Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

transfering via cmd


  • Please log in to reply
11 replies to this topic

#1 Keflas

Keflas

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 10 January 2018 - 12:33 PM

Hi, I have the same problem and it's driving me crazy. I think this was caused by a cracked programs I installed. I run FRST and these are the reply files:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by javie (administrator) on DESKTOP-RD3TUDP (10-01-2018 17:32:08)
Running from C:\Users\javie\Desktop
Loaded Profiles: javie (Available Profiles: javie)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
() C:\Windows\KMS-R@1n.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\javie\Desktop\frst64english.exe.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-03] (NVIDIA Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [295512 2018-01-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe\,
HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\...\Run: [HP ENVY 5640 series (NET)] => C:\Program Files\HP\HP ENVY 5640 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\...\Run: [Spotify] => C:\Users\javie\AppData\Roaming\Spotify\Spotify.exe [21070224 2017-12-27] (Spotify Ltd)
HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\...\Run: [Spotify Web Helper] => C:\Users\javie\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-27] (Spotify Ltd)
HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049600 2017-09-18] (ASUSTek Computer Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2016-05-09]
ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-10-06]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\javie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-04-21]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 62.81.16.148 62.81.16.213
Tcpip\..\Interfaces\{1ef9e6bb-7580-4527-9f8c-038d152ea742}: [DhcpNameServer] 62.81.16.148 62.81.16.213
Tcpip\..\Interfaces\{a31a4f63-e33d-41f3-8d76-ef35b6a1f3ef}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2554971688-3712468172-2774804493-1001 -> {44453D80-35C4-4F93-8744-C63F78365B92} URL = hxxps://es.search.yahoo.com/search?p={searchTerms}&intl=es&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-2554971688-3712468172-2774804493-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2554971688-3712468172-2774804493-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-12-29] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-04] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-29] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-12-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-17] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-04] (McAfee, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-17] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-29] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-29] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-29] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-29] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-12-29] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-04] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-04] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-01-08]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-29] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-12-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData2
CHR DefaultSearchURL: ChromeDefaultData2 -> hxxps://es.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: ChromeDefaultData2 -> Yahoo
CHR DefaultSuggestURL: ChromeDefaultData2 -> hxxps://es.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\javie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2018-01-10] <==== ATTENTION
CHR Extension: (Presentaciones) - C:\Users\javie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documentos) - C:\Users\javie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\javie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-06]
CHR Extension: (YouTube) - C:\Users\javie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-06]
CHR Extension: (Hojas de cálculo) - C:\Users\javie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\javie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-06]
CHR Extension: (AdBlock) - C:\Users\javie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-19]
CHR Extension: (AVG SafePrice) - C:\Users\javie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-01-09]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\javie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Gmail) - C:\Users\javie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-06]
CHR Extension: (Chrome Media Router) - C:\Users\javie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ibbfklbaljofpaanmpaeadejijfdddco] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3089680 2017-11-12] (Intel Corporation)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Windows ® Win 7 DDK provider)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [301720 2018-01-09] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7589200 2018-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761576 2017-12-25] (Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-11-09] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-18] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdatesvr.exe [133480 2016-03-28] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2017-12-28] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-01-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [118576 2014-11-26] ()
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-09-06] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2017-05-31] (Sony)
S2 0166041515233684mcinstcleanup; C:\WINDOWS\TEMP\016604~1.EXE -cleanup -nolog [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [141304 2015-12-18] (ASUS Corporation)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [177536 2018-01-09] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiska.sys [166624 2018-01-09] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [315152 2018-01-09] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [193096 2018-01-09] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [337408 2018-01-09] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51336 2018-01-09] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39424 2018-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [139112 2018-01-09] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [102792 2018-01-09] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [76832 2018-01-09] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1017624 2018-01-09] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [449848 2018-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [196904 2018-01-09] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [351128 2018-01-09] (AVG Technologies CZ, s.r.o.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-11-09] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-11-09] (Intel Corporation)
R3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [270912 2017-12-28] (DT Soft Ltd)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [22704 2018-01-09] ()
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-11-09] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2018-01-09] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-01-09] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-01-10] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-01-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-09] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-01-10] (Malwarebytes)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
S3 MHIKEY10; C:\WINDOWS\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [428032 2017-02-16] (Realsil Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-06-27] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-10 17:32 - 2018-01-10 17:32 - 000026454 _____ C:\Users\javie\Desktop\FRST.txt
2018-01-10 16:58 - 2018-01-10 16:59 - 002393088 _____ (Farbar) C:\Users\javie\Desktop\frst64english.exe.exe
2018-01-10 13:45 - 2018-01-10 17:32 - 000000000 ____D C:\FRST
2018-01-10 12:28 - 2018-01-10 12:28 - 000000000 ___HD C:\$AV_AVG
2018-01-09 20:49 - 2018-01-09 21:04 - 000003656 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-01-09 20:06 - 2018-01-09 20:06 - 000000000 ____D C:\Users\javie\AppData\Roaming\AVG
2018-01-09 20:05 - 2018-01-09 20:05 - 000004008 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2018-01-09 20:05 - 2018-01-09 20:05 - 000002131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2018-01-09 20:05 - 2018-01-09 20:05 - 000002119 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2018-01-09 19:53 - 2018-01-09 19:52 - 000449848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2018-01-09 19:53 - 2018-01-09 19:52 - 000351128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2018-01-09 19:53 - 2018-01-09 19:52 - 000196904 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2018-01-09 19:53 - 2018-01-09 19:52 - 000177536 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2018-01-09 19:53 - 2018-01-09 19:52 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2018-01-09 19:53 - 2018-01-09 19:52 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2018-01-09 19:53 - 2018-01-09 19:52 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2018-01-09 19:53 - 2018-01-09 19:52 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2018-01-09 19:53 - 2018-01-09 19:51 - 001017624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2018-01-09 19:53 - 2018-01-09 19:51 - 000337408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2018-01-09 19:53 - 2018-01-09 19:51 - 000315152 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2018-01-09 19:53 - 2018-01-09 19:51 - 000193096 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2018-01-09 19:53 - 2018-01-09 19:51 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2018-01-09 19:53 - 2018-01-09 19:51 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2018-01-09 19:52 - 2018-01-09 19:52 - 000366800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2018-01-09 19:38 - 2018-01-09 19:49 - 000000000 ____D C:\Program Files (x86)\AVG
2018-01-09 19:38 - 2018-01-09 19:38 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2018-01-09 19:37 - 2018-01-09 20:06 - 000000000 ____D C:\Users\javie\AppData\Local\Avg
2018-01-09 19:37 - 2018-01-09 19:48 - 000000000 ____D C:\Users\javie\AppData\Local\AvgSetupLog
2018-01-09 19:33 - 2018-01-09 19:33 - 000000000 ____D C:\Users\javie\Documents\Simply Super Software
2018-01-09 19:32 - 2018-01-09 23:50 - 000000000 ____D C:\ProgramData\TEMP
2018-01-09 19:32 - 2006-06-19 12:01 - 000069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztvcabinet.dll
2018-01-09 19:32 - 2006-05-25 14:52 - 000162304 _____ C:\WINDOWS\SysWOW64\ztvunrar36.dll
2018-01-09 19:32 - 2005-08-26 00:50 - 000077312 _____ C:\WINDOWS\SysWOW64\ztvunace26.dll
2018-01-09 19:32 - 2003-02-02 19:06 - 000153088 _____ C:\WINDOWS\SysWOW64\UNRAR3.dll
2018-01-09 19:32 - 2002-03-06 00:00 - 000075264 _____ C:\WINDOWS\SysWOW64\unacev2.dll
2018-01-09 19:03 - 2018-01-09 19:03 - 000000000 ____D C:\Users\javie\Documents\FeedbackHub
2018-01-09 16:38 - 2018-01-09 16:38 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-01-09 15:50 - 2018-01-10 17:16 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-01-09 15:50 - 2018-01-10 17:02 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-01-09 15:50 - 2018-01-10 17:02 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-01-09 15:50 - 2018-01-09 20:41 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-09 15:50 - 2018-01-09 19:14 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-01-09 15:50 - 2018-01-09 19:14 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-09 15:50 - 2018-01-09 15:50 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-09 15:50 - 2018-01-09 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-09 15:50 - 2018-01-09 15:50 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-09 15:30 - 2018-01-09 15:30 - 000000085 _____ C:\WINDOWS\wininit.ini
2018-01-09 14:03 - 2018-01-01 13:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-09 14:03 - 2018-01-01 13:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-09 14:03 - 2018-01-01 13:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-09 14:03 - 2018-01-01 13:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-09 14:03 - 2018-01-01 13:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-09 14:03 - 2018-01-01 13:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-09 14:03 - 2018-01-01 13:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-09 14:03 - 2018-01-01 13:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-09 14:03 - 2018-01-01 12:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-09 14:03 - 2018-01-01 12:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-09 14:03 - 2018-01-01 12:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-09 14:03 - 2018-01-01 12:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-09 14:03 - 2018-01-01 12:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-09 14:03 - 2018-01-01 12:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-09 14:03 - 2018-01-01 12:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-09 14:03 - 2018-01-01 12:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-09 14:03 - 2018-01-01 12:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-09 14:03 - 2018-01-01 12:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-09 14:03 - 2018-01-01 12:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-09 14:03 - 2018-01-01 12:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-09 14:03 - 2018-01-01 12:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-09 14:03 - 2018-01-01 12:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-09 14:03 - 2018-01-01 12:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-09 14:03 - 2018-01-01 12:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-09 14:03 - 2018-01-01 12:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-09 14:03 - 2018-01-01 12:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-09 14:03 - 2018-01-01 12:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-09 14:03 - 2018-01-01 12:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-09 14:03 - 2018-01-01 12:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-09 14:03 - 2018-01-01 12:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-09 14:03 - 2018-01-01 12:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-09 14:03 - 2018-01-01 12:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-09 14:03 - 2018-01-01 12:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-09 14:03 - 2018-01-01 12:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-09 14:02 - 2018-01-01 18:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-09 14:02 - 2018-01-01 13:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-09 14:02 - 2018-01-01 13:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-09 14:02 - 2018-01-01 13:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-09 14:02 - 2018-01-01 13:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-09 14:02 - 2018-01-01 13:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-09 14:02 - 2018-01-01 13:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-09 14:02 - 2018-01-01 13:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-09 14:02 - 2018-01-01 13:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-09 14:02 - 2018-01-01 13:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-09 14:02 - 2018-01-01 13:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-09 14:02 - 2018-01-01 13:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-09 14:02 - 2018-01-01 13:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-09 14:02 - 2018-01-01 13:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-09 14:02 - 2018-01-01 13:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-09 14:02 - 2018-01-01 13:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-09 14:02 - 2018-01-01 13:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-09 14:02 - 2018-01-01 13:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-09 14:02 - 2018-01-01 13:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-09 14:02 - 2018-01-01 13:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-09 14:02 - 2018-01-01 13:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-09 14:02 - 2018-01-01 13:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-09 14:02 - 2018-01-01 13:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-09 14:02 - 2018-01-01 13:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-09 14:02 - 2018-01-01 13:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-09 14:02 - 2018-01-01 13:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-09 14:02 - 2018-01-01 13:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-09 14:02 - 2018-01-01 13:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-09 14:02 - 2018-01-01 13:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-09 14:02 - 2018-01-01 13:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-09 14:02 - 2018-01-01 13:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-09 14:02 - 2018-01-01 13:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-09 14:02 - 2018-01-01 13:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-09 14:02 - 2018-01-01 13:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-09 14:02 - 2018-01-01 13:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-09 14:02 - 2018-01-01 13:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-09 14:02 - 2018-01-01 13:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-09 14:02 - 2018-01-01 13:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-09 14:02 - 2018-01-01 13:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-09 14:02 - 2018-01-01 13:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-09 14:02 - 2018-01-01 13:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-09 14:02 - 2018-01-01 13:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-09 14:02 - 2018-01-01 13:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-09 14:02 - 2018-01-01 13:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-09 14:02 - 2018-01-01 13:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-09 14:02 - 2018-01-01 13:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-09 14:02 - 2018-01-01 13:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-09 14:02 - 2018-01-01 13:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-09 14:02 - 2018-01-01 13:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-09 14:02 - 2018-01-01 13:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-09 14:02 - 2018-01-01 13:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-09 14:02 - 2018-01-01 13:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-09 14:02 - 2018-01-01 13:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-09 14:02 - 2018-01-01 13:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-09 14:02 - 2018-01-01 13:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-09 14:02 - 2018-01-01 13:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-09 14:02 - 2018-01-01 13:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-09 14:02 - 2018-01-01 13:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-09 14:02 - 2018-01-01 13:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-09 14:02 - 2018-01-01 13:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-09 14:02 - 2018-01-01 13:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-09 14:02 - 2018-01-01 13:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-09 14:02 - 2018-01-01 13:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-09 14:02 - 2018-01-01 13:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-09 14:02 - 2018-01-01 13:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-09 14:02 - 2018-01-01 13:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-09 14:02 - 2018-01-01 13:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-09 14:02 - 2018-01-01 13:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-09 14:02 - 2018-01-01 13:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-09 14:02 - 2018-01-01 13:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-09 14:02 - 2018-01-01 13:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-09 14:02 - 2018-01-01 13:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-09 14:02 - 2018-01-01 13:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-09 14:02 - 2018-01-01 13:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-09 14:02 - 2018-01-01 12:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-09 