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-09 14:18 - 2019-03-14 03:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-09 14:18 - 2019-03-14 03:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-09 14:18 - 2019-03-14 03:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-09 14:18 - 2019-03-14 03:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-09 14:18 - 2019-03-14 03:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-09 14:18 - 2019-03-14 03:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-09 14:18 - 2019-03-14 03:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-09 14:18 - 2019-03-14 03:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-09 14:18 - 2019-03-14 03:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-09 14:18 - 2019-03-14 03:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-09 14:18 - 2019-03-14 03:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-09 14:18 - 2019-03-14 02:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-09 14:18 - 2019-03-14 02:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-09 14:18 - 2019-03-14 02:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-09 14:18 - 2019-03-14 02:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-09 14:18 - 2019-03-14 02:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-09 14:18 - 2019-03-14 02:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-09 14:18 - 2019-03-14 02:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-09 14:18 - 2019-03-14 02:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-09 14:18 - 2019-03-14 02:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-09 14:18 - 2019-03-14 02:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-09 14:18 - 2019-03-14 02:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-09 14:18 - 2019-03-14 02:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-09 14:18 - 2019-03-14 02:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-09 14:18 - 2019-03-14 02:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-09 14:18 - 2019-03-14 02:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-09 14:18 - 2019-03-14 02:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-09 14:18 - 2019-03-14 02:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-09 14:18 - 2019-03-14 02:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-09 14:18 - 2019-03-14 02:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-09 14:18 - 2019-03-14 02:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-09 14:18 - 2019-03-14 02:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-09 14:18 - 2019-03-14 02:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-09 14:18 - 2019-03-14 02:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-09 14:18 - 2019-03-14 02:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-09 14:18 - 2019-03-14 02:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-09 14:18 - 2019-03-14 02:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-09 14:18 - 2019-03-14 02:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-09 14:18 - 2019-03-14 02:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-09 14:18 - 2019-03-14 02:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-09 14:18 - 2019-03-14 02:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-09 14:18 - 2019-03-14 02:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-09 14:18 - 2019-03-14 02:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-09 14:18 - 2019-03-14 02:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-09 14:18 - 2019-03-14 02:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-09 14:18 - 2019-03-14 02:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-09 14:18 - 2019-03-14 02:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-09 14:18 - 2019-03-14 02:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-09 14:18 - 2019-03-14 02:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-09 14:18 - 2019-03-14 02:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-09 14:18 - 2019-03-13 20:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-09 14:18 - 2019-03-13 20:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-09 14:18 - 2019-03-13 20:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-09 14:17 - 2019-04-02 07:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-09 14:17 - 2019-04-02 07:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-09 14:17 - 2019-04-02 02:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-09 14:17 - 2019-04-02 02:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-09 14:17 - 2019-04-02 01:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-09 14:17 - 2019-04-01 23:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-09 14:17 - 2019-04-01 23:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-09 14:17 - 2019-03-14 09:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-09 14:17 - 2019-03-14 09:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-09 14:17 - 2019-03-14 08:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-09 14:17 - 2019-03-14 03:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-09 14:17 - 2019-03-14 03:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-09 14:17 - 2019-03-14 03:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-09 14:17 - 2019-03-14 03:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-09 14:17 - 2019-03-14 03:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-09 14:17 - 2019-03-14 02:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-09 14:17 - 2019-03-14 02:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-09 14:17 - 2019-03-14 02:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-09 14:17 - 2019-03-14 02:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-09 14:17 - 2019-03-14 02:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-09 14:17 - 2019-03-14 02:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-09 14:17 - 2019-03-14 02:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-09 14:17 - 2019-03-14 02:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-09 14:17 - 2019-03-13 20:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-09 14:17 - 2019-03-13 20:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-08 14:41 - 2019-04-08 14:41 - 007025360 _____ (Malwarebytes) C:\Users\Krysthel\Downloads\adwcleaner_7.3.exe
2019-04-08 14:21 - 2019-04-08 14:22 - 000184282 _____ C:\Users\Krysthel\Documents\cc_20190408_142154.reg
2019-04-05 13:19 - 2019-04-05 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-04-05 12:59 - 2018-09-24 16:33 - 3074228224 _____ C:\Users\Krysthel\Downloads\Win7X64ULTI.ESP.SEP2018_SteveGames.iso
2019-04-04 18:34 - 2019-04-04 18:34 - 000121457 _____ C:\Users\Krysthel\Downloads\cv yeya.pdf
2019-04-04 16:43 - 2019-04-04 16:43 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-04-04 12:36 - 2019-04-04 12:36 - 000219738 _____ C:\Users\Krysthel\Downloads\FT1-1465_PDF.pdf
2019-04-03 21:20 - 2019-04-03 21:25 - 749246628 _____ C:\Users\Krysthel\Downloads\Office 2013 64 bits.rar
2019-04-03 21:18 - 2019-04-03 21:18 - 000000091 _____ C:\Users\Krysthel\Downloads\Links de descarga office 2013.txt
2019-04-03 19:44 - 2019-04-03 20:22 - 002000577 _____ C:\Users\Krysthel\Desktop\nom008.pptx
2019-04-03 15:59 - 2019-04-03 15:59 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-04-03 15:59 - 2019-04-03 15:59 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-04-03 15:59 - 2019-04-03 15:59 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-04-03 15:59 - 2019-04-03 15:59 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-04-03 15:56 - 2019-04-03 15:56 - 000000000 ____D C:\Users\Krysthel\AppData\Local\mbam
2019-04-03 15:03 - 2019-04-03 15:03 - 000000000 ____D C:\Users\Krysthel\AppData\Local\mbamtray
2019-04-03 14:22 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-04-03 14:18 - 2019-04-03 14:18 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-04-03 14:18 - 2019-04-03 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-03 14:17 - 2019-04-03 15:01 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-04-03 14:17 - 2019-04-03 14:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-03 14:17 - 2019-04-03 14:17 - 000000000 ____D C:\Program Files\Malwarebytes
2019-04-03 14:02 - 2019-04-03 14:33 - 2993097470 _____ C:\Users\Krysthel\Downloads\Win7X64ULTI.ESP.SEP2018_SteveGames.rar
2019-04-03 13:41 - 2019-04-03 13:46 - 064309056 _____ (Malwarebytes ) C:\Users\Krysthel\Downloads\mb3-setup-35891.35891-3.7.1.2839-1.0.538-1.0.9074.exe
2019-03-30 15:24 - 2019-03-30 15:26 - 000223663 _____ C:\Users\Krysthel\Downloads\FORMATO 4.pdf
2019-03-27 15:21 - 2019-03-27 15:21 - 000198659 _____ C:\Users\Krysthel\Downloads\Certificado medico.pdf
2019-03-27 15:11 - 2019-03-27 15:11 - 000001448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Centro de soluciones HP.lnk
2019-03-27 15:11 - 2019-03-27 15:11 - 000000000 ____D C:\ProgramData\HP Product Assistant
2019-03-27 14:59 - 2019-03-27 15:15 - 000202148 _____ C:\WINDOWS\hpoins28.dat
2019-03-27 14:59 - 2012-09-26 10:48 - 000000584 ____N C:\WINDOWS\hpomdl28.dat
2019-03-27 14:58 - 2009-07-08 05:51 - 000938496 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpowiax7.dll
2019-03-27 14:58 - 2009-07-08 05:51 - 000740864 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl6.dll
2019-03-27 14:58 - 2009-07-08 05:51 - 000551424 _____ (Hewlett-Packard) C:\WINDOWS\system32\hppldcoi.dll
2019-03-27 14:58 - 2009-07-08 05:51 - 000505344 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst15.dll
2019-03-25 19:23 - 2019-03-25 19:23 - 001408903 _____ C:\Users\Krysthel\Documents\triptico santi.pdf
2019-03-25 18:33 - 2019-03-25 19:39 - 005275648 _____ C:\Users\Krysthel\Documents\Publicación2.pub
2019-03-17 23:49 - 2019-04-01 12:51 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-03-17 23:49 - 2019-04-01 12:51 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-15 00:08 - 2019-03-06 04:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-15 00:08 - 2019-03-06 04:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-15 00:08 - 2019-03-06 01:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-15 00:08 - 2019-02-16 07:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-15 00:08 - 2019-02-16 07:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-15 00:08 - 2019-02-16 07:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-15 00:08 - 2019-02-16 03:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-15 00:08 - 2019-02-16 03:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-15 00:08 - 2019-02-16 03:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-15 00:08 - 2019-02-16 03:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-15 00:08 - 2019-02-16 03:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-15 00:08 - 2019-02-16 02:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-15 00:08 - 2019-02-16 02:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-15 00:08 - 2019-02-16 02:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-15 00:08 - 2019-02-16 02:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-15 00:08 - 2019-02-16 02:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-15 00:08 - 2019-02-16 02:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-15 00:07 - 2019-03-06 10:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-15 00:07 - 2019-03-06 10:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-15 00:07 - 2019-03-06 10:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-15 00:07 - 2019-03-06 10:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-15 00:07 - 2019-03-06 07:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-15 00:07 - 2019-03-06 04:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-15 00:07 - 2019-03-06 04:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-15 00:07 - 2019-03-06 04:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-15 00:07 - 2019-03-06 04:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-15 00:07 - 2019-03-06 04:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-15 00:07 - 2019-03-06 03:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-15 00:07 - 2019-03-06 03:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-15 00:07 - 2019-03-06 03:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-15 00:07 - 2019-03-06 03:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-15 00:07 - 2019-03-06 01:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-15 00:07 - 2019-03-06 01:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-15 00:07 - 2019-03-06 00:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-15 00:07 - 2019-03-06 00:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-15 00:07 - 2019-02-16 08:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-15 00:07 - 2019-02-16 08:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-15 00:07 - 2019-02-16 07:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-15 00:07 - 2019-02-16 05:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-15 00:07 - 2019-02-16 05:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-15 00:07 - 2019-02-16 03:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-15 00:07 - 2019-02-16 03:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-15 00:07 - 2019-02-16 03:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-15 00:07 - 2019-02-16 03:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-15 00:07 - 2019-02-16 03:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-15 00:07 - 2019-02-16 03:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-15 00:07 - 2019-02-16 02:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-15 00:07 - 2019-02-16 02:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-15 00:07 - 2019-02-16 02:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-15 00:07 - 2019-02-16 02:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-15 00:07 - 2019-02-16 02:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-03-15 00:06 - 2019-03-06 10:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-15 00:06 - 2019-03-06 10:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-15 00:06 - 2019-03-06 10:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-15 00:06 - 2019-03-06 10:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-15 00:06 - 2019-03-06 07:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-15 00:06 - 2019-03-06 07:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-15 00:06 - 2019-03-06 04:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-15 00:06 - 2019-03-06 04:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-15 00:06 - 2019-03-06 04:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-15 00:06 - 2019-03-06 04:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-15 00:06 - 2019-03-06 04:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-15 00:06 - 2019-03-06 04:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-15 00:06 - 2019-03-06 04:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-15 00:06 - 2019-03-06 03:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-15 00:06 - 2019-03-06 03:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-15 00:06 - 2019-03-06 03:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-15 00:06 - 2019-03-06 03:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-15 00:06 - 2019-03-06 03:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-15 00:06 - 2019-03-06 03:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-15 00:06 - 2019-03-06 03:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-15 00:06 - 2019-03-06 03:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-15 00:06 - 2019-03-06 01:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-15 00:06 - 2019-03-06 01:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-15 00:06 - 2019-03-06 01:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-15 00:06 - 2019-03-06 00:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-15 00:06 - 2019-03-06 00:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-15 00:06 - 2019-02-20 22:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-15 00:06 - 2019-02-16 08:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-15 00:06 - 2019-02-16 08:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-15 00:06 - 2019-02-16 08:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-15 00:06 - 2019-02-16 08:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-15 00:06 - 2019-02-16 08:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-15 00:06 - 2019-02-16 08:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-15 00:06 - 2019-02-16 08:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-15 00:06 - 2019-02-16 07:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-15 00:06 - 2019-02-16 07:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-15 00:06 - 2019-02-16 07:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-15 00:06 - 2019-02-16 07:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-15 00:06 - 2019-02-16 07:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-15 00:06 - 2019-02-16 07:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-15 00:06 - 2019-02-16 07:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-15 00:06 - 2019-02-16 07:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-15 00:06 - 2019-02-16 07:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-15 00:06 - 2019-02-16 07:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-15 00:06 - 2019-02-16 07:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-15 00:06 - 2019-02-16 07:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-15 00:06 - 2019-02-16 07:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-15 00:06 - 2019-02-16 07:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-15 00:06 - 2019-02-16 07:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-15 00:06 - 2019-02-16 07:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-15 00:06 - 2019-02-16 07:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-15 00:06 - 2019-02-16 07:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-15 00:06 - 2019-02-16 07:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-15 00:06 - 2019-02-16 07:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-15 00:06 - 2019-02-16 07:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-15 00:06 - 2019-02-16 07:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-15 00:06 - 2019-02-16 07:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-15 00:06 - 2019-02-16 07:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-15 00:06 - 2019-02-16 03:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-15 00:06 - 2019-02-16 03:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-03-15 00:06 - 2019-02-16 03:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-15 00:06 - 2019-02-16 03:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-15 00:06 - 2019-02-16 03:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-15 00:06 - 2019-02-16 03:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-15 00:06 - 2019-02-16 03:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-15 00:06 - 2019-02-16 03:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-15 00:06 - 2019-02-16 03:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-15 00:06 - 2019-02-16 03:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-15 00:06 - 2019-02-16 03:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-15 00:06 - 2019-02-16 03:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-15 00:06 - 2019-02-16 03:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-15 00:06 - 2019-02-16 02:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-15 00:06 - 2019-02-16 02:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-15 00:06 - 2019-02-16 02:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-15 00:06 - 2019-02-16 02:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-15 00:06 - 2019-02-16 02:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-15 00:06 - 2019-02-16 02:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-15 00:06 - 2019-02-16 02:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-15 00:06 - 2019-02-16 02:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-15 00:06 - 2019-02-16 02:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-15 00:06 - 2019-02-16 02:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-15 00:06 - 2019-02-16 02:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-15 00:06 - 2019-02-16 02:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-15 00:06 - 2019-02-16 02:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-15 00:06 - 2019-02-16 02:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-15 00:06 - 2019-02-16 02:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-15 00:06 - 2019-02-16 02:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-15 00:06 - 2019-02-16 02:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-15 00:06 - 2019-02-16 02:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-15 00:06 - 2019-02-16 02:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-15 00:06 - 2019-02-16 02:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-15 00:06 - 2019-02-16 02:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-15 00:06 - 2019-02-16 02:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-15 00:06 - 2019-02-16 02:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-15 00:06 - 2019-02-16 02:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-15 00:06 - 2019-02-16 02:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-15 00:06 - 2019-02-16 02:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-15 00:06 - 2019-02-16 02:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-15 00:06 - 2019-02-16 02:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-15 00:06 - 2019-02-16 02:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-15 00:06 - 2019-02-16 02:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-15 00:06 - 2019-02-16 02:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-15 00:06 - 2019-02-16 02:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-15 00:06 - 2019-02-16 02:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-15 00:06 - 2019-02-16 01:07 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-03-15 00:06 - 2019-02-16 01:07 - 000806320 _____ C:\WINDOWS\system32\locale.nls