14:02 - 2018-01-01 12:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-09 14:02 - 2018-01-01 12:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-09 14:02 - 2018-01-01 12:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-09 14:02 - 2018-01-01 12:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-09 14:02 - 2018-01-01 12:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-09 14:02 - 2018-01-01 12:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-09 14:02 - 2018-01-01 12:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-09 14:02 - 2018-01-01 12:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-09 14:02 - 2018-01-01 12:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-09 14:02 - 2018-01-01 12:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-09 14:02 - 2018-01-01 12:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-09 14:02 - 2018-01-01 12:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-09 14:02 - 2018-01-01 12:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-09 14:02 - 2018-01-01 12:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-09 14:02 - 2018-01-01 12:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-09 14:02 - 2018-01-01 12:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-09 14:02 - 2018-01-01 12:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-09 14:02 - 2018-01-01 12:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-09 14:02 - 2018-01-01 12:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-09 14:02 - 2018-01-01 12:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-09 14:02 - 2018-01-01 12:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-09 14:02 - 2018-01-01 12:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-09 14:02 - 2018-01-01 12:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-09 14:02 - 2018-01-01 12:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-09 14:02 - 2018-01-01 12:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-09 14:02 - 2018-01-01 12:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-09 14:02 - 2018-01-01 12:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-09 14:02 - 2018-01-01 12:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-09 14:02 - 2018-01-01 12:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-09 14:02 - 2018-01-01 12:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-09 14:02 - 2018-01-01 12:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-09 14:02 - 2018-01-01 12:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-09 14:02 - 2018-01-01 12:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-09 14:02 - 2018-01-01 12:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-09 14:02 - 2018-01-01 12:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-09 14:02 - 2018-01-01 12:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-09 14:02 - 2018-01-01 12:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-09 14:02 - 2018-01-01 12:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-09 14:02 - 2018-01-01 12:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-09 14:02 - 2018-01-01 12:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-09 14:02 - 2018-01-01 12:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-09 14:02 - 2018-01-01 12:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-09 14:02 - 2018-01-01 12:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-09 14:02 - 2018-01-01 12:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-09 14:02 - 2018-01-01 12:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-09 14:02 - 2018-01-01 12:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-09 14:02 - 2018-01-01 12:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-09 14:02 - 2018-01-01 12:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-09 14:02 - 2018-01-01 12:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-09 14:02 - 2018-01-01 12:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-09 14:02 - 2018-01-01 12:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-09 14:02 - 2018-01-01 12:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-09 14:02 - 2018-01-01 12:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-09 14:02 - 2018-01-01 12:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-09 14:02 - 2018-01-01 12:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-09 14:02 - 2018-01-01 12:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-09 14:02 - 2018-01-01 12:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-09 14:02 - 2018-01-01 12:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-09 14:02 - 2018-01-01 12:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-09 14:02 - 2018-01-01 12:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-09 14:02 - 2018-01-01 12:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-09 14:02 - 2018-01-01 12:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-09 14:02 - 2018-01-01 12:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-09 14:02 - 2018-01-01 12:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-09 14:02 - 2018-01-01 12:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-09 14:02 - 2018-01-01 12:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-09 14:02 - 2018-01-01 12:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-09 14:02 - 2018-01-01 12:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-09 14:02 - 2018-01-01 12:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-09 14:02 - 2018-01-01 12:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-09 14:02 - 2018-01-01 12:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-09 14:02 - 2018-01-01 12:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-09 14:02 - 2018-01-01 12:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-09 14:02 - 2018-01-01 12:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-09 14:02 - 2018-01-01 12:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-09 14:02 - 2018-01-01 12:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-09 14:02 - 2018-01-01 12:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-09 14:02 - 2018-01-01 12:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-09 14:02 - 2018-01-01 12:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-09 14:02 - 2018-01-01 12:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-09 14:02 - 2018-01-01 12:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-09 14:02 - 2018-01-01 12:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-09 14:02 - 2018-01-01 12:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-09 14:02 - 2018-01-01 12:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-09 14:02 - 2018-01-01 12:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-09 14:02 - 2018-01-01 12:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-09 14:02 - 2018-01-01 12:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-09 14:02 - 2018-01-01 12:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-09 14:02 - 2018-01-01 12:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-09 14:02 - 2018-01-01 12:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-09 14:02 - 2018-01-01 12:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-09 14:02 - 2018-01-01 12:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-09 14:02 - 2018-01-01 12:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-09 14:02 - 2018-01-01 12:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-09 14:02 - 2018-01-01 12:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-09 14:02 - 2018-01-01 12:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-09 14:02 - 2018-01-01 12:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-09 14:02 - 2018-01-01 12:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-09 14:02 - 2018-01-01 12:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-09 14:02 - 2018-01-01 12:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-09 14:02 - 2018-01-01 12:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-09 14:02 - 2018-01-01 12:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-09 14:02 - 2018-01-01 12:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-09 14:02 - 2018-01-01 12:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-09 14:02 - 2018-01-01 12:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-09 14:02 - 2018-01-01 12:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-09 14:02 - 2018-01-01 12:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-09 14:02 - 2018-01-01 12:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-09 14:02 - 2018-01-01 12:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-09 14:02 - 2018-01-01 12:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-09 14:02 - 2018-01-01 12:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-09 14:02 - 2018-01-01 12:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-09 14:02 - 2018-01-01 12:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-09 14:02 - 2018-01-01 12:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-09 14:02 - 2018-01-01 12:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-09 14:02 - 2018-01-01 12:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-09 14:02 - 2018-01-01 12:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-09 14:02 - 2018-01-01 12:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-09 14:02 - 2018-01-01 12:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-09 14:02 - 2018-01-01 12:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-09 14:02 - 2018-01-01 12:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-09 14:02 - 2018-01-01 12:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-09 14:02 - 2018-01-01 12:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-09 14:02 - 2018-01-01 12:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-09 14:02 - 2018-01-01 12:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-09 14:02 - 2018-01-01 12:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-09 14:02 - 2018-01-01 12:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-09 14:02 - 2018-01-01 12:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-09 14:02 - 2018-01-01 12:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-09 14:02 - 2018-01-01 12:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-09 14:02 - 2018-01-01 12:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-09 14:02 - 2018-01-01 12:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-09 14:02 - 2018-01-01 12:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-09 14:02 - 2018-01-01 12:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-09 14:02 - 2018-01-01 12:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-09 14:02 - 2018-01-01 12:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-09 14:02 - 2018-01-01 12:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-09 14:02 - 2018-01-01 12:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-09 14:02 - 2018-01-01 12:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-09 14:02 - 2018-01-01 12:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-09 14:02 - 2018-01-01 12:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-09 14:02 - 2018-01-01 12:08 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-09 14:02 - 2018-01-01 12:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-09 14:02 - 2018-01-01 12:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-09 14:02 - 2018-01-01 12:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-09 14:02 - 2018-01-01 12:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-09 13:57 - 2018-01-09 15:30 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-01-09 13:57 - 2018-01-09 13:57 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-01-09 13:35 - 2018-01-09 15:59 - 000000000 ____D C:\Users\javie\AppData\Roaming\Enigma Software Group
2018-01-09 13:35 - 2018-01-09 13:35 - 000003442 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2018-01-09 13:35 - 2018-01-09 13:35 - 000000000 ____D C:\sh4ldr
2018-01-09 13:35 - 2018-01-09 13:35 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-01-09 13:34 - 2018-01-09 13:34 - 000022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2018-01-09 13:22 - 2018-01-09 18:44 - 000000000 ____D C:\WINDOWS\Minidump
2018-01-08 19:07 - 2018-01-08 19:07 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-01-08 18:00 - 2018-01-08 18:20 - 000000000 ____D C:\Users\javie\AppData\Local\Lite
2018-01-08 17:59 - 2018-01-10 17:05 - 000003576 _____ C:\WINDOWS\System32\Tasks\aoueVBoxGUoAY
2018-01-08 17:59 - 2018-01-10 16:54 - 000003356 _____ C:\WINDOWS\System32\Tasks\xbwYXbxiEmYE
2018-01-08 17:59 - 2018-01-08 17:59 - 000003742 _____ C:\WINDOWS\System32\Tasks\oRuJJvmeeEyz
2018-01-08 17:59 - 2018-01-08 17:59 - 000000001 _____ C:\Users\javie\AppData\Local\WMI.ini
2018-01-08 17:59 - 2017-09-29 14:42 - 000174592 _____ (Microsoft Corporation) C:\Users\javie\AppData\Local\oygdrkevIvuG.exe
2018-01-08 17:59 - 2017-09-29 14:42 - 000059904 _____ (Microsoft Corporation) C:\Users\javie\AppData\Local\dYaIFadAySYYO.exe
2018-01-08 17:59 - 2017-09-29 14:42 - 000001106 _____ C:\Users\javie\AuaYcO
2018-01-08 17:59 - 2017-09-29 14:42 - 000001060 _____ C:\Users\javie\AppData\Local\yUIuaFhL
2018-01-08 17:59 - 2017-09-29 14:42 - 000000067 _____ C:\Program Files (x86)\oiyuisyEuG
2018-01-08 17:59 - 2017-09-29 14:42 - 000000051 _____ C:\Users\javie\kgVMTONruU
2018-01-04 16:55 - 2018-01-09 12:13 - 000000157 _____ C:\Users\javie\Desktop\dbroteri12x.csv
2018-01-04 16:55 - 2018-01-09 12:13 - 000000124 _____ C:\Users\javie\Desktop\dbroteri6x.csv
2018-01-04 16:55 - 2018-01-09 12:12 - 000000243 _____ C:\Users\javie\Desktop\dbroteri4x.csv
2018-01-04 16:55 - 2018-01-09 12:12 - 000000136 _____ C:\Users\javie\Desktop\dbroteri2x.csv
2018-01-04 16:55 - 2018-01-09 12:11 - 000000600 _____ C:\Users\javie\Desktop\dbroteri.csv
2018-01-04 16:55 - 2018-01-08 11:58 - 000001078 _____ C:\Users\javie\Desktop\dbroterigbif12x.csv
2018-01-04 16:55 - 2018-01-08 11:48 - 000000345 _____ C:\Users\javie\Desktop\dbroterigbif6x.csv
2018-01-04 16:55 - 2018-01-08 11:36 - 000000908 _____ C:\Users\javie\Desktop\dbroterigbif4x.csv
2018-01-04 16:55 - 2018-01-05 10:59 - 000000480 _____ C:\Users\javie\Desktop\dbroterigbif2x.csv
2018-01-04 16:55 - 2018-01-04 16:57 - 000002740 _____ C:\Users\javie\Desktop\dbroterigbif.csv
2018-01-04 16:33 - 2018-01-04 16:33 - 000962243 _____ C:\Users\javie\Downloads\Oaks trees and woodlands providing ecosystem 2012services in Southern Spain.pdf
2017-12-28 13:17 - 2017-12-28 13:17 - 000000000 ____D C:\Users\javie\AppData\Local\mpress
2017-12-28 13:16 - 2017-12-28 13:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\R@1n-KMS
2017-12-28 13:15 - 2017-12-28 13:15 - 000026112 _____ C:\WINDOWS\KMS-R@1n.exe
2017-12-28 13:15 - 2017-12-28 13:15 - 000004096 _____ C:\WINDOWS\KMS-R@1nHook.dll
2017-12-28 12:57 - 2017-12-28 12:57 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 2016.lnk
2017-12-28 12:57 - 2017-12-28 12:57 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio 2016.lnk
2017-12-28 12:52 - 2017-12-28 12:52 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-12-28 12:49 - 2017-12-31 04:00 - 000000000 ____D C:\Users\javie\AppData\Roaming\DAEMON Tools Lite
2017-12-28 12:49 - 2017-12-28 12:50 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-12-28 12:48 - 2017-12-28 12:49 - 000270912 _____ (DT Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2017-12-19 16:57 - 2017-12-19 16:57 - 000002163 _____ C:\Users\javie\Desktop\QGIS Desktop 2.14.21.lnk
2017-12-19 16:56 - 2017-12-19 16:59 - 000000000 ____D C:\Users\javie\Documents\QGIS 2.14
2017-12-19 16:56 - 2017-12-19 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QGIS 2.14
2017-12-19 16:51 - 2017-12-19 16:57 - 000000000 ____D C:\Program Files\QGIS 2.14
2017-12-18 22:19 - 2017-12-22 14:45 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-18 22:19 - 2017-12-22 14:45 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-17 19:33 - 2017-12-17 19:32 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-12-17 19:32 - 2017-12-17 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-12-17 19:32 - 2017-12-17 19:32 - 000000000 ____D C:\Program Files (x86)\Java
2017-12-13 00:00 - 2017-11-26 21:32 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-12-12 23:59 - 2017-12-08 07:52 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-12-12 23:59 - 2017-12-08 00:34 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-12-12 23:59 - 2017-12-08 00:34 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-12-12 23:59 - 2017-12-08 00:28 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-12-12 23:59 - 2017-12-08 00:28 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2017-12-12 23:59 - 2017-12-08 00:27 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-12-12 23:59 - 2017-12-08 00:26 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-12-12 23:59 - 2017-12-08 00:24 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-12-12 23:59 - 2017-12-08 00:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-12-12 23:59 - 2017-12-08 00:24 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-12-12 23:59 - 2017-12-08 00:22 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-12-12 23:59 - 2017-12-08 00:22 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-12-12 23:59 - 2017-12-08 00:22 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-12-12 23:59 - 2017-12-08 00:16 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-12-12 23:59 - 2017-12-08 00:15 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-12-12 23:59 - 2017-12-08 00:12 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-12-12 23:59 - 2017-12-07 23:56 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-12-12 23:59 - 2017-12-07 23:55 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-12-12 23:59 - 2017-12-07 23:55 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-12-12 23:59 - 2017-12-07 23:37 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-12-12 23:59 - 2017-12-07 23:36 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2017-12-12 23:59 - 2017-12-07 23:33 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-12-12 23:59 - 2017-12-07 23:33 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2017-12-12 23:59 - 2017-12-07 23:31 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-12-12 23:59 - 2017-12-07 23:12 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-12 23:59 - 2017-12-07 23:10 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-12 23:59 - 2017-12-07 23:10 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-12 23:59 - 2017-12-07 23:09 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2017-12-12 23:59 - 2017-12-07 23:09 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-12 23:59 - 2017-12-07 23:09 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-12 23:59 - 2017-12-07 23:09 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2017-12-12 23:59 - 2017-12-07 23:08 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-12 23:59 - 2017-12-07 23:08 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-12 23:59 - 2017-12-07 23:07 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2017-12-12 23:59 - 2017-12-07 23:07 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-12 23:59 - 2017-12-07 23:07 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-12 23:59 - 2017-12-07 23:07 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-12-12 23:59 - 2017-12-07 23:06 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-12-12 23:59 - 2017-12-07 23:06 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2017-12-12 23:59 - 2017-12-07 23:06 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-12 23:59 - 2017-12-07 23:05 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-12 23:59 - 2017-12-07 23:05 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-12-12 23:59 - 2017-12-07 23:05 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2017-12-12 23:59 - 2017-12-07 23:05 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-12-12 23:59 - 2017-12-07 23:05 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2017-12-12 23:59 - 2017-12-07 23:05 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-12 23:59 - 2017-12-07 23:05 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-12 23:59 - 2017-12-07 23:05 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2017-12-12 23:59 - 2017-12-07 23:04 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2017-12-12 23:59 - 2017-12-07 23:04 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-12 23:59 - 2017-12-07 23:03 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-12-12 23:59 - 2017-12-07 23:03 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-12-12 23:59 - 2017-12-07 23:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-12-12 23:59 - 2017-12-07 23:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2017-12-12 23:59 - 2017-12-07 23:02 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-12 23:59 - 2017-12-07 23:02 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-12-12 23:59 - 2017-12-07 23:02 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-12-12 23:59 - 2017-12-07 23:02 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2017-12-12 23:59 - 2017-12-07 23:01 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-12 23:59 - 2017-12-07 23:01 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-12-12 23:59 - 2017-12-07 23:01 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2017-12-12 23:59 - 2017-12-07 23:00 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-12-12 23:59 - 2017-12-07 22:59 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-12 23:59 - 2017-12-07 22:59 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-12-12 23:59 - 2017-12-07 22:59 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-12-12 23:59 - 2017-12-07 22:58 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-12 23:59 - 2017-12-07 22:58 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-12-12 23:59 - 2017-12-07 22:58 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-12-12 23:59 - 2017-12-07 22:56 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-12-12 23:59 - 2017-12-07 22:54 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-12-12 23:59 - 2017-11-26 21:35 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-12-12 23:59 - 2017-11-26 21:15 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-12-12 23:59 - 2017-11-26 17:43 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-12-12 23:59 - 2017-11-26 14:45 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2017-12-12 23:59 - 2017-11-26 14:45 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-12-12 23:59 - 2017-11-26 14:45 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-12 23:59 - 2017-11-26 14:41 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-12-12 23:59 - 2017-11-26 14:38 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-12-12 23:59 - 2017-11-26 14:32 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-12-12 23:59 - 2017-11-26 14:31 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-12-12 23:59 - 2017-11-26 14:30 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-12-12 23:59 - 2017-11-26 14:29 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-12-12 23:59 - 2017-11-26 14:29 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-12-12 23:59 - 2017-11-26 14:29 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-12-12 23:59 - 2017-11-26 14:29 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-12-12 23:59 - 2017-11-26 14:29 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-12-12 23:59 - 2017-11-26 14:29 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-12-12 23:59 - 2017-11-26 14:29 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-12-12 23:59 - 2017-11-26 14:28 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-12-12 23:59 - 2017-11-26 14:28 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2017-12-12 23:59 - 2017-11-26 14:28 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-12-12 23:59 - 2017-11-26 14:28 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-12-12 23:59 - 2017-11-26 14:27 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-12-12 23:59 - 2017-11-26 14:27 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-12-12 23:59 - 2017-11-26 14:27 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-12-12 23:59 - 2017-11-26 14:27 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-12-12 23:59 - 2017-11-26 14:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-12 23:59 - 2017-11-26 14:23 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-12-12 23:59 - 2017-11-26 14:23 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-12-12 23:59 - 2017-11-26 14:23 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-12-12 23:59 - 2017-11-26 14:22 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-12-12 23:59 - 2017-11-26 14:21 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-12 23:59 - 2017-11-26 14:21 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-12 23:59 - 2017-11-26 13:57 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-12-12 23:59 - 2017-11-26 13:55 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-12 23:59 - 2017-11-26 13:55 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-12-12 23:59 - 2017-11-26 13:55 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-12-12 23:59 - 2017-11-26 13:55 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-12-12 23:59 - 2017-11-26 13:55 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-12-12 23:59 - 2017-11-26 13:55 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2017-12-12 23:59 - 2017-11-26 13:54 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-12-12 23:59 - 2017-11-26 13:54 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-12-12 23:59 - 2017-11-26 13:47 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-12-12 23:59 - 2017-11-26 13:43 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-12-12 23:59 - 2017-11-26 13:36 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-12-12 23:59 - 2017-11-26 13:36 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2017-12-12 23:59 - 2017-11-26 13:36 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-12 23:59 - 2017-11-26 13:35 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2017-12-12 23:59 - 2017-11-26 13:35 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-12-12 23:59 - 2017-11-26 13:34 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2017-12-12 23:59 - 2017-11-26 13:33 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2017-12-12 23:59 - 2017-11-26 13:31 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-12-12 23:59 - 2017-11-26 13:29 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-12-12 23:59 - 2017-11-26 13:29 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2017-12-12 23:59 - 2017-11-26 13:28 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-12-12 23:59 - 2017-11-26 13:26 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2017-12-12 23:59 - 2017-11-26 13:26 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-12 23:59 - 2017-11-26 13:26 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-12-12 23:59 - 2017-11-26 13:25 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-12-12 23:59 - 2017-11-26 13:25 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-12-12 23:59 - 2017-11-26 13:25 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-12-12 23:59 - 2017-11-26 13:25 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-12-12 23:59 - 2017-11-26 13:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-12-12 23:59 - 2017-11-26 13:19 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-12-12 23:59 - 2017-11-26 13:19 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-12-12 23:59 - 2017-11-26 13:19 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2017-12-12 23:59 - 2017-11-26 13:18 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-12-12 23:59 - 2017-11-26 13:18 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-12-12 23:59 - 2017-11-26 13:17 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-12-12 23:59 - 2017-11-26 13:08 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-12-12 23:59 - 2017-11-26 13:05 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-12-12 23:59 - 2017-11-26 13:04 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-12-12 23:59 - 2017-11-26 13:04 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-12-12 23:59 - 2017-11-26 13:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-12-12 23:59 - 2017-11-26 13:03 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-12 23:59 - 2017-11-26 13:00 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-12-12 23:59 - 2017-11-26 12:59 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-12-12 23:59 - 2017-11-26 12:59 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-12-12 23:59 - 2017-11-26 12:58 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-12-12 23:59 - 2017-11-26 12:48 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2017-12-12 23:59 - 2017-11-26 12:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2017-12-12 23:59 - 2017-11-26 12:21 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2017-12-12 23:59 - 2017-11-26 12:21 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-12-12 23:59 - 2017-11-26 12:02 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2017-12-12 23:59 - 2017-11-26 12:01 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-12-12 23:59 - 2017-11-26 12:01 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-12-12 23:59 - 2017-11-26 12:01 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2017-12-12 23:59 - 2017-11-26 12:01 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-12-12 23:59 - 2017-11-26 12:01 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-12-12 23:59 - 2017-11-26 12:01 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-12-12 23:59 - 2017-11-26 12:00 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-12-12 23:59 - 2017-11-26 12:00 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-12-12 23:59 - 2017-11-26 11:58 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-12-12 23:59 - 2017-11-26 11:58 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-12-12 23:59 - 2017-11-26 11:51 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-12-12 23:59 - 2017-11-26 11:51 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-12-12 23:59 - 2017-11-26 11:41 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-12-12 23:59 - 2017-11-26 11:41 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-12-12 23:59 - 2017-11-26 11:41 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-12-12 23:59 - 2017-11-26 11:41 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-12-12 23:59 - 2017-11-26 11:41 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-12-12 23:59 - 2017-11-26 11:40 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-12-12 23:59 - 2017-11-26 11:38 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2017-12-12 23:59 - 2017-11-26 11:36 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-12-12 23:59 - 2017-11-26 11:36 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-12-12 23:59 - 2017-11-26 11:36 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-12-12 23:59 - 2017-11-26 11:36 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-12-12 23:59 - 2017-11-26 11:35 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2017-12-12 23:59 - 2017-11-26 11:35 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-12-12 23:59 - 2017-11-26 11:35 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2017-12-12 23:59 - 2017-11-26 11:31 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-12-12 23:59 - 2017-11-26 11:31 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-12-12 23:59 - 2017-11-26 11:30 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-12-12 23:59 - 2017-11-26 11:30 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-12-12 23:59 - 2017-11-26 11:29 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-12-12 23:59 - 2017-11-26 11:28 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-12-12 23:59 - 2017-11-26 11:24 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-12-12 23:59 - 2017-11-26 11:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2017-12-12 23:59 - 2017-11-19 08:35 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-12-12 23:59 - 2017-11-19 03:20 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-12-12 23:58 - 2017-12-07 23:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-12 23:58 - 2017-12-07 23:09 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2017-12-12 23:58 - 2017-12-07 23:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-12 23:58 - 2017-12-07 23:05 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2017-12-12 23:58 - 2017-12-07 23:03 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-12 23:58 - 2017-12-07 23:01 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-12-12 23:58 - 2017-12-07 22:56 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-12-12 23:58 - 2017-11-26 13:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-12-12 23:58 - 2017-11-26 11:37 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-10 17:32 - 2017-06-27 00:20 - 000071838 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-01-10 17:06 - 2016-09-06 16:37 - 000000184 _____ C:\Users\javie\AppData\Roaming\sp_data.sys
2018-01-10 17:02 - 2016-09-06 16:37 - 000000000 __SHD C:\Users\javie\IntelGraphicsProfiles
2018-01-10 17:01 - 2017-11-23 23:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-10 17:00 - 2017-09-29 09:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-01-10 16:31 - 2017-11-23 23:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-10 14:02 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-10 12:39 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-10 12:39 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-09 23:36 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-09 23:33 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-01-09 22:59 - 2016-09-13 13:20 - 000000000 ____D C:\ProgramData\Avg
2018-01-09 20:59 - 2017-11-23 23:11 - 000000000 ____D C:\Users\javie
2018-01-09 20:16 - 2016-09-06 19:06 - 000000000 ____D C:\Users\javie\AppData\Roaming\AVAST Software
2018-01-09 20:16 - 2016-05-09 20:43 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-09 20:15 - 2016-05-09 20:43 - 000000000 ____D C:\Program Files\AVAST Software
2018-01-09 20:14 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-09 20:14 - 2016-09-06 18:27 - 000000000 ____D C:\Users\javie\AppData\Roaming\RStudio
2018-01-09 20:14 - 2016-09-06 18:27 - 000000000 ____D C:\Users\javie\AppData\Local\RStudio-Desktop
2018-01-09 20:12 - 2017-02-14 23:45 - 002808832 _____ C:\Users\javie\AppData\Local\WebpageIcons.db
2018-01-09 19:22 - 2016-09-06 18:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-09 19:15 - 2017-10-11 15:12 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-09 19:14 - 2016-09-06 18:10 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-09 18:44 - 2016-09-06 18:55 - 000000000 ____D C:\Users\javie\AppData\Roaming\Azureus
2018-01-09 16:47 - 2016-09-06 16:51 - 000000000 ____D C:\Users\javie\AppData\Local\Spotify
2018-01-09 16:47 - 2016-09-06 16:49 - 000000000 ____D C:\Users\javie\AppData\Roaming\Spotify
2018-01-09 16:39 - 2016-09-06 18:55 - 000000000 ____D C:\Program Files\Vuze
2018-01-09 16:38 - 2017-09-23 01:58 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-01-09 16:38 - 2017-09-23 01:58 - 000000000 ____D C:\Program Files\CCleaner
2018-01-09 16:37 - 2016-09-06 18:09 - 000000000 ____D C:\Users\javie\AppData\Roaming\vlc
2018-01-09 16:10 - 2017-11-23 23:33 - 002036680 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-09 16:10 - 2017-09-30 15:41 - 000920096 _____ C:\WINDOWS\system32\perfh00A.dat
2018-01-09 16:10 - 2017-09-30 15:41 - 000189638 _____ C:\WINDOWS\system32\perfc00A.dat
2018-01-09 15:50 - 2016-09-14 00:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-09 15:43 - 2017-06-27 00:20 - 000090468 _____ C:\WINDOWS\ZAM.krnl.trace
2018-01-09 15:39 - 2017-11-24 15:54 - 000000000 ___RD C:\Users\javie\3D Objects
2018-01-09 15:39 - 2016-05-09 20:03 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-09 15:36 - 2017-11-23 23:04 - 000420048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-09 15:32 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-09 15:32 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-09 15:32 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-09 15:32 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-09 15:32 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-09 15:32 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-09 15:32 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-09 15:32 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-09 15:32 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-09 13:36 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-09 13:35 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-01-09 13:31 - 2016-05-09 20:56 - 000000000 ____D C:\Program Files\Microsoft Office
2018-01-09 12:10 - 2017-02-13 10:33 - 000000000 ____D C:\Users\javie\.qgis2
2018-01-09 12:10 - 2016-10-13 18:37 - 000000000 ____D C:\Users\javie\.matplotlib
2018-01-09 11:06 - 2017-03-26 23:44 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-09 11:06 - 2017-03-26 23:44 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-08 21:41 - 2017-04-05 12:59 - 000000000 ____D C:\Users\javie\AppData\Roaming\WhatsApp
2018-01-08 20:44 - 2016-09-06 18:55 - 000000000 ____D C:\Users\javie\Documents\Vuze Downloads
2018-01-08 20:31 - 2017-09-18 20:51 - 000000000 ___RD C:\Users\javie\Documents\Scanned Documents
2018-01-08 18:59 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-08 18:47 - 2016-12-12 11:38 - 000000000 ____D C:\Users\javie\AppData\Roaming\ACD Systems
2018-01-08 18:46 - 2016-12-12 11:35 - 000000000 ____D C:\Users\javie\AppData\Local\Downloaded Installations
2018-01-08 18:23 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-08 18:22 - 2017-11-24 15:52 - 000000282 __RSH C:\Users\javie\ntuser.pol
2018-01-08 13:18 - 2017-11-23 23:12 - 000000000 ____D C:\Users\javie\AppData\Local\Packages
2018-01-08 13:04 - 2016-12-12 11:42 - 000000000 ____D C:\Users\javie\AppData\Roaming\.oit
2018-01-08 12:00 - 2017-11-23 23:37 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-01-08 12:00 - 2017-11-23 23:37 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-01-03 00:54 - 2017-01-02 17:44 - 000000000 ____D C:\Users\javie\AppData\Roaming\SigmaPlot 11.0
2018-01-03 00:54 - 2015-10-30 08:18 - 000000204 _____ C:\WINDOWS\SysWOW64\oxgmq9b.dll
2018-01-03 00:54 - 2015-10-30 08:18 - 000000100 _____ C:\WINDOWS\SysWOW64\prsgrc.dll
2017-12-31 02:14 - 2017-11-03 17:49 - 000000000 ____D C:\Users\javie\AppData\Roaming\FileZilla
2017-12-31 02:14 - 2017-05-19 12:35 - 000000600 _____ C:\Users\javie\AppData\Local\PUTTY.RND
2017-12-28 12:57 - 2016-10-10 16:40 - 000002678 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive para la Empresa.lnk
2017-12-28 12:57 - 2016-10-10 16:40 - 000002540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial 2016.lnk
2017-12-28 12:57 - 2016-09-06 16:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office 2016
2017-12-28 12:57 - 2016-05-09 21:00 - 000002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-12-28 12:57 - 2016-05-09 21:00 - 000002472 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-12-28 12:57 - 2016-05-09 21:00 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-12-28 12:57 - 2016-05-09 21:00 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-12-28 12:57 - 2016-05-09 21:00 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-12-28 12:57 - 2016-05-09 21:00 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-12-28 12:57 - 2016-05-09 21:00 - 000002399 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-12-19 16:56 - 2016-03-28 12:15 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-19 16:48 - 2017-04-18 18:37 - 000000000 ____D C:\Program Files\JetBrains
2017-12-19 16:48 - 2017-04-18 18:32 - 000000000 ____D C:\Python34
2017-12-19 10:29 - 2017-11-09 02:58 - 000000600 _____ C:\Users\javie\AppData\Roaming\PUTTY.RND
2017-12-19 09:15 - 2017-11-24 15:55 - 000000000 ____D C:\Users\javie\AppData\Local\PackageStaging
2017-12-18 22:21 - 2017-09-29 09:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-12-18 22:13 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-12-18 22:13 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-12-18 22:13 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-18 22:13 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-18 22:13 - 2017-09-29 14:46 - 000000000 ____D C:\PerfLogs
2017-12-17 21:10 - 2016-09-06 18:37 - 000026948 _____ C:\Users\javie\Documents\.Rhistory
2017-12-17 19:33 - 2016-09-28 15:37 - 000000000 ____D C:\ProgramData\Oracle
2017-12-14 20:11 - 2016-09-06 19:46 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-12-14 18:30 - 2016-09-06 18:30 - 000000000 ____D C:\Program Files (x86)\Mendeley Desktop
2017-12-14 17:08 - 2017-11-03 17:49 - 000000000 ____D C:\Users\javie\AppData\Local\FileZilla
2017-12-14 17:08 - 2017-11-03 17:48 - 000000000 ____D C:\Users\javie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-12-14 17:08 - 2017-11-03 17:48 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2017-12-14 13:33 - 2017-11-23 23:37 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories =======
 