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-13 13:19 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-13 13:16 - 2017-01-30 11:41 - 000000000 ____D C:\Users\Krysthel\AppData\Roaming\WhatsApp
2019-04-13 11:44 - 2018-02-12 11:25 - 000000164 _____ C:\Users\Krysthel\AppData\Roaming\sp_data.sys
2019-04-13 11:42 - 2018-06-26 15:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-12 16:33 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-12 16:26 - 2018-06-26 16:21 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-04-12 16:25 - 2018-06-27 08:20 - 000000000 ____D C:\Users\Krysthel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
2019-04-12 16:21 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-12 16:20 - 2018-06-27 08:03 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2019-04-12 16:20 - 2017-06-03 19:39 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-04-12 16:20 - 2015-11-02 16:09 - 000000000 __SHD C:\Users\Krysthel\IntelGraphicsProfiles
2019-04-12 16:17 - 2018-06-26 15:28 - 000519704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-12 16:16 - 2018-06-26 16:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-12 16:15 - 2018-04-11 16:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-04-12 16:12 - 2018-04-11 18:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-12 16:12 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-12 16:12 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-12 15:00 - 2018-06-28 09:34 - 000000000 ____D C:\Users\Krysthel\AppData\Local\D3DSCache
2019-04-12 14:54 - 2015-11-02 14:16 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-12 14:29 - 2016-12-29 17:36 - 000000000 ____D C:\Users\Krysthel\AppData\Local\Tibia
2019-04-12 14:09 - 2016-02-17 21:50 - 000000000 ____D C:\OPUSCMS
2019-04-12 13:43 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-12 13:22 - 2018-06-26 16:21 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-04-12 13:22 - 2017-03-04 15:19 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-04-12 13:22 - 2017-03-04 15:19 - 000000000 ____D C:\Program Files\CCleaner
2019-04-12 13:05 - 2016-04-17 18:13 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-12 12:42 - 2018-04-11 16:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-04-09 20:13 - 2016-04-17 17:37 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-09 20:13 - 2016-04-17 17:37 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-09 14:41 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-09 14:01 - 2016-04-17 19:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-09 13:46 - 2016-04-17 19:21 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-09 13:07 - 2018-06-26 15:55 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-04-09 13:07 - 2018-04-12 11:18 - 000789180 _____ C:\WINDOWS\system32\perfh00A.dat
2019-04-09 13:07 - 2018-04-12 11:18 - 000155760 _____ C:\WINDOWS\system32\perfc00A.dat
2019-04-09 09:52 - 2017-10-27 15:56 - 000000000 ____D C:\Users\Krysthel\AppData\Local\Spotify
2019-04-09 09:52 - 2017-10-27 15:47 - 000000000 ____D C:\Users\Krysthel\AppData\Roaming\Spotify
2019-04-08 15:07 - 2017-10-01 13:33 - 000000000 ____D C:\AdwCleaner
2019-04-08 14:12 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-04-08 13:44 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-04-05 15:51 - 2018-05-30 11:27 - 000000282 __RSH C:\ProgramData\ntuser.pol
2019-04-05 13:49 - 2019-01-21 23:43 - 000000000 ____D C:\Program Files\rempl
2019-04-05 13:22 - 2015-08-15 03:51 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-04-04 13:38 - 2018-07-17 17:16 - 000000000 ____D C:\WINDOWS\Minidump
2019-04-04 11:26 - 2018-06-26 16:21 - 000003386 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3341360882-1119944086-3876861630-1001
2019-04-04 11:26 - 2018-06-26 15:36 - 000002412 _____ C:\Users\Krysthel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-04-04 11:26 - 2015-11-02 16:13 - 000000000 ___RD C:\Users\Krysthel\OneDrive
2019-04-03 21:17 - 2016-04-17 16:59 - 000000000 ____D C:\ProgramData\ASUS
2019-04-03 21:14 - 2018-05-17 16:50 - 000000000 ____D C:\Users\Krysthel\Desktop\usb respaldo
2019-04-03 17:23 - 2019-02-15 15:07 - 000000000 ____D C:\Temp
2019-04-03 16:17 - 2019-01-31 15:05 - 000000000 ____D C:\Users\Krysthel\Desktop\sd ma
2019-04-03 16:07 - 2015-11-02 14:14 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-04-03 15:59 - 2017-12-05 13:12 - 000000000 ____D C:\Users\Krysthel\AppData\Local\Packages
2019-04-03 15:42 - 2016-07-07 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2019-04-03 15:42 - 2016-07-07 11:43 - 000000000 ____D C:\Program Files (x86)\HP
2019-04-03 15:04 - 2016-07-07 11:43 - 000000000 ____D C:\Program Files\HP
2019-04-03 14:22 - 2018-04-11 18:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-29 15:10 - 2015-08-15 03:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2019-03-29 14:57 - 2016-04-17 16:13 - 000000000 ____D C:\Program Files (x86)\ASUS
2019-03-28 14:05 - 2018-06-26 16:21 - 000003554 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-28 14:05 - 2018-06-26 16:21 - 000003430 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-27 15:29 - 2018-09-12 15:35 - 000000000 ____D C:\Users\Krysthel\Documents\Archivos de Outlook
2019-03-27 15:15 - 2015-07-10 06:04 - 000000234 _____ C:\WINDOWS\win.ini
2019-03-27 15:11 - 2016-07-07 10:55 - 000000000 ____D C:\ProgramData\HP
2019-03-26 20:21 - 2018-06-26 15:36 - 000000000 ____D C:\Users\Krysthel
2019-03-26 15:40 - 2017-09-25 16:56 - 000000000 ____D C:\Users\Krysthel\Documents\Trabajo
2019-03-25 19:23 - 2017-11-01 16:23 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2019-03-25 16:39 - 2017-01-30 11:40 - 000000000 ____D C:\Users\Krysthel\AppData\Local\WhatsApp
2019-03-17 23:44 - 2018-01-08 16:34 - 000000986 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-03-17 23:44 - 2018-01-08 16:34 - 000000982 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-03-17 23:34 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-17 23:34 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-17 23:34 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-17 23:33 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-17 23:33 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-03-17 14:03 - 2016-04-17 18:10 - 000000000 ____D C:\ProgramData\Adobe
2019-03-17 14:00 - 2016-04-17 17:00 - 000000000 ____D C:\Users\Krysthel\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2018-02-12 11:25 - 2019-04-13 11:44 - 000000164 _____ () C:\Users\Krysthel\AppData\Roaming\sp_data.sys
2017-05-17 15:24 - 2017-05-17 15:24 - 000000017 _____ () C:\Users\Krysthel\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-26 15:28