2017-09-29 14:42 - 2017-09-29 14:42 - 000001106 _____ () C:\Users\javie\AuaYcO.bat
2017-09-29 14:42 - 2017-09-29 14:42 - 000000051 _____ () C:\Users\javie\kgVMTONruU.bat
2018-01-08 17:59 - 2017-09-29 14:42 - 000000067 _____ () C:\Program Files (x86)\oiyuisyEuG
2017-09-29 14:42 - 2017-09-29 14:42 - 000000067 _____ () C:\Program Files (x86)\oiyuisyEuG.bat
2017-11-30 17:33 - 2017-12-04 13:18 - 000000033 _____ () C:\Users\javie\AppData\Roaming\AdobeWLCMCache.dat
2017-11-09 02:58 - 2017-12-19 10:29 - 000000600 _____ () C:\Users\javie\AppData\Roaming\PUTTY.RND
2016-09-06 16:37 - 2018-01-10 17:06 - 000000184 _____ () C:\Users\javie\AppData\Roaming\sp_data.sys
2018-01-08 17:59 - 2017-09-29 14:42 - 000059904 _____ (Microsoft Corporation) C:\Users\javie\AppData\Local\dYaIFadAySYYO.exe
2018-01-08 17:59 - 2017-09-29 14:42 - 000174592 _____ (Microsoft Corporation) C:\Users\javie\AppData\Local\oygdrkevIvuG.exe
2016-12-27 16:14 - 2016-12-27 16:27 - 045700992 _____ (Sony) C:\Users\javie\AppData\Local\pcc.exe
2017-05-19 12:35 - 2017-12-31 02:14 - 000000600 _____ () C:\Users\javie\AppData\Local\PUTTY.RND
2017-02-14 23:45 - 2018-01-09 20:12 - 002808832 _____ () C:\Users\javie\AppData\Local\WebpageIcons.db
2018-01-08 17:59 - 2018-01-08 17:59 - 000000001 _____ () C:\Users\javie\AppData\Local\WMI.ini
2018-01-08 17:59 - 2017-09-29 14:42 - 000001060 _____ () C:\Users\javie\AppData\Local\yUIuaFhL
2017-09-29 14:42 - 2017-09-29 14:42 - 000001060 _____ () C:\Users\javie\AppData\Local\yUIuaFhL.bat
 
Some files in TEMP:
====================
2017-06-15 07:02 - 2017-06-15 07:02 - 000007915 _____ () C:\Users\javie\AppData\Local\Temp\14506583.exe
2018-01-10 13:56 - 2018-01-10 13:56 - 000388412 _____ (                                                            ) C:\Users\javie\AppData\Local\Temp\2950718643.exe
2017-06-15 07:02 - 2017-06-15 07:02 - 000007915 _____ () C:\Users\javie\AppData\Local\Temp\3202014634.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-01-09 23:28
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by javie (10-01-2018 17:33:23)
Running from C:\Users\javie\Desktop
Windows 10 Home Version 1709 16299.192 (X64) (2017-11-23 22:43:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-2554971688-3712468172-2774804493-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2554971688-3712468172-2774804493-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2554971688-3712468172-2774804493-1003 - Limited - Enabled)
Invitado (S-1-5-21-2554971688-3712468172-2774804493-501 - Limited - Disabled)
javie (S-1-5-21-2554971688-3712468172-2774804493-1001 - Administrator - Enabled) => C:\Users\javie
WDAGUtilityAccount (S-1-5-21-2554971688-3712468172-2774804493-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.6.5 - ASUSTek Computer Inc)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.14.0006 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0041 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.95 - ICEpower a/s)
Avast SecureLine for Asustek (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.3 - AVAST Software)
AVG (HKLM\...\{BE1A8A5D-8197-48D3-8A41-4360888B7306}) (Version: 1.231.2 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.9.3040 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
Estudio para la mejora del producto HP ENVY 5640 series (HKLM\...\{AF17EB0D-16F8-4023-8221-9F8CE67D541A}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
Evernote v. 6.5.4 (HKLM-x32\...\{D47E7D82-0D98-11E7-A6D6-005056951CAD}) (Version: 6.5.4.4720 - Evernote Corp.)
FileZilla Client 3.29.0 (HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\...\FileZilla Client) (Version: 3.29.0 - Tim Kosse)
FluorPenInstall (HKLM-x32\...\{6FCBD550-A97F-4A54-96A0-FE271D0304A3}) (Version: 1.0.1.7 - PSI)
FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden
Git version 2.12.0 (HKLM\...\Git_is1) (Version: 2.12.0 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.20) (Version: 9.20 - Artifex Software Inc.)
GSview 5.0 (HKLM-x32\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
HP ENVY 5640 series Ayuda (HKLM-x32\...\{6F19F8E6-65CD-4458-AA6B-BA0F14DF8388}) (Version: 34.0.0 - Hewlett Packard)
HP ENVY 5640 series Software básico del dispositivo (HKLM\...\{BFC9061D-7EB7-4D31-8847-33D516BE9026}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1169 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Kyodai Mahjongg 2006 v1.42 (HKLM-x32\...\Kyodai Mahjongg 2006_is1) (Version:  - Rene-Gilles Deberdt)
Malwarebytes versión 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.149 - McAfee, Inc.)
Mendeley Desktop 1.16.3 (HKLM-x32\...\Mendeley Desktop) (Version: 1.16.3 - Mendeley Ltd.)
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProplusRetail - es-es) (Version: 16.0.8730.2165 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Project Profesional 2016 - es-es (HKLM\...\ProjectProRetail - es-es) (Version: 16.0.8730.2165 - Microsoft Corporation)
Microsoft Visio Profesional 2016 - es-es (HKLM\...\VisioProRetail - es-es) (Version: 16.0.8730.2165 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 369.09 - NVIDIA Corporation) Hidden
PuTTY release 0.69 (64-bit) (HKLM\...\{5FE84905-DAF1-4319-82B2-D60BCA095BCE}) (Version: 0.69.0.0 - Simon Tatham)
QGIS 2.14.21 'Essen' (HKLM\...\QGIS 2.14) (Version:  - QGIS Development Team)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
R for Windows 3.4.2 (HKLM\...\R for Windows 3.4.2_is1) (Version: 3.4.2 - R Core Team)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
RStudio (HKLM-x32\...\RStudio) (Version: 1.1.383 - RStudio)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
Servicio Xperia Companion (HKLM\...\{86C9336F-6376-4E86-A09A-EA7177DEC3D5}) (Version: 1.7.2.0 - Sony) Hidden
SigmaPlot 11.0 (HKLM-x32\...\{B1A88375-BAB9-4081-B58F-A137FC6ED2A4}) (Version: 11.0 - Systat Software, Inc.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.3.0 - Azureus Software, Inc.)
WhatsApp (HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\...\WhatsApp) (Version: 0.2.7315 - WhatsApp)
Windows Driver Package - ASUS (AsusSGDrv) Mouse  (11/11/2015 8.0.0.23) (HKLM\...\FF0137EA2940E916D51DA702B6425126CC7C89BF) (Version: 11/11/2015 8.0.0.23 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.1.0 - ASUS)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5247 - Kingsoft Corp.)
Xperia Companion (HKLM-x32\...\{058506CE-4E1C-4087-878E-61D8B5F8F47A}) (Version: 1.7.2.0 - Sony) Hidden
Xperia Companion (HKLM-x32\...\{65415473-2761-4ee3-85c1-5fdf086444c6}) (Version: 1.7.2.0 - Sony)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] ()
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-01-09] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-01-09] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06273D99-584B-40E7-BDE2-BADB0E4E196E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-01-19] (ASUSTek Computer Inc.)
Task: {0CE180EE-ED4B-49E8-9F22-C190D7BFE12A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2018-01-09] (AVG Technologies CZ, s.r.o.)
Task: {10A7F33C-E2BD-4997-A395-C10DC59957F2} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-07-29] (Realtek Semiconductor)
Task: {146D5827-783F-4B55-94D2-9C48ED5054B9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-25] (Microsoft Corporation)
Task: {184B7D49-D5D9-45F1-916D-7A9ECF39263E} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-18] (AsusTek)
Task: {1EBFD26A-FEB8-40B6-8F0A-6CCF210301DB} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {27039B8C-41A7-4620-95C8-023E864E8CC5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {27475381-AC08-47C1-AD14-3C507EEDD387} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-09-06] (AVAST Software)
Task: {27D4E600-4EE0-4215-8387-552540818156} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {32A2D22C-3931-4494-9EB5-D75E52DEF38F} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate]
Task: {32F77D69-3F66-4F84-890A-6E1EECBE6B88} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {3421E9D4-8725-4B91-BABA-988C4915FFB8} - System32\Tasks\HPCustParticipation HP ENVY 5640 series => C:\Program Files\HP\HP ENVY 5640 series\Bin\HPCustPartic.exe [2014-08-22] (Hewlett-Packard Development Company, LP)
Task: {4CCE54B2-4242-4C75-9297-83DDF603EF45} - System32\Tasks\ASUS\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [2017-09-18] (ASUSTek Computer Inc)
Task: {558BCA4A-7C10-4D03-8723-EC899E904256} - System32\Tasks\R@1n-KMS\Office16VisioPro => wmic [Argument = path SoftwareLicensingProduct where (ID="6bf301c1-b94a-43e9-ba31-d494598c47fb") call Activate]
Task: {5753B519-CC82-4ABD-83F6-7224108C5521} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-01-09] (Microsoft Corporation)
Task: {5756CDBF-88F7-4F80-8822-EFDA9BDA5195} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe [2016-03-28] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {61ECF38A-5A30-43A5-B765-0BFAF6197E3E} - System32\Tasks\xbwYXbxiEmYE => C:\Users\javie\kgVMTONruU.bat [2017-09-29] () <==== ATTENTION
Task: {73303BD0-8DAD-4435-9253-48CCE577BF99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.)
Task: {74F39481-0421-4BD7-B320-9AB4713BB646} - System32\Tasks\aoueVBoxGUoAY => C:\Program Files (x86)\oiyuisyEuG.bat [2017-09-29] () <==== ATTENTION
Task: {75EC16D3-3E02-46D7-8CB8-D45B76105DC9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {78CB9B60-8D14-4920-9E14-96F4FE8D1382} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-01-09] (Microsoft Corporation)
Task: {7FA82EC8-D629-4A07-9940-5BB403E9F8F9} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {8905D590-926F-4B98-B957-A1EBB7B0068C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-09] (Microsoft Corporation)
Task: {8B53F226-89CF-4795-AB84-B487F16DCBCB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.)
Task: {990E4F4D-C7DE-436B-8657-1CD81AAD0E33} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe [2016-03-28] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {9F87FD6E-556F-4EA3-B6F4-87FD86F7B704} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-25] (Microsoft Corporation)
Task: {A0923D8E-D307-43CE-91E5-89532750B849} - System32\Tasks\R@1n-KMS\Office16ProjectPro => wmic [Argument = path SoftwareLicensingProduct where (ID="4f414197-0fc2-4c01-b68a-86cbb9ac254c") call Activate]
Task: {AAF946B5-DB74-4F31-B660-63ED93877C14} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-09] (Microsoft Corporation)
Task: {AB58C1A8-424C-432D-B830-7749ED7F81A4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {B003C98B-A199-4D21-97FD-E2BC473CA0FE} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-javierlopezjurado@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {C68DC61F-7DB6-468C-8B6D-1ABCA7C7EB83} - System32\Tasks\oRuJJvmeeEyz => C:\Users\javie\AppData\Local\dYaIFadAySYYO.exe [2017-09-29] (Microsoft Corporation)
Task: {C876A204-64BC-41C1-93A1-AD616781868F} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {C8C9FCA6-A485-4BC0-86BD-1FA21D22BF60} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {D036AEB7-4916-4228-8D39-B64788729F7F} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {D26D1B6C-A9E9-4692-BFEA-F3B63DE304A0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {D319B8BC-96E1-4793-AEF5-1F5E4CA252BE} - \User_Feed_Synchronization-{58930567-0F8E-4BD7-A0A1-A32021E972AE} -> No File <==== ATTENTION
Task: {ECD7AB39-0086-40A3-8E14-6B3B6B0BA9F3} - System32\Tasks\R@1n-KMS\Windows64Core => wmic [Argument = path SoftwareLicensingProduct where (ID="58e97c99-f377-4ef1-81d5-4ad5522b5fd8") call Activate]
Task: {F46A9950-E658-4319-BB22-00E94BEFFE59} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor)
Task: {F923E1F0-6D13-4ED4-838B-41D173F50AC1} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {FC0907DD-E4FA-4289-A775-9DB4BFD31281} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-12-02] (ASUS)
Task: {FD3ED6E9-E8DC-415A-8596-2E35040B7D18} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\javie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enthought Canopy (64-bit)\Canopy 64-bit command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k C:\Users\javie\AppData\Local\Enthought\Canopy\User\Scripts\activate.bat
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-07-15 14:37 - 2016-08-01 13:54 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-10-06 18:21 - 2014-04-16 09:22 - 000029184 _____ () C:\WINDOWS\System32\usp02l.dll
2016-09-06 16:31 - 2016-09-06 16:32 - 000592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2017-12-28 13:15 - 2017-12-28 13:15 - 000026112 _____ () C:\Windows\KMS-R@1n.exe
2017-10-06 18:22 - 2014-11-26 12:07 - 000118576 _____ () C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe
2018-01-09 15:50 - 2018-01-09 19:13 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-09 15:50 - 2018-01-09 19:13 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-11-06 20:32 - 2017-11-06 20:32 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-05-17 23:42 - 2016-05-17 23:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-12-12 23:59 - 2017-11-26 13:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-12 23:59 - 2017-11-26 13:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-04 12:46 - 2018-01-04 12:46 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-04 12:46 - 2018-01-04 12:46 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-04 12:46 - 2018-01-04 12:46 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-04 12:46 - 2018-01-04 12:46 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-04 12:46 - 2018-01-04 12:46 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-01-09 19:52 - 2018-01-09 19:52 - 000069104 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\dll_loader.dll
2018-01-09 19:52 - 2018-01-09 19:52 - 000069040 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\module_lifetime.dll
2018-01-09 11:06 - 2018-01-03 10:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-09 11:06 - 2018-01-03 10:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2017-09-18 08:15 - 2017-09-18 08:15 - 001937408 _____ () C:\Program Files (x86)\ASUS\Giftbox\ffmpeg.dll
2015-12-02 18:01 - 2015-12-02 18:01 - 000027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-12-02 18:01 - 2015-12-02 18:01 - 000124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-12-02 18:01 - 2015-12-02 18:01 - 000029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2015-09-18 23:34 - 2015-09-18 23:34 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-09-18 08:15 - 2017-09-18 08:15 - 002177536 _____ () C:\Program Files (x86)\ASUS\Giftbox\libglesv2.dll
2017-09-18 08:15 - 2017-09-18 08:15 - 000079360 _____ () C:\Program Files (x86)\ASUS\Giftbox\libegl.dll
2017-09-18 08:15 - 2017-09-18 08:15 - 003561984 _____ () C:\Program Files (x86)\ASUS\Giftbox\node.dll
2017-09-18 08:15 - 2017-09-18 08:15 - 000292352 _____ () \\?\C:\Program Files (x86)\ASUS\Giftbox\node_modules\appcloud-native-utils\anu.node
2018-01-09 19:38 - 2018-01-09 19:38 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [124]
AlternateDataStreams: C:\Users\javie\Documents\LlaveCoche.jpg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\javie\Documents\LlaveCoche.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 08:24 - 2017-10-06 16:40 - 000000857 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\javie\Downloads\WhatsApp Image 2017-03-29 at 23.56.46.jpeg
DNS Servers: 62.81.16.148 - 62.81.16.213
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "avast! SecureLine.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run: => "CVPWU7EN"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\...\StartupApproved\Run: => "HP ENVY 5640 series (NET)"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D45C2EB1-E55F-4439-BAFC-1A4E62218462}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [UDP Query User{0FB9489C-DF43-4457-949E-0F0095AD5687}C:\program files\rstudio\bin\x64\rsession.exe] => (Allow) C:\program files\rstudio\bin\x64\rsession.exe
FirewallRules: [TCP Query User{3BEE34D1-6007-4E82-943C-BE5E6F3F5D2D}C:\program files\rstudio\bin\x64\rsession.exe] => (Allow) C:\program files\rstudio\bin\x64\rsession.exe
FirewallRules: [{09B8626B-0448-4A5B-B255-12F92654DE69}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [UDP Query User{86F8B783-C102-4F23-8D4D-A806CBA8CAAA}C:\users\javie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\javie\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{46449B55-DE31-43E4-9DB2-EDB52AF04BBD}C:\users\javie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\javie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A574E67F-EFAC-492B-ABD0-E787339CE410}] => (Allow) C:\Users\javie\AppData\Local\Temp\XZZW3SLHBR\chromedriver.exe
FirewallRules: [{1B4A8D52-44F1-4CD0-A211-2307770E4882}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DD033174-7E77-442F-B26B-CE24E45670CC}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{37754BEA-ED16-4604-954D-DCA843DA7008}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{939697D0-4982-4B46-A3E0-68E3D98BF8DD}C:\users\javie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\javie\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F26D5588-E4BC-4F43-8BF3-0732F9CEF5EC}C:\users\javie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\javie\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{D3ADF2FD-B203-4877-9224-2175063A35BC}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{B61D8E0E-9362-4480-A59B-E4B3752FEA09}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [{7BE5EDB3-DD83-4C19-BB63-E797F2886383}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{859FDA7B-E532-4D53-BB42-3587BA2E15AA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{2AC6DBED-517E-4D19-A4EE-32430625F9F0}C:\users\javie\downloads\imagej\imagej.exe] => (Allow) C:\users\javie\downloads\imagej\imagej.exe
FirewallRules: [UDP Query User{3AD3B835-A8AD-4973-B333-7DEBD09C8258}C:\users\javie\downloads\imagej\imagej.exe] => (Allow) C:\users\javie\downloads\imagej\imagej.exe
FirewallRules: [{2B26BE57-3D32-422A-A9C1-6A92C650C3C3}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{0C000D31-EAEF-45F4-A710-7975E6B93085}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{CF350ABE-7268-45AF-B8DD-CF597B4CAF2A}] => (Allow) C:\Program Files\HP\HP ENVY 5640 series\Bin\DeviceSetup.exe
FirewallRules: [{DD7F53BE-D187-458A-AEF1-74D00C1F5274}] => (Allow) LPort=5357
FirewallRules: [{F22D89DE-C671-4D42-B0B2-317CD00AD057}] => (Allow) C:\Program Files\HP\HP ENVY 5640 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{07470A97-B729-47BB-9335-4CE6AD6FF485}C:\program files\jetbrains\pycharm community edition 2017.1.1\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.1.1\bin\pycharm64.exe
FirewallRules: [UDP Query User{878C5BB3-A693-4FE4-9B5C-5E3FC7E61FF9}C:\program files\jetbrains\pycharm community edition 2017.1.1\bin\pycharm64.exe] => (Allow) C:\program files\jetbrains\pycharm community edition 2017.1.1\bin\pycharm64.exe
FirewallRules: [TCP Query User{60D7B059-EEBB-4191-B332-E9881E0D4BB2}C:\program files\rstudio\bin\x64\rsession.exe] => (Allow) C:\program files\rstudio\bin\x64\rsession.exe
FirewallRules: [UDP Query User{BA9F4A45-068C-449E-BD9B-FFD92E21C368}C:\program files\rstudio\bin\x64\rsession.exe] => (Allow) C:\program files\rstudio\bin\x64\rsession.exe
FirewallRules: [{464C0E18-FF22-4BE0-A67C-517B71CD35B3}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{76F167C4-A3A0-4D21-B39C-4F8FA1BE73F6}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{379B4486-312B-4B33-82D6-B9F0FE6E443B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{66B90F6A-FD14-44CD-BB89-1B16E1AC0B97}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{55EF871C-862D-44AE-9223-F8C69D74F223}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{CE406B50-3B16-430B-AB9B-9E9BB5634CEA}] => (Allow) C:\Users\javie\AppData\Local\Lite\Application\lite.exe
FirewallRules: [{5C1347FF-0575-42CC-8E93-A8FC4425F6AE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
10-01-2018 13:46:51 Restore Point Created by FRST
10-01-2018 17:07:00 Removed Canvas X 2017 GIS.
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/10/2018 05:08:41 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x80004005
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkQuarantineRetry
 