==================== End of FRST.txt ============================

segundo reporte (1/2)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Krysthel (13-04-2019 13:27:48)
Running from C:\Users\Krysthel\Desktop
Windows 10 Home Single Language Version 1803 17134.706 (X64) (2018-06-26 21:24:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3341360882-1119944086-3876861630-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3341360882-1119944086-3876861630-1002 - Limited - Enabled)
DefaultAccount (S-1-5-21-3341360882-1119944086-3876861630-503 - Limited - Disabled)
Invitado (S-1-5-21-3341360882-1119944086-3876861630-501 - Limited - Disabled)
Krysthel (S-1-5-21-3341360882-1119944086-3876861630-1001 - Administrator - Enabled) => C:\Users\Krysthel
WDAGUtilityAccount (S-1-5-21-3341360882-1119944086-3876861630-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: VirusScan de McAfee  (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: VirusScan de McAfee  (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510af_Help (HKLM-x32\...\{C175D5B0-ED04-42C9-B23F-D8BD406173E7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510af (HKLM-x32\...\{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (HKLM-x32\...\{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
ADB-Helper version 12.10.24.1137 (HKLM-x32\...\{E7285FBC-E0F7-41C6-A073-51585A42826A}_is1) (Version: 12.10.24.1137 - MartinRo)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Age of Empires II The Conquerors versión 2.2 (HKLM-x32\...\{719E2D9C-1D17-4A9A-B3FD-F56B9525254F}_is1) (Version: 2.2 - MasterEGA, Inc.)
Aplicaciones destacadas de Autodesk 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Apple Application Support (64 bits) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.5 - ASUS)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.7.17 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.11.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.85 - ICEpower a/s)
AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (HKLM-x32\...\{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CivilCAD Demo para AutoCAD 2015 64 Bits (HKLM-x32\...\CivilCAD Demo para AutoCAD 2015 64 Bits) (Version: 1.0.0.0 - Arqcom)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.52 - Conexant)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (HKLM-x32\...\{CFA33E6D-2D7D-4785-8025-974398E940D1}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 70.4.93 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Epic Games Launcher (HKLM-x32\...\{688B6799-8427-42C9-8C6A-ABFADCE86EBC}) (Version: 1.1.195.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
F4200 (HKLM-x32\...\{C86E1E36-6D30-4834-9C85-5501F31F7BB4}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Herramienta de descarga USB/DVD de Windows 7 (HKLM-x32\...\{266F443F-A296-406F-9EE8-DF4A1061C6CE}) (Version: 1.0.30 - Microsoft Corporation)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{8C925017-72A8-4C4A-AF21-84901E26638F}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510a-f 14.0 Rel. 6 (HKLM\...\{A49C5804-8F24-433C-99B2-9F9F541090C7}) (Version: 14.0 - HP)
HP Officejet 7610 series Software básico del dispositivo (HKLM\...\{BDDC0D36-1043-4D9D-BACE-0ED3318C8776}) (Version: 29.1.971.39251 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Software básico del dispositivo (HKLM\...\{4E9D2ABE-E8FC-4901-B29D-178E21589E1A}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPLJUT (HKLM-x32\...\{229D6185-BD7E-494B-A73B-C5215BE0690E}) (Version: 1.00.0012 - HP) Hidden
hppcp1025LaserJetService (HKLM-x32\...\{F31BF057-0D5E-485E-ADFD-560314A27912}) (Version: 1.00.0000 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
hppLaserJetService (HKLM-x32\...\{5093AE98-D510-4BEB-BAC1-7FC8ECE35B98}) (Version: 007.015.00635 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{8A9945B1-E6C9-4C03-BFEE-A00471EF2652}) (Version: 12.3.7.0 - HP)
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.150 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4256 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation)
Internet Telcel (HKLM-x32\...\Internet Telcel_is1) (Version:  - TCT Mobile Limited)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.1.1 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 1.0 - LG Electronics)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R18 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Spanish Language Pack (HKLM-x32\...\{83169D43-4660-4347-BC95-E9D6E6BE65CE}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPRO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual FoxPro OLE DB Provider (HKLM-x32\...\{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}) (Version: 1.0.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OPUS 2010 (HKLM-x32\...\{02DB3FFA-DE43-452F-A7EC-FC762D89E279}) (Version: 00.00.00.00 - Ecosoft) Hidden
OPUS 2010 (HKLM-x32\...\{9C7A76CF-44EC-442E-911A-1BB9AAAF3C40}) (Version: 00.00.00.00 - Ecosoft) Hidden
OPUS 2010 (HKLM-x32\...\{B53D29B2-27EE-40FE-806D-58EBB412D4F1}) (Version: 00.00.000 - )
Paquete de controladores de Windows - ASUS (AsusTP) Mouse  (08/19/2016 1.0.0.296) (HKLM\...\DD02B9738194AB33D2FCD12B99AD17964A2F5242) (Version: 08/19/2016 1.0.0.296 - ASUS)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.871.072015 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0276 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Remote Mouse version 3.002 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.002 - Remote Mouse)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
ScanSnap Manager (HKLM-x32\...\{C3F4BE6A-B798-4B50-99CA-B8B8F17FE56B}) (Version: 6.5.40.4.6 - PFU) Hidden
Sentinel Protection Installer 7.6.6 (HKLM-x32\...\{8C2218AC-D1B1-4530-9E67-15164E0E52AB}) (Version: 7.6.6 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPRO_{DC528101-617D-4E9F-B131-F8F8C52E649B}) (Version:  - Microsoft)
SetupVectorDraw (HKLM-x32\...\{2A379ED0-462B-46E9-866D-0AEC5856906F}) (Version: 1.0.0 - Nombre predeterminado de la compañía)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Spotify) (Version: 1.0.99.250.g936eab8d - Spotify AB)
Spotify (HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Spotify) (Version: 1.0.99.250.g936eab8d - Spotify AB)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.93 - CipSoft GmbH)
Tibia (HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Tibia) (Version:  - CipSoft GmbH)
Tibia (HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Tibia) (Version:  - CipSoft GmbH)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VectorDraw Lite File Converter (HKLM-x32\...\{46AFEF94-16E8-4D00-B0FA-DD7A8AEBEFDC}) (Version: 3.0 - VectorDraw)
VS2010MergeModule (HKLM-x32\...\{16B1B5E5-78F7-4F6F-BF4B-3AD51E4AEA92}) (Version: 1.00.0000 - Your Company Name) Hidden
VS2013MergeModule (HKLM-x32\...\{D6B1F9B7-B880-47F0-9C83-68278998CBD5}) (Version: 1.00.0000 - Your Company Name) Hidden
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.4.0.608 - ASUS Cloud Corporation)
WhatsApp (HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\WhatsApp) (Version: 0.3.2386 - WhatsApp)
WhatsApp (HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\WhatsApp) (Version: 0.3.2386 - WhatsApp)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.16 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4947 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Krysthel\Dropbox [2018-01-08 16:59]
CustomCLSID: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3341360882-1119944086-3876861630-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Krysthel\Dropbox [2018-01-08 16:59]
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     !AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.4.0.608\ASUSWSShellExt64.dll [2017-04-20] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [     !AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.4.0.608\ASUSWSShellExt64.dll [2017-04-20] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [     !AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.4.0.608\ASUSWSShellExt64.dll [2017-04-20] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2015-02-05] (Autodesk, Inc -> Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2015-02-05] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} =>  -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2019-02-15] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Program Files (x86)\Common Files\AWS\2.4.0.608\ASUSWSContextMenu.dll [2018-06-05] (ASUS Cloud Corporation -> ASUS Cloud Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2019-02-15] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02A8F455-FBCA-43A7-BE49-D4F13F091823} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {035E5BE6-76FF-4AE4-AD97-E48F0283549E} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {076A44BA-4F5E-4214-A2FB-7E84ADB39B10} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {0B00695B-1261-4D76-BF34-41D4197DAA30} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe (Dropbox, Inc -> )
Task: {11A117C5-13BE-4BFF-8407-522EC8156A68} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc. -> ASUS)
Task: {1E7D76B3-3C26-467C-9CC7-E28BD2B51FF4} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe (Hewlett-Packard Company -> Hewlett Packard)
Task: {30F67069-681F-4D1F-A21D-0654101F52BD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {357A4DC0-EDD8-4FB8-9C45-AC3D67803514} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {36CD4FEA-8F3D-44BA-9263-CE33D7DA42B1} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {466C2752-C3FD-4072-953E-77D5CC2E72C5} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {4A71FA97-F3CE-49BD-A190-B79E921FE4AD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {4E48D3E4-B7F1-49FF-BF05-7E42472E6BE1} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {5121BAD9-E656-448A-BA43-418D7CCA9135} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {5AA3DCCD-E6D1-48F9-B718-AEF15B1C02EC} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {63A3D918-5F7F-4AEB-A6DB-1ABFB2C2B77C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {66992CBA-6C78-4381-94D3-BDDA90A960F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {6EE7EAF5-F64E-4ED1-B54D-39A8A870C836} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {A2E10AF2-7668-4CE0-9133-70CC19E4D60E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {D3CB36F1-DB9C-4645-9D3C-11F81ECC179C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {D4C14A30-8E3D-4B96-8CE9-10A86561C401} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {D9F6D0D2-2C48-4AEF-9DC0-522336E471EE} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe (ASUSTeK Computer Inc. -> AsusTek)
Task: {DCBBE169-9C03-4A74-B6A3-687DAB934CE9} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.207\DADUpdater.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {EB035997-4BFE-4CC3-8BED-79A227E83E32} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {EF5AE5FC-FF15-45B1-A1DD-286973A37227} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {F7DCA37F-F514-411C-AEAB-A0D3D89E4344} - System32\Tasks\Google Chrome32 => C:\backupsys\window3.vbs () [File not signed] <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Krysthel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\13c0b30ab866affd\SpiderMan 2 Free Games.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aeckkagoklkjfgglnhmgeecfiobmkjab