Error: (01/10/2018 05:07:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
 
System Error:
El sistema no puede encontrar el archivo especificado.
.
 
Error: (01/10/2018 05:05:36 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x80004005
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (01/10/2018 05:04:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x80004005
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (01/10/2018 04:34:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x80004005
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (01/10/2018 04:33:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x80004005
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (01/10/2018 02:56:57 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x80004005
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkQuarantineRetry
 
Error: (01/10/2018 02:52:04 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x80004005
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (01/10/2018 02:02:40 PM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel® Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.
 
Error: (01/10/2018 01:57:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x80004005
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkQuarantineRetry
 
 
System errors:
=============
Error: (01/10/2018 05:17:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (01/10/2018 05:11:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (01/10/2018 05:08:35 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-RD3TUDP)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-RD3TUDP\javie con SID (S-1-5-21-2554971688-3712468172-2774804493-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (01/10/2018 05:02:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Windows Presentation Foundation Font Cache 3.0.0.0 no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.
 
Error: (01/10/2018 05:02:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio FontCache3.0.0.0.
 
Error: (01/10/2018 05:02:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\Servicio de red con SID (S-1-5-20) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (01/10/2018 05:02:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (01/10/2018 05:02:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (01/10/2018 05:01:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Kingsoft_WPS_UpdateService no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.
 
Error: (01/10/2018 05:01:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Kingsoft_WPS_UpdateService.
 
 
CodeIntegrity:
===================================
  Date: 2018-01-10 08:31:56.574
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\InfusedApps\Applications\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x86\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-01-10 08:31:56.539
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\InfusedApps\Applications\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x86\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-01-10 08:31:56.175
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\InfusedApps\Applications\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-01-10 08:31:56.126
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\InfusedApps\Applications\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-01-09 19:14:12.263
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2018-01-09 15:50:37.749
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-11-26 23:37:23.746
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-26 23:37:23.705
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-26 23:37:23.652
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-26 23:37:23.609
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe\x64\hevcdecoder_store.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 42%
Total physical RAM: 8025.61 MB
Available physical RAM: 4596.85 MB
Total Virtual: 12121.61 MB
Available Virtual: 8656.26 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:283.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:314.25 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 758C9250)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
I need help please!
 


BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:03 PM

Posted 10 January 2018 - 08:38 PM

Greetings Keflas and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Which cracked programs did you install? Please run this.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Which programs
  • CKScanner report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Keflas

Keflas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 11 January 2018 - 04:46 AM

I cracked Canvas X 2017 GIS and Zemana AntiMalware recently, when the problems started.
 
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\git\usr\bin\ssh-keygen.exe
c:\program files\qgis 2.14\apps\python27\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files\r\r-3.4.2\library\survival\tests\data.cracks
c:\program files\rstudio\bin\msys-ssh-1000-18\ssh-keygen.exe
c:\program files (x86)\asus\atk package\atk hotkey\atkmsgctrl.exe
c:\windows\kms-r@1n.exe
scanner sequence 3.BD.11.UQNADZ
 ----- EOF ----- 
 
Thank you!


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:03 PM

Posted 11 January 2018 - 04:51 PM

Thank you for providing that report.

Do you recognize these?

C:\Users\javie\Desktop\dbroteri12x.csv
C:\Users\javie\Desktop\dbroterigbif12x.csv
HKLM\...\StartupApproved\Run: => "CVPWU7EN"