==================== Loaded Modules (Whitelisted) ==============

2009-09-16 19:45 - 2009-09-16 19:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 19:45 - 2009-09-16 19:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\HPTcpMUI.dll
2009-09-16 12:44 - 2009-09-16 12:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hpzjrd01.dll
2009-09-16 19:44 - 2009-09-16 19:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hptcpmib.dll
2016-09-08 10:27 - 2015-03-11 21:43 - 000022528 _____ () [File not signed] C:\WINDOWS\System32\us00alm.dll
2017-11-01 16:22 - 2012-11-27 21:18 - 000065024 _____ (Marvell Semiconductor, Inc.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\HPCP1020PP.DLL
2016-06-13 10:19 - 2013-12-27 04:33 - 000041984 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\ssj2mpc.dll
2016-09-08 10:28 - 2015-08-19 20:14 - 000043520 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\us00apc.dll
2015-06-12 17:16 - 2015-06-12 17:16 - 000313488 _____ (ASUSTeK Computer Inc. -> ASUS) [File not signed] C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe
2018-06-09 11:06 - 2015-06-09 15:22 - 000574464 _____ () [File not signed] C:\Program Files (x86)\Internet Telcel\ApplicationController.exe
2013-01-09 02:03 - 2013-01-09 02:03 - 000376832 _____ (SafeNet, Inc.) [File not signed] C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
2017-04-20 22:06 - 2017-04-20 22:06 - 001504768 _____ (ASUS Cloud Corporation.) [File not signed] C:\Program Files (x86)\Common Files\AWS\2.4.0.608\ASUSWSShellExt64.dll
2019-04-12 14:52 - 2019-04-12 14:52 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll
2019-04-12 14:52 - 2019-04-12 14:52 - 098275328 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2019-04-12 14:52 - 2019-04-12 14:52 - 003922432 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2019-04-12 14:52 - 2019-04-12 14:52 - 000092672 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2019-04-13 12:03 - 2019-04-13 12:03 - 000497152 _____ () [File not signed] \\?\C:\Users\Krysthel\AppData\Local\Temp\cbe0cce6-0a26-4a18-b0ce-6e1c4eff0e64.tmp.node
2019-04-13 12:03 - 2019-04-13 12:03 - 000497152 _____ () [File not signed] \\?\C:\Users\Krysthel\AppData\Local\Temp\dba22587-b6bd-4163-a708-fbd1cbdd1497.tmp.node
2018-06-09 11:06 - 2014-11-13 16:52 - 000011362 _____ () [File not signed] C:\Program Files (x86)\Internet Telcel\mingwm10.dll
2018-06-09 11:06 - 2014-11-13 16:52 - 000043008 _____ () [File not signed] C:\Program Files (x86)\Internet Telcel\libgcc_s_dw2-1.dll
2018-06-09 11:06 - 2014-11-13 16:51 - 002537472 _____ () [File not signed] C:\Program Files (x86)\Internet Telcel\QtCore4.dll
2018-06-09 11:06 - 2015-06-09 15:19 - 001054208 _____ () [File not signed] C:\Program Files (x86)\Internet Telcel\Common.dll
2018-06-09 11:06 - 2014-11-13 16:51 - 009814016 _____ () [File not signed] C:\Program Files (x86)\Internet Telcel\QtGui4.dll
2018-06-09 11:06 - 2014-11-13 16:51 - 001140224 _____ () [File not signed] C:\Program Files (x86)\Internet Telcel\QtNetwork4.dll
2013-01-09 02:03 - 2013-01-09 02:03 - 000221184 _____ (SafeNet, Inc.) [File not signed] C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\MD5CHAP.dll
2019-04-03 14:17 - 2019-04-03 15:01 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-04-03 14:17 - 2019-04-03 15:01 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-04-03 14:17 - 2019-04-03 15:01 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-04-03 14:17 - 2019-04-03 15:01 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-04-03 14:17 - 2019-04-03 15:01 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-04-03 14:17 - 2019-04-03 15:01 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-04-03 14:17 - 2019-04-03 15:01 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-04-03 14:17 - 2019-04-03 15:01 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-04-03 14:17 - 2019-04-03 15:01 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-04-03 15:01 - 2019-04-03 15:01 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-04-03 15:01 - 2019-04-03 15:01 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-04-03 14:17 - 2019-04-03 15:01 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-04-03 15:01 - 2019-04-03 15:01 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-04-03 15:01 - 2019-04-03 15:01 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-04-03 15:01 - 2019-04-03 15:01 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-04-03 15:01 - 2019-04-03 15:01 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-04-03 15:01 - 2019-04-03 15:01 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-04-03 15:01 - 2019-04-03 15:01 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-04-03 15:01 - 2019-04-03 15:01 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-04-03 14:17 - 2019-04-03 15:01 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2015-06-09 23:25 - 2015-06-09 23:25 - 000164864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll
2015-06-09 23:25 - 2015-06-09 23:25 - 000124928 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-10-20 12:19 - 2015-04-02 10:46 - 001121280 _____ (Conexant Systems, Inc.) [File not signed] C:\Program Files\Conexant\SAII\CxHDAudioAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:A1EDB939 [114]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\Software\Classes\.scr: AutoCADScriptFile => 

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 08:46 - 2015-07-10 06:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\TXE Components\DAL\;C:\Program Files (x86)\Intel\TXE Components\DAL\;C:\Program Files\Intel\TXE Components\IPT\;C:\Program Files (x86)\Intel\TXE Components\IPT\;%SYSTEMROOT%\System32\OpenSSH\;C:\CivilCAD Demo para AutoCAD 2015 64 Bits
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444383\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444547\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Krysthel\Pictures\wallpapers\road_field_horizon_mountains_clouds_sky_7843x4462.jpg
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\Control Panel\Desktop\\Wallpaper -> C:\Users\Krysthel\Pictures\wallpapers\road_field_horizon_mountains_clouds_sky_7843x4462.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "avast! SecureLine.lnk"
HKLM\...\StartupApproved\StartupFolder: => "ScanSnap Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "Autodesk Sync"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "ScanSnap OnlineUpdate Watcher"
HKLM\...\StartupApproved\Run32: => "ScanSnap WIA Service Checker"
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\StartupApproved\StartupFolder: => "FacebookGamesNotifier.exe.lnk"
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\StartupApproved\StartupFolder: => "FacebookGamesNotifier.exe.lnk"
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B5A95178-FA6D-48FB-9FE9-F3941F2F07F9}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{F91AFA89-6E4A-4354-B412-477355953958}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [UDP Query User{AD493835-8AB1-46D2-A0C8-0ADC84AF6845}C:\users\krysthel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\krysthel\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{34263735-9426-4623-B35F-E0B472F7A711}C:\users\krysthel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\krysthel\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CBEA552B-8A1C-4F6A-9288-16D339798460}] => (Allow) C:\Program Files\HP\HP Officejet 7610 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{7B2032CF-262F-4646-A026-3E816AEB4B3D}] => (Allow) C:\Program Files\HP\HP Officejet 7610 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{87D88A38-1633-49D3-B858-8443A19FDC93}] => (Allow) C:\Program Files\HP\HP Officejet 7610 series\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{D3AF2DC7-FF60-406E-8DAA-FE8D9BA9AD36}] => (Allow) C:\Program Files\HP\HP Officejet 7610 series\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{BFF00321-ADA6-4838-AE16-C50EC5ACBA4C}] => (Allow) C:\Program Files\HP\HP Officejet 7610 series\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [UDP Query User{D5EB28C8-48B4-4360-8F28-9114DA029F30}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{7D25957E-FB39-4926-B9A8-ED6C372B5C45}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{5AFF18CE-A549-424A-B5E6-61BF1678B455}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe] => (Allow) C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{BA9B32DC-299B-40F0-899A-7F806A9C19EA}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe] => (Allow) C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{1431EE72-8986-40D0-9C17-0E3C5BD6303B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{F86F385F-C5BB-4AC6-8FB3-EF862E3A673B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{F115E549-4D5D-4041-9DE9-8EFB3DEEAD89}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{48634B5D-06C2-4C91-9E2E-060477583BC6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C0359928-1E40-49B8-A246-2716C91F0D3C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [UDP Query User{35B29E10-9866-4DE2-A9B5-79720C3AF6EB}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe] => (Block) C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{4A41837C-FC3A-4DD0-AB60-6144D38553DF}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe] => (Block) C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{B496A3CC-C16B-459B-90DF-508280F2EBB2}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E454EB0E-96F0-4DE5-9821-0AD37682CACB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A078D09D-7623-4D27-884D-FC13A1F6C615}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FC4BD7CB-E479-4501-8782-5BA2D8F86ECF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FC2189D0-0175-4E37-AD10-1F4041BF06F6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5B4DD2CD-0B81-4FD9-BF90-06622BC68092}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc. -> SafeNet, Inc)
FirewallRules: [{D749067B-3F31-444F-B6F4-93656765D9C8}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc. -> SafeNet, Inc)
FirewallRules: [{1CD6140E-1B4F-463B-9C4F-0D84E021A1EA}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) [File not signed]
FirewallRules: [{3F787E82-B37A-40E6-B4E7-7CE22D3F2B6D}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) [File not signed]
FirewallRules: [{1C56D9FF-BAD4-4D77-9628-0C082CC7FEF6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{5773A55E-7FBE-4C02-95B7-B13790B720FA}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{77128E52-404E-438D-9E22-9AACE64BA767}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{8864A31E-556E-40C2-B080-D7B8A3A649C0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{EB9E7817-59F7-4CD5-9FB8-697EBB20BDD8}] => (Allow) LPort=5357
FirewallRules: [{53D327DF-2CD8-491E-B22C-079CFBBB9B21}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{12EB08E5-67FA-428B-BAD4-E2844E47E8C6}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{ACA412DA-545D-42F3-A13A-CE0E4F485D8A}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{D464A9CA-B6DC-482E-8172-668F95067031}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{FB4945F7-C321-4E7C-A0F6-9B0976FDA782}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{C458815F-0989-421C-B527-7E66EE2D520F}] => (Allow) LPort=50248
FirewallRules: [{B8417C9F-3703-4D91-87F9-3EBF5175D096}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc. -> SafeNet, Inc)
FirewallRules: [{E1D2C516-AD1B-434E-8050-D5F2EA1BD23A}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc. -> SafeNet, Inc)
FirewallRules: [{252BF391-7757-4C03-81FD-6DE0020075BA}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) [File not signed]
FirewallRules: [{2EE3E327-759D-4B62-A4B9-7478752E3352}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) [File not signed]
FirewallRules: [TCP Query User{C41443B0-6CE3-4198-9F0A-F2C90B4D31EB}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [UDP Query User{AD0112B0-1B1C-483D-83BC-F5663476E9E6}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{317CC916-8DA5-44C9-9017-403D57C91EB3}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{6DC652A6-C7D3-40EE-9310-2FB91E369DB6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{E8413EFD-4584-400E-B10B-7CF5E94525F6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{01F3BAC9-D6ED-4A1C-ADFF-30D0258EAE80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{7E98080E-23BB-4CDA-BC53-9CD5D936FE58}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{AB22ADDE-DBE0-42F7-8D4B-AFA66C30DEF5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{47F98A8D-21DE-4E8A-878F-C8CDED820CDB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{01EF6056-F73C-40CF-BD5B-A5248CB23E3A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett Packard -> Hewlett-Packard)
FirewallRules: [{1587313A-07E9-4AE1-8645-1350BDDD15BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{781C092A-34C7-4E65-BB9D-044F7FEAECBD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{F6227929-7B29-4B86-93EC-FCC883595857}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{85D062F2-88AA-4F9E-8744-848BAA386829}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