-----

Let's start with this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
2017-12-28 13:16 - 2017-12-28 13:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\R@1n-KMS
2017-12-28 13:15 - 2017-12-28 13:15 - 000026112 _____ C:\WINDOWS\KMS-R@1n.exe
2017-12-28 13:15 - 2017-12-28 13:15 - 000004096 _____ C:\WINDOWS\KMS-R@1nHook.dll
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2554971688-3712468172-2774804493-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
CHR Profile: C:\Users\javie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2018-01-10]
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2017-12-28] () [File not signed]
S2 0166041515233684mcinstcleanup; C:\WINDOWS\TEMP\016604~1.EXE -cleanup -nolog [X]
C:\WINDOWS\TEMP
S1 ZAM
C:\ProgramData\TEMP
C:\WINDOWS\wininit.ini
2018-01-08 17:59 - 2018-01-10 17:05 - 000003576 _____ C:\WINDOWS\System32\Tasks\aoueVBoxGUoAY
2018-01-08 17:59 - 2018-01-10 16:54 - 000003356 _____ C:\WINDOWS\System32\Tasks\xbwYXbxiEmYE
2018-01-08 17:59 - 2018-01-08 17:59 - 000003742 _____ C:\WINDOWS\System32\Tasks\oRuJJvmeeEyz
2018-01-08 17:59 - 2018-01-08 17:59 - 000000001 _____ C:\Users\javie\AppData\Local\WMI.ini
2018-01-08 17:59 - 2017-09-29 14:42 - 000174592 _____ (Microsoft Corporation) C:\Users\javie\AppData\Local\oygdrkevIvuG.exe
2018-01-08 17:59 - 2017-09-29 14:42 - 000059904 _____ (Microsoft Corporation) C:\Users\javie\AppData\Local\dYaIFadAySYYO.exe
2018-01-08 17:59 - 2017-09-29 14:42 - 000001106 _____ C:\Users\javie\AuaYcO
2018-01-08 17:59 - 2017-09-29 14:42 - 000001060 _____ C:\Users\javie\AppData\Local\yUIuaFhL
2018-01-08 17:59 - 2017-09-29 14:42 - 000000067 _____ C:\Program Files (x86)\oiyuisyEuG
2018-01-08 17:59 - 2017-09-29 14:42 - 000000051 _____ C:\Users\javie\kgVMTONruU
2017-09-29 14:42 - 2017-09-29 14:42 - 000001106 _____ () C:\Users\javie\AuaYcO.bat
2017-09-29 14:42 - 2017-09-29 14:42 - 000000051 _____ () C:\Users\javie\kgVMTONruU.bat
2018-01-08 17:59 - 2017-09-29 14:42 - 000000067 _____ () C:\Program Files (x86)\oiyuisyEuG
2017-09-29 14:42 - 2017-09-29 14:42 - 000000067 _____ () C:\Program Files (x86)\oiyuisyEuG.bat
2018-01-08 17:59 - 2018-01-08 17:59 - 000000001 _____ () C:\Users\javie\AppData\Local\WMI.ini
2018-01-08 17:59 - 2017-09-29 14:42 - 000001060 _____ () C:\Users\javie\AppData\Local\yUIuaFhL
2017-09-29 14:42 - 2017-09-29 14:42 - 000001060 _____ () C:\Users\javie\AppData\Local\yUIuaFhL.bat
C:\Users\javie\AppData\Local\Temp\14506583.exe
C:\Users\javie\AppData\Local\Temp\2950718643.exe
C:\Users\javie\AppData\Local\Temp\3202014634.exe
2018-01-09 13:35 - 2018-01-09 15:59 - 000000000 ____D C:\Users\javie\AppData\Roaming\Enigma Software Group
2018-01-09 13:35 - 2018-01-09 13:35 - 000003442 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
Task: {7FA82EC8-D629-4A07-9940-5BB403E9F8F9} - System32\Tasks\SpyHunter4Startup
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  
Task: {27039B8C-41A7-4620-95C8-023E864E8CC5} - \Microsoft\Windows\UNP\RunCampaignManager
Task: {32A2D22C-3931-4494-9EB5-D75E52DEF38F} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate]
Task: {558BCA4A-7C10-4D03-8723-EC899E904256} - System32\Tasks\R@1n-KMS\Office16VisioPro => wmic [Argument = path SoftwareLicensingProduct where (ID="6bf301c1-b94a-43e9-ba31-d494598c47fb") call Activate]
Task: {61ECF38A-5A30-43A5-B765-0BFAF6197E3E} - System32\Tasks\xbwYXbxiEmYE => C:\Users\javie\kgVMTONruU.bat
Task: {74F39481-0421-4BD7-B320-9AB4713BB646} - System32\Tasks\aoueVBoxGUoAY => C:\Program Files (x86)\oiyuisyEuG.bat
Task: {7FA82EC8-D629-4A07-9940-5BB403E9F8F9} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files\Enigma Software Group
Task: {A0923D8E-D307-43CE-91E5-89532750B849} - System32\Tasks\R@1n-KMS\Office16ProjectPro => wmic [Argument = path SoftwareLicensingProduct where (ID="4f414197-0fc2-4c01-b68a-86cbb9ac254c") call Activate]
Task: {C68DC61F-7DB6-468C-8B6D-1ABCA7C7EB83} - System32\Tasks\oRuJJvmeeEyz => C:\Users\javie\AppData\Local\dYaIFadAySYYO.exe [2017-09-29] (Microsoft Corporation)
Task: {D319B8BC-96E1-4793-AEF5-1F5E4CA252BE} - \User_Feed_Synchronization-{58930567-0F8E-4BD7-A0A1-A32021E972AE}
Task: {ECD7AB39-0086-40A3-8E14-6B3B6B0BA9F3} - System32\Tasks\R@1n-KMS\Windows64Core => wmic [Argument = path SoftwareLicensingProduct where (ID="58e97c99-f377-4ef1-81d5-4ad5522b5fd8") call Activate]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [124]
AlternateDataStreams: C:\Users\javie\Documents\LlaveCoche.jpg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\javie\Documents\LlaveCoche.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{2B26BE57-3D32-422A-A9C1-6A92C650C3C3}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{0C000D31-EAEF-45F4-A710-7975E6B93085}] => (Allow) C:\Torrentex\Torrentex.exe
C:\Torrentex
FirewallRules: [{464C0E18-FF22-4BE0-A67C-517B71CD35B3}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{76F167C4-A3A0-4D21-B39C-4F8FA1BE73F6}] => (Allow) C:\Windows\KMS-R@1n.exe
Folder: C:\Users\javie\AppData\Roaming\SigmaPlot 11.0
File: C:\WINDOWS\SysWOW64\oxgmq9b.dll
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize entries?
  • Fixlog
  • AdwCleaner log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Keflas

Keflas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 12 January 2018 - 06:45 AM

Hi again, I recognize the two .csv files in the Desktop and I removed the two of them because I will not use them anymore. The another entry, I don't recognize it: HKLM\...\StartupApproved\Run: => "CVPWU7EN".
 
Reading in the internet and because of the cmd prompt advices, I think the virus or similar is using the file svchost.exe in system32 folder. Any suggestions? These are the txt copies:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by javie (12-01-2018 12:02:38) Run:3
Running from C:\Users\javie\Desktop
Loaded Profiles: javie (Available Profiles: javie)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
2017-12-28 13:16 - 2017-12-28 13:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\R@1n-KMS
2017-12-28 13:15 - 2017-12-28 13:15 - 000026112 _____ C:\WINDOWS\KMS-R@1n.exe
2017-12-28 13:15 - 2017-12-28 13:15 - 000004096 _____ C:\WINDOWS\KMS-R@1nHook.dll
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2554971688-3712468172-2774804493-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files
(x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
CHR Profile: C:\Users\javie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2018-01-10]
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2017-12-28] () [File not signed]
S2 0166041515233684mcinstcleanup; C:\WINDOWS\TEMP\016604~1.EXE -cleanup -nolog [X]
C:\WINDOWS\TEMP
S1 ZAM
C:\ProgramData\TEMP
C:\WINDOWS\wininit.ini
2018-01-08 17:59 - 2018-01-10 17:05 - 000003576 _____ C:\WINDOWS\System32\Tasks\aoueVBoxGUoAY
2018-01-08 17:59 - 2018-01-10 16:54 - 000003356 _____ C:\WINDOWS\System32\Tasks\xbwYXbxiEmYE
2018-01-08 17:59 - 2018-01-08 17:59 - 000003742 _____ C:\WINDOWS\System32\Tasks\oRuJJvmeeEyz
2018-01-08 17:59 - 2018-01-08 17:59 - 000000001 _____ C:\Users\javie\AppData\Local\WMI.ini
2018-01-08 17:59 - 2017-09-29 14:42 -
000174592 _____ (Microsoft Corporation) C:\Users\javie\AppData\Local\oygdrkevIvuG.exe
2018-01-08 17:59 - 2017-09-29 14:42 - 000059904 _____ (Microsoft Corporation) C:\Users\javie\AppData\Local\dYaIFadAySYYO.exe
2018-01-08 17:59 - 2017-09-29 14:42 - 000001106 _____ C:\Users\javie\AuaYcO
2018-01-08 17:59 - 2017-09-29 14:42 - 000001060 _____ C:\Users\javie\AppData\Local\yUIuaFhL
2018-01-08 17:59 - 2017-09-29 14:42 - 000000067 _____ C:\Program Files (x86)\oiyuisyEuG
2018-01-08 17:59 - 2017-09-29 14:42 - 000000051 _____ C:\Users\javie\kgVMTONruU
2017-09-29 14:42 - 2017-09-29 14:42 - 000001106 _____ () C:\Users\javie\AuaYcO.bat
2017-09-29 14:42 - 2017-09-29 14:42 - 000000051 _____ () C:\Users\javie\kgVMTONruU.bat
2018-01-08 17:59 - 2017-09-29 14:42 - 000000067 _____ () C:\Program Files (x86)\oiyuisyEuG
2017-09-29 14:42 - 2017-09-29 14:42 - 000000067 _____ () C:\Program Files (x86)\oiyuisyEuG.bat
2018-01-08 17:59 - 2018-01-08 17:59 - 000000001 _____ ()
C:\Users\javie\AppData\Local\WMI.ini
2018-01-08 17:59 - 2017-09-29 14:42 - 000001060 _____ () C:\Users\javie\AppData\Local\yUIuaFhL
2017-09-29 14:42 - 2017-09-29 14:42 - 000001060 _____ () C:\Users\javie\AppData\Local\yUIuaFhL.bat
C:\Users\javie\AppData\Local\Temp\14506583.exe
C:\Users\javie\AppData\Local\Temp\2950718643.exe
C:\Users\javie\AppData\Local\Temp\3202014634.exe
2018-01-09 13:35 - 2018-01-09 15:59 - 000000000 ____D C:\Users\javie\AppData\Roaming\Enigma Software Group
2018-01-09 13:35 - 2018-01-09 13:35 - 000003442 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
Task: {7FA82EC8-D629-4A07-9940-5BB403E9F8F9} - System32\Tasks\SpyHunter4Startup
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>
C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  
Task: {27039B8C-41A7-4620-95C8-023E864E8CC5} - \Microsoft\Windows\UNP\RunCampaignManager
Task: {32A2D22C-3931-4494-9EB5-D75E52DEF38F} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate]
Task: {558BCA4A-7C10-4D03-8723-EC899E904256} - System32\Tasks\R@1n-KMS\Office16VisioPro => wmic [Argument = path SoftwareLicensingProduct where
(ID="6bf301c1-b94a-43e9-ba31-d494598c47fb") call Activate]
Task: {61ECF38A-5A30-43A5-B765-0BFAF6197E3E} - System32\Tasks\xbwYXbxiEmYE => C:\Users\javie\kgVMTONruU.bat
Task: {74F39481-0421-4BD7-B320-9AB4713BB646} - System32\Tasks\aoueVBoxGUoAY => C:\Program Files (x86)\oiyuisyEuG.bat
Task: {7FA82EC8-D629-4A07-9940-5BB403E9F8F9} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files\Enigma Software Group
Task: {A0923D8E-D307-43CE-91E5-89532750B849} - System32\Tasks\R@1n-KMS\Office16ProjectPro => wmic [Argument = path SoftwareLicensingProduct where (ID="4f414197-0fc2-4c01-b68a-86cbb9ac254c") call Activate]
Task: {C68DC61F-7DB6-468C-8B6D-1ABCA7C7EB83} - System32\Tasks\oRuJJvmeeEyz => C:\Users\javie\AppData\Local\dYaIFadAySYYO.exe [2017-09-29] (Microsoft Corporation)
Task: {D319B8BC-96E1-4793-AEF5-1F5E4CA252BE} - \User_Feed_Synchronization-{58930567-0F8E-4BD7-A0A1-A32021E972AE}
Task:
{ECD7AB39-0086-40A3-8E14-6B3B6B0BA9F3} - System32\Tasks\R@1n-KMS\Windows64Core => wmic [Argument = path SoftwareLicensingProduct where (ID="58e97c99-f377-4ef1-81d5-4ad5522b5fd8") call Activate]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [124]
AlternateDataStreams: C:\Users\javie\Documents\LlaveCoche.jpg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\javie\Documents\LlaveCoche.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{2B26BE57-3D32-422A-A9C1-6A92C650C3C3}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{0C000D31-EAEF-45F4-A710-7975E6B93085}] => (Allow) C:\Torrentex\Torrentex.exe
C:\Torrentex
FirewallRules: [{464C0E18-FF22-4BE0-A67C-517B71CD35B3}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{76F167C4-A3A0-4D21-B39C-4F8FA1BE73F6}] => (Allow) C:\Windows\KMS-R@1n.exe
Folder: C:\Users\javie\AppData\Roaming\SigmaPlot 11.0
File: C:\WINDOWS\SysWOW64\oxgmq9b.dll
cmd: netsh winsock reset catalog
cmd: netsh int ip
reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\WINDOWS\System32\Tasks\R@1n-KMS" => not found
"C:\WINDOWS\KMS-R@1n.exe" => not found
"C:\WINDOWS\KMS-R@1nHook.dll" => not found
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found
"C:\WINDOWS\system32\GroupPolicy\User" => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2554971688-3712468172-2774804493-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found
HKLM\Software\Classes\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp => key not found
"FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files" => not found
(x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File] => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf => key not found
C:\Users\javie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 => moved successfully
KMS-R@1n => service not found.
0166041515233684mcinstcleanup => service not found.
 
"C:\WINDOWS\TEMP" folder move:
 
Could not move "C:\WINDOWS\TEMP" => Scheduled to move on reboot.
 