03-04-2019 14:46:21 Removed Autodesk Material Library 2013.
09-04-2019 13:43:18 Windows Update
12-04-2019 14:55:27 Se ha instalado DirectX

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2019 11:42:09 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (04/12/2019 04:50:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9578

Error: (04/12/2019 04:50:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9578

Error: (04/12/2019 04:50:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2019 04:50:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7687

Error: (04/12/2019 04:50:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7687

Error: (04/12/2019 04:50:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2019 04:50:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5828


SEGUNDO REPORTE (2/2)


System errors:
=============
Error: (04/12/2019 04:38:57 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-UBPUT75)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 y APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 al usuario DESKTOP-UBPUT75\Krysthel con SID (S-1-5-21-3341360882-1119944086-3876861630-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/12/2019 04:38:19 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-UBPUT75)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 y APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 al usuario DESKTOP-UBPUT75\Krysthel con SID (S-1-5-21-3341360882-1119944086-3876861630-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/12/2019 04:34:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-UBPUT75)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-UBPUT75\Krysthel con SID (S-1-5-21-3341360882-1119944086-3876861630-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/12/2019 04:32:17 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-UBPUT75)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-UBPUT75\Krysthel con SID (S-1-5-21-3341360882-1119944086-3876861630-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/12/2019 04:28:11 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: El servidor {B91D5831-B1BD-4608-8198-D72E155020F7} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (04/12/2019 04:26:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-UBPUT75)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-UBPUT75\Krysthel con SID (S-1-5-21-3341360882-1119944086-3876861630-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/12/2019 04:25:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (04/12/2019 04:24:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Centro de seguridad no respondió después de iniciar.


CodeIntegrity:
===================================

Date: 2019-04-12 15:18:18.709
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-12 15:17:52.542
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-12 15:17:51.564
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-12 15:17:50.396
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-12 15:17:42.402
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-12 15:17:42.374
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-12 15:17:25.407
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-12 15:17:22.929
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU N3700 @ 1.60GHz
Percentage of memory in use: 78%
Total physical RAM: 4002.51 MB
Available physical RAM: 872.04 MB
Total Virtual: 7458.51 MB
Available Virtual: 2364.6 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:50.08 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:436.02 GB) NTFS

\\?\Volume{0e7bdf28-56c0-4fa6-a851-f5fbf6596b3d}\ () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{20e4ad14-a414-4da0-9ae8-83dd8229634d}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B111180B)

Partition: GPT.

==================== End of Addition.txt ============================

Hola Krysthel

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación inicia tu equipo desde el Modo Seguro de Windows sin función de red

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc -> Autodesk, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444383\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444547\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Run: [Adobe Flash PlayerHTML5] => C:\backupsys\window3.vbs [91 2018-11-14] () [File not signed]
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Run: [Google Chrome64bits] => C:\backupsys\window4.vbs [90 2018-11-14] () [File not signed]
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35183504 2019-04-12] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [Adobe Flash PlayerHTML5] => C:\backupsys\window3.vbs [91 2018-11-14] () [File not signed]
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [Google Chrome64bits] => C:\backupsys\window4.vbs [90 2018-11-14] () [File not signed]
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35183504 2019-04-12] (Epic Games Inc. -> Epic Games, Inc.)
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
ShortcutTarget: Servidor de OPUS.lnk -> C:\OPUSCMS\server\s4server.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=es
CHR Extension: (SpiderMan 2 Free Games) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeckkagoklkjfgglnhmgeecfiobmkjab [2017-09-24]
2019-04-12 16:20 - 2017-06-03 19:39 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
ShellIconOverlayIdentifiers: [     !AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.4.0.608\ASUSWSShellExt64.dll [2017-04-20] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [     !AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.4.0.608\ASUSWSShellExt64.dll [2017-04-20] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [     !AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.4.0.608\ASUSWSShellExt64.dll [2017-04-20] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {466C2752-C3FD-4072-953E-77D5CC2E72C5} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {4A71FA97-F3CE-49BD-A190-B79E921FE4AD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {5121BAD9-E656-448A-BA43-418D7CCA9135} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {66992CBA-6C78-4381-94D3-BDDA90A960F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F7DCA37F-F514-411C-AEAB-A0D3D89E4344} - System32\Tasks\Google Chrome32 => C:\backupsys\window3.vbs () [File not signed] <==== ATTENTION
ShortcutWithArgument: C:\Users\Krysthel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\13c0b30ab866affd\SpiderMan 2 Free Games.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aeckkagoklkjfgglnhmgeecfiobmkjab
2019-04-12 14:52 - 2019-04-12 14:52 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll
AlternateDataStreams: C:\ProgramData\Temp:A1EDB939 [114]
FirewallRules: [UDP Query User{5AFF18CE-A549-424A-B5E6-61BF1678B455}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe] => (Allow) C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{BA9B32DC-299B-40F0-899A-7F806A9C19EA}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe] => (Allow) C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{35B29E10-9866-4DE2-A9B5-79720C3AF6EB}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe] => (Block) C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{4A41837C-FC3A-4DD0-AB60-6144D38553DF}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe] => (Block) C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{12EB08E5-67FA-428B-BAD4-E2844E47E8C6}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{ACA412DA-545D-42F3-A13A-CE0E4F485D8A}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{D464A9CA-B6DC-482E-8172-668F95067031}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{FB4945F7-C321-4E7C-A0F6-9B0976FDA782}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{252BF391-7757-4C03-81FD-6DE0020075BA}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) [File not signed]
FirewallRules: [{2EE3E327-759D-4B62-A4B9-7478752E3352}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) [File not signed]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