S1 ZAM => Error: No automatic fix found for this entry.
"C:\ProgramData\TEMP" => not found
"C:\WINDOWS\wininit.ini" => not found
"C:\WINDOWS\System32\Tasks\aoueVBoxGUoAY" => not found
"C:\WINDOWS\System32\Tasks\xbwYXbxiEmYE" => not found
"C:\WINDOWS\System32\Tasks\oRuJJvmeeEyz" => not found
"C:\Users\javie\AppData\Local\WMI.ini" => not found
"2018-01-08 17:59 - 2017-09-29 14:42 -" => not found
000174592 _____ (Microsoft Corporation) C:\Users\javie\AppData\Local\oygdrkevIvuG.exe => Error: No automatic fix found for this entry.
"C:\Users\javie\AppData\Local\dYaIFadAySYYO.exe" => not found
"C:\Users\javie\AuaYcO" => not found
"C:\Users\javie\AppData\Local\yUIuaFhL" => not found
"C:\Program Files (x86)\oiyuisyEuG" => not found
"C:\Users\javie\kgVMTONruU" => not found
"C:\Users\javie\AuaYcO.bat" => not found
"C:\Users\javie\kgVMTONruU.bat" => not found
"C:\Program Files (x86)\oiyuisyEuG" => not found
"C:\Program Files (x86)\oiyuisyEuG.bat" => not found
"2018-01-08 17:59 - 2018-01-08 17:59 - 000000001 _____ ()" => not found
"C:\Users\javie\AppData\Local\WMI.ini" => not found
"C:\Users\javie\AppData\Local\yUIuaFhL" => not found
"C:\Users\javie\AppData\Local\yUIuaFhL.bat" => not found
"C:\Users\javie\AppData\Local\Temp\14506583.exe" => not found
"C:\Users\javie\AppData\Local\Temp\2950718643.exe" => not found
"C:\Users\javie\AppData\Local\Temp\3202014634.exe" => not found
"C:\Users\javie\AppData\Roaming\Enigma Software Group" => not found
"C:\WINDOWS\System32\Tasks\SpyHunter4Startup" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FA82EC8-D629-4A07-9940-5BB403E9F8F9} => key not found
"C:\WINDOWS\System32\Tasks\SpyHunter4Startup" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => key not found
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => key not found
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => key not found
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => key not found
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => key not found
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => key not found
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key not found
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found
"C:\Users\javie\AppData\Local\MEGAsync\ShellExtX64.dll" => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => key not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key not found
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => key not found
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => key not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key not found
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27039B8C-41A7-4620-95C8-023E864E8CC5} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32A2D22C-3931-4494-9EB5-D75E52DEF38F} => key not found
"C:\WINDOWS\System32\Tasks\R@1n-KMS\Office16ProPlus" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Office16ProPlus => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{558BCA4A-7C10-4D03-8723-EC899E904256} => key not found
"C:\WINDOWS\System32\Tasks\R@1n-KMS\Office16VisioPro" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Office16VisioPro => key not found
call Activate] => No running process found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61ECF38A-5A30-43A5-B765-0BFAF6197E3E} => key not found
"C:\WINDOWS\System32\Tasks\xbwYXbxiEmYE" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\xbwYXbxiEmYE => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74F39481-0421-4BD7-B320-9AB4713BB646} => key not found
"C:\WINDOWS\System32\Tasks\aoueVBoxGUoAY" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\aoueVBoxGUoAY => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FA82EC8-D629-4A07-9940-5BB403E9F8F9} => key not found
"C:\WINDOWS\System32\Tasks\SpyHunter4Startup" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => key not found
"C:\Program Files\Enigma Software Group" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0923D8E-D307-43CE-91E5-89532750B849} => key not found
"C:\WINDOWS\System32\Tasks\R@1n-KMS\Office16ProjectPro" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Office16ProjectPro => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C68DC61F-7DB6-468C-8B6D-1ABCA7C7EB83} => key not found
"C:\WINDOWS\System32\Tasks\oRuJJvmeeEyz" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\oRuJJvmeeEyz => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D319B8BC-96E1-4793-AEF5-1F5E4CA252BE} => key not found
Task: => Error: No automatic fix found for this entry.
{ECD7AB39-0086-40A3-8E14-6B3B6B0BA9F3} - System32\Tasks\R@1n-KMS\Windows64Core => wmic [Argument = path SoftwareLicensingProduct where (ID="58e97c99-f377-4ef1-81d5-4ad5522b5fd8") call Activate] => Error: No automatic fix found for this entry.
"C:\ProgramData\TEMP" => ":CB0AACC9" ADS not found.
C:\Users\javie\Documents\LlaveCoche.jpg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\javie\Documents\LlaveCoche.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS could not remove.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2B26BE57-3D32-422A-A9C1-6A92C650C3C3}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0C000D31-EAEF-45F4-A710-7975E6B93085}" => not found
"C:\Torrentex" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{464C0E18-FF22-4BE0-A67C-517B71CD35B3}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{76F167C4-A3A0-4D21-B39C-4F8FA1BE73F6}" => not found
 
========================= Folder: C:\Users\javie\AppData\Roaming\SigmaPlot 11.0 ========================
 
2017-01-02 17:44 - 2018-01-03 00:54 - 000016856 ____H [30CFCB16F40489B7E4C784C61C6F1B55] () C:\Users\javie\AppData\Roaming\SigmaPlot 11.0\CommandBars
 
====== End of Folder: ======
 
 
========================= File: C:\WINDOWS\SysWOW64\oxgmq9b.dll ========================
 
C:\WINDOWS\SysWOW64\oxgmq9b.dll
File not signed
MD5: 36D7D5C6F49B9F2F28B1577E76D2C402
Creation and modification date: 2015-10-30 08:18 - 2018-01-03 00:54
Size: 000000204
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0
 
====== End of File: ======
 
 
========= netsh winsock reset catalog =========
 
 
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
 
 
========= End of CMD: =========
 
 
========= netsh int ip =========
 
 
Los siguientes comandos est n disponibles:
 
Comandos en este contexto:
?              - Muestra una lista de comandos.
add            - Agrega una entrada de configuraci¢n a una tabla.
delete         - Elimina una entrada de configuraci¢n de una tabla.
dump           - Muestra un script de configuraci¢n.
help           - Muestra una lista de comandos.
install        - Instala el protocolo IP.
reset          - Restablece las configuraciones de IP.
set            - Establece la informaci¢n de configuraci¢n.
show           - Muestra informaci¢n.
uninstall      - Desinstala el protocolo IP.
 
Para ver m s ayuda acerca de un comando, escr¡balo seguido de un espacio y 
despu‚s escriba ?.
 
 
========= End of CMD: =========
 
reset C:\resettcpip.txt => Error: No automatic fix found for this entry.
 
========= netsh advfirewall reset =========
 
Aceptar
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Aceptar
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Configuraci¢n IP de Windows
 
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6426063 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 748971 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 12234 B
NetworkService => 282623084 B
javie => 446950 B
 
RecycleBin => 0 B
EmptyTemp: => 284.3 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-01-2018 12:24:39)
 
C:\WINDOWS\TEMP => Could not move
 
==== End of Fixlog 12:24:42 ====
 
# AdwCleaner 7.0.6.0 - Logfile created on Fri Jan 12 11:36:49 2018
# Updated on 2017/21/12 by Malwarebytes 
# Database: 01-10-2018.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [2630 B] - [2018/1/11 16:52:19]
C:/AdwCleaner/AdwCleaner[C1].txt - [1318 B] - [2018/1/11 17:7:6]
C:/AdwCleaner/AdwCleaner[S0].txt - [2788 B] - [2018/1/11 16:50:49]
C:/AdwCleaner/AdwCleaner[S1].txt - [1146 B] - [2018/1/11 17:6:28]
C:/AdwCleaner/AdwCleaner[S2].txt - [1214 B] - [2018/1/12 10:7:44]
C:/AdwCleaner/AdwCleaner[S3].txt - [1281 B] - [2018/1/12 11:27:8]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt ##########

 

 

Thank you very much for your help!



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:03 PM

Posted 12 January 2018 - 10:01 AM

Thank you for the information.

There are a number of other entries similar to the ones I listed with the .csv file extension. I only picked 2 as an example. The remaining entries are not malicious but if you want to remove them you can or let me know and I can post a fix to remove them. Either way.

-----

It appears you may have run the fixlist twice. Is that a possibility?

-----
 

cmd prompt advices

Is there any specific information you see?

-----

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CloseProcesses:
C:\Users\javie\AppData\Roaming\SigmaPlot 11.0
2018-01-03 00:54 - 2015-10-30 08:18 - 000000204 _____ C:\WINDOWS\SysWOW64\oxgmq9b.dll
2018-01-03 00:54 - 2015-10-30 08:18 - 000000100 _____ C:\WINDOWS\SysWOW64\prsgrc.dll
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlist
  • cmd information
  • Update on computer performance

Edited by Oh My!, 12 January 2018 - 10:02 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Keflas

Keflas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 12 January 2018 - 01:12 PM

Hello,

 

I have deleted the .csv files (there was 10 in total). Yes, I think I run it twice, sorry. It seems that the two or three last times I restart the computer the cmd prompt doesn't appear and it was a pretty normal performance but earlier the information was about files copied, something about BITSADMIN and a pop-up window in internet which was stopped by Malwarebytes. This Malwarebytes window said the file involved in the pop-up was System32/svchost.exe

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by javie (12-01-2018 18:42:20) Run:4
Running from C:\Users\javie\Desktop
Loaded Profiles: javie (Available Profiles: javie)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
C:\Users\javie\AppData\Roaming\SigmaPlot 11.0
2018-01-03 00:54 - 2015-10-30 08:18 - 000000204 _____ C:\WINDOWS\SysWOW64\oxgmq9b.dll
2018-01-03 00:54 - 2015-10-30 08:18 - 000000100 _____ C:\WINDOWS\SysWOW64\prsgrc.dll
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
 
*****************
 
Processes closed successfully.
C:\Users\javie\AppData\Roaming\SigmaPlot 11.0 => moved successfully
C:\WINDOWS\SysWOW64\oxgmq9b.dll => moved successfully
C:\WINDOWS\SysWOW64\prsgrc.dll => moved successfully
================== ExportKey: ===================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"SecurityHealth"="070000004d19370a6289d301"
"NvBackend"="0300000067f126f2760cd201"
"AvastUI.exe"="03000000c0171b136289d301"
"CVPWU7EN"="03000000a9efe11b6289d301"
"ZAM"="020000000000000000000000"
"AvgUi"="020000000000000000000000"
"AVGUI.exe"="020000000000000000000000"
 
=== End of ExportKey ===
 
 
The system needed a reboot.
 
==== End of Fixlog 18:42:23 ====
 
 
Thank you!


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:03 PM

Posted 12 January 2018 - 07:16 PM

Greetings.

Just to verify, the pop up happened before the fix but now it does not happen, is that correct?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|"CVPWU7EN"
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Pop up now?
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Keflas

Keflas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 13 January 2018 - 04:36 AM

There is no pop up since my last reply, so everything seems normal. This is the Fixlog.txt:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by javie (13-01-2018 10:20:14) Run:5
Running from C:\Users\javie\Desktop
Loaded Profiles: javie (Available Profiles: javie)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|"CVPWU7EN"
 
*****************
 
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\"CVPWU7EN"" => not found
 
==== End of Fixlog 10:20:14 ====
 
Thank you very much for all the replies! You saved me!


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:03 PM

Posted 13 January 2018 - 08:25 PM

You are welcome.

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Analysis log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Keflas

Keflas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 14 January 2018 - 10:28 AM

The computer still running OK! Thanks!
 
ESET log:
 
C:\Users\javie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Cache\f_000fbd JS/CoinMiner.H potentially unsafe application
C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe a variant of Win32/KingSoft.D potentially unwanted application cleaned by deleting
C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe a variant of Win32/KingSoft.D potentially unwanted application cleaned by deleting
 
Security Analysis log:
 
Result of Security Analysis by Rocket Grannie (x86) Updated: 29th December, 2017
Running from:C:\Users\javie\Desktop (16:25:48 - 01/14/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
AVG Antivirus (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
AVG Antivirus (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
CCleaner (5.38)
Google Chrome (63.0.3239.132)
Java (8.0.1510.12)
Malwarebytes (3.3.1.2183)
 
***----------------Analysis Complete-------------------------***


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:03 PM

Posted 14 January 2018 - 11:55 AM

That looks great. Looks like we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users