Hola Daniela, espero que hayas pasado un lindo fin de semana. A continuación pego el reporte generado:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Krysthel (15-04-2019 13:28:14) Run:1
Running from C:\Users\Krysthel\Desktop
Loaded Profiles: Krysthel (Available Profiles: Krysthel)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc -> Autodesk, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444383\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444547\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Run: [Adobe Flash PlayerHTML5] => C:\backupsys\window3.vbs [91 2018-11-14] () [File not signed]
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Run: [Google Chrome64bits] => C:\backupsys\window4.vbs [90 2018-11-14] () [File not signed]
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35183504 2019-04-12] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [Adobe Flash PlayerHTML5] => C:\backupsys\window3.vbs [91 2018-11-14] () [File not signed]
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [Google Chrome64bits] => C:\backupsys\window4.vbs [90 2018-11-14] () [File not signed]
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35183504 2019-04-12] (Epic Games Inc. -> Epic Games, Inc.)
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
ShortcutTarget: Servidor de OPUS.lnk -> C:\OPUSCMS\server\s4server.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=es
CHR Extension: (SpiderMan 2 Free Games) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeckkagoklkjfgglnhmgeecfiobmkjab [2017-09-24]
2019-04-12 16:20 - 2017-06-03 19:39 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
ShellIconOverlayIdentifiers: [     !AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.4.0.608\ASUSWSShellExt64.dll [2017-04-20] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [     !AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.4.0.608\ASUSWSShellExt64.dll [2017-04-20] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [     !AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.4.0.608\ASUSWSShellExt64.dll [2017-04-20] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {466C2752-C3FD-4072-953E-77D5CC2E72C5} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {4A71FA97-F3CE-49BD-A190-B79E921FE4AD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {5121BAD9-E656-448A-BA43-418D7CCA9135} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {66992CBA-6C78-4381-94D3-BDDA90A960F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F7DCA37F-F514-411C-AEAB-A0D3D89E4344} - System32\Tasks\Google Chrome32 => C:\backupsys\window3.vbs () [File not signed] <==== ATTENTION
ShortcutWithArgument: C:\Users\Krysthel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\13c0b30ab866affd\SpiderMan 2 Free Games.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aeckkagoklkjfgglnhmgeecfiobmkjab
2019-04-12 14:52 - 2019-04-12 14:52 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll
AlternateDataStreams: C:\ProgramData\Temp:A1EDB939 [114]
FirewallRules: [UDP Query User{5AFF18CE-A549-424A-B5E6-61BF1678B455}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe] => (Allow) C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{BA9B32DC-299B-40F0-899A-7F806A9C19EA}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe] => (Allow) C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{35B29E10-9866-4DE2-A9B5-79720C3AF6EB}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe] => (Block) C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{4A41837C-FC3A-4DD0-AB60-6144D38553DF}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe] => (Block) C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{12EB08E5-67FA-428B-BAD4-E2844E47E8C6}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{ACA412DA-545D-42F3-A13A-CE0E4F485D8A}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{D464A9CA-B6DC-482E-8172-668F95067031}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{FB4945F7-C321-4E7C-A0F6-9B0976FDA782}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{252BF391-7757-4C03-81FD-6DE0020075BA}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) [File not signed]
FirewallRules: [{2EE3E327-759D-4B62-A4B9-7478752E3352}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) [File not signed]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Autodesk Sync" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Dropbox" => removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444383\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) => Error: No automatic fix found for this entry.
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444547\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Flash PlayerHTML5" => removed successfully
"HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Chrome64bits" => removed successfully
"HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Smart Cleaning" => removed successfully
"HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EpicGamesLauncher" => removed successfully
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [Adobe Flash PlayerHTML5] => C:\backupsys\window3.vbs [91 2018-11-14] () [File not signed] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [Google Chrome64bits] => C:\backupsys\window4.vbs [90 2018-11-14] () [File not signed] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd) => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3341360882-1119944086-3876861630-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04132019114444770\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35183504 2019-04-12] (Epic Games Inc. -> Epic Games, Inc.) => Error: No automatic fix found for this entry.
C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe => moved successfully
"C:\OPUSCMS\server\s4server.exe" => not found
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\Software\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => not found
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
CHR Extension: (SpiderMan 2 Free Games) - C:\Users\Krysthel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeckkagoklkjfgglnhmgeecfiobmkjab [2017-09-24] => Error: No automatic fix found for this entry.
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\     !AsusWSShellExt_B => removed successfully
HKLM\Software\Classes\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7191} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\     !AsusWSShellExt_O => removed successfully
HKLM\Software\Classes\CLSID\{64174815-8D98-4CE6-8646-4C039977D809} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\     !AsusWSShellExt_U => removed successfully
HKLM\Software\Classes\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BtSendToMenuEx => removed successfully
HKLM\Software\Classes\CLSID\{CF24E6B8-F148-4BCB-9108-ADF313966E80} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{466C2752-C3FD-4072-953E-77D5CC2E72C5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{466C2752-C3FD-4072-953E-77D5CC2E72C5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4A71FA97-F3CE-49BD-A190-B79E921FE4AD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A71FA97-F3CE-49BD-A190-B79E921FE4AD}" => removed successfully
C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskMachineCore" => removed successfully
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5121BAD9-E656-448A-BA43-418D7CCA9135}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5121BAD9-E656-448A-BA43-418D7CCA9135}" => removed successfully
C:\WINDOWS\System32\Tasks\ASUS\ASUS Product Register Service => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\ASUS Product Register Service" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66992CBA-6C78-4381-94D3-BDDA90A960F9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66992CBA-6C78-4381-94D3-BDDA90A960F9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7DCA37F-F514-411C-AEAB-A0D3D89E4344}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7DCA37F-F514-411C-AEAB-A0D3D89E4344}" => removed successfully
C:\WINDOWS\System32\Tasks\Google Chrome32 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google Chrome32" => removed successfully
C:\Users\Krysthel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\13c0b30ab866affd\SpiderMan 2 Free Games.lnk => Shortcut argument removed successfully
C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll => moved successfully
C:\ProgramData\Temp => ":A1EDB939" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5AFF18CE-A549-424A-B5E6-61BF1678B455}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BA9B32DC-299B-40F0-899A-7F806A9C19EA}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{35B29E10-9866-4DE2-A9B5-79720C3AF6EB}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4A41837C-FC3A-4DD0-AB60-6144D38553DF}C:\program files (x86)\age of empires ii the conquerors\age2_x1.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12EB08E5-67FA-428B-BAD4-E2844E47E8C6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ACA412DA-545D-42F3-A13A-CE0E4F485D8A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D464A9CA-B6DC-482E-8172-668F95067031}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB4945F7-C321-4E7C-A0F6-9B0976FDA782}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{252BF391-7757-4C03-81FD-6DE0020075BA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2EE3E327-759D-4B62-A4B9-7478752E3352}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3341360882-1119944086-3876861630-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c

========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 11296768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 120592162 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => 613362 B
Edge => 16384 B
Chrome => 66555834 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 2462481 B
systemprofile32 => 0 B
LocalService => 1822 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Krysthel => 6711691 B

RecycleBin => 0 B
EmptyTemp: => 198.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:30:01 ====

Te comento que los procesos window3 y window4 ya no me aparecen, el s4server continua, pero por lo que ví en el código que me diste que s4server se relaciona con Opus? Es un programa que uso para mi trabajo, entonces ese seguirá ahí, no?

Hola Krysthel

Exacto, mientras tengas el programa seguirá en los procesos :+1:

Sigue estos pasos, para eliminar las herramientas utilizadas:

Para hacerlo utiliza de nuevo/descarga >> DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.

Confirma si sigue todo bien.

Un saludo

Todo bien, podemos cerrar el tema pues quedó solucionado. Muchas gracias Daniela por tu tiempo y apoyo. Que estés bien, saludos :slightly_smiling_face:

Hola @Krysthel_Rivera

Gracias a ti por confiar en ForoSpyware. Ha sido un placer ayudarte :grinning:

Nos alegramos que se te haya resuelto :Bien: Damos el tema por solucionado.

Solucionado

Un saludo