Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with: "PUP.Optional", "MachineLearning/Anomalous.100%" etc


  • This topic is locked This topic is locked
60 replies to this topic

#1 Santibuduba

Santibuduba

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 10 April 2018 - 08:12 PM

Posted Today, 01:07 PM

Hello everyone!

 

The other day I was installing some new programs on my pc, And i realised that i got a Virus. I've tried removing it uisng ADW CLEANER and Malwarebytes, but they seem not to be helpful.

This virus, consumes a lot of my memory ,disc and cpu usage, and when i tried to search in google "adwcleaner" o "roguekiller", google chrome crashes automactilly. Same happens with Microsoft edge and internet explorer.

Im running windows 10, 64 bits. I have a toshiba satellite p855-s5312, with and Intel i5 and 6 gb of ram. 

 

 

See the complete topic here (

 

buddy215

 

Replied me and told me to follow this guide (https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/) from step 6.

 

I couldnt complete this step, due to google chrome tends to crash when i try to open the download link of the program.

 

 

Before posting here, i ran a complete analisis with malwarebytes, and this detected the things seen in the screenshot.

 

After that I've used other computer and donwloaded Adwcleaner, as i couldnt search for it in my own computer.I sticked a usb drive, and I ran it, (after several times of having it crashing) and it detected some other viruses. Sorry i couldnt upload the register, I couldn't save it. But I deleted all the things that the program detected

 

I saw that one of the virus destinations was a folder called "adwcleaner" located in /C programs files, I tried to enter to this folder, but trying that reboot me to the desktop, and closed me that window.

 

Then I've downloaded Avast antivirus, run a complete scan, and it detected nothing. simultaneously i was running a complete scan with windows defender, and it detected nothing either.

 

Now, after the Malwarebytes and the Adwcleaner, scans, my computer looks to run better, but when I try to search for "adwcleaner" it keeps crashing my browsers. On the other hand it looks like it keeps consuming to much resources with no explanation...

 

 

Hope I was clear explaining the problem, and someone can help me! Sorry for my spelling Im not english either!

 

Thanks a lot!

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:15 PM

Posted 10 April 2018 - 08:47 PM

Welcome :)

After that I've used other computer and donwloaded Adwcleaner, as i couldnt search for it in my own computer.I sticked a usb drive, and I ran it, (after several times of having it crashing) and it detected some other viruses. Sorry i couldnt upload the register, I couldn't save it. But I deleted all the things that the program detected

Using another computer download the application, transfer to the infected computer via a USB Flashdrive and run the application following these steps.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Santibuduba

Santibuduba
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 10 April 2018 - 10:25 PM

Hey, thank you for the quick response! I took me a while, cause the program crashed several times, and i had to reboot my pc. But here there are! 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Santi (administrator) on SANTI (11-04-2018 00:05:53)
Running from E:\
Loaded Profiles: Santi (Available Profiles: Santi)
Platform: Windows 10 Home Version 1709 16299.334 (X64) Language: Inglés (Estados Unidos)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
() C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Spotify Ltd) C:\Users\CARLOS\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files\Toshiba\Hotkey\Hotkey\TCrdKBB.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.251_none_16dd4c82321e5ccc\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)
HKLM\...\Run: [TosPU] => C:\Program Files\TOSHIBA\PasswordUtility\TosPU.exe [2374552 2012-08-27] (Copyright © TOSHIBA Corp. 2012)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-28] (Synaptics Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2012-07-20] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-09-18] (Intel)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [chrome] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc.)
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\Run: [Speech Recognition] => C:\windows\Speech\Common\sapisvr.exe [44032 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-08-29] (Disc Soft Ltd)
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\Run: [{11B6CA74-0359-4E8B-9729-1902B9ADD29C}] => "C:\Users\CARLOS\Downloads\LeagueofLegends_LA2_Installer_2016_05_27.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{11B6CA74-0359-4E8B-9729-1902B9ADD29C}"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\Run: [Spotify Web Helper] => C:\Users\CARLOS\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-31] (Spotify Ltd)
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\MountPoints2: {25c0fdf2-5392-11e3-bec6-b888e31ba722} - "E:\setup.exe" 
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2015-09-15]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (No File)
Startup: C:\Users\CARLOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar a OneNote.lnk [2017-10-04]
ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\CARLOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Supervisar alertas de tinta - HP Deskjet 2540 series.lnk [2017-02-18]
ShortcutTarget: Supervisar alertas de tinta - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\bin\HPStatusBL.dll (No File)
GroupPolicyUsers\S-1-5-21-1380135985-2673685752-3878894861-1001\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{52ebbd13-0232-419d-a357-bb1847d37716}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a89ed696-7da7-4387-9647-5933b50f2990}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131675270821724724&GUID=7D1FD928-B88B-41AB-A9F7-E807E467A2B9
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/
hxxp://숱鐲숱鐲숱鐲ᷜᆔጱ蠀抰銷翹/
hxxp://℘銼翹/
hxxp:///
hxxp:///
hxxp:///
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-15] (Oracle Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKF~1\PlugIns\IEHelp.dll => No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-15] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\CARLOS\AppData\Roaming\Philips-Songbird\Profiles\stpzumqw.default [2015-04-21]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\albumart@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\fileassociation@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gogear@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\langpack-es-ES@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\msc@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mtp@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-branding@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-likemusic@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-promotions@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-skin@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-ui@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\windowsmedia@songbirdnest.com [not found]
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\windows\system32\npDeployJava1.dll [2013-05-27] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1380135985-2673685752-3878894861-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\CARLOS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-27] (Unity Technologies ApS)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/"
CHR Profile: C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default [2018-04-11]
CHR Extension: (Presentaciones) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-06]
CHR Extension: (Documentos) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-06]
CHR Extension: (Google Drive) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-06]
CHR Extension: (YouTube) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-06]
CHR Extension: (Adblock Plus) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-06]
CHR Extension: (Adobe Acrobat) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-04-06]
CHR Extension: (Hojas de cálculo) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-06]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-06]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-04-06]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-08-29] (Disc Soft Ltd)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2017-09-18] (Intel)
S3 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [236832 2015-10-07] (EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-08-07] (Realsil Microelectronics Inc.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2017-05-18] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 McNeelUpdate; c:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [66904 2017-05-22] (Robert McNeel & Associates)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-04-04] ()
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [66872 2014-02-05] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [320512 2017-01-11] (Realtek Semiconductor)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe [157456 2017-03-07] ()
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-07] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-04] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswTap; C:\WINDOWS\system32\DRIVERS\aswTap.sys [53904 2017-02-26] (The OpenVPN Project)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-09-14] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-09-14] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
S3 hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2015-07-14] (LogMeIn Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-04-09] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-04-10] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-04-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-09] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-04-10] (Malwarebytes)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew00.sys [3352336 2015-05-04] (Intel Corporation)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 semav6msr64; C:\windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-28] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-07] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-07] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
R3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-11 00:09 - 2018-04-11 00:09 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000505-000000.txt
2018-04-11 00:09 - 2018-04-11 00:09 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000504-000000.txt
2018-04-11 00:05 - 2018-04-11 00:05 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000503-000000.txt
2018-04-11 00:05 - 2018-04-11 00:05 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000502-000000.txt
2018-04-11 00:02 - 2018-04-11 00:02 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000501-000000.txt
2018-04-11 00:01 - 2018-04-11 00:01 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000500-000000.txt
2018-04-11 00:01 - 2018-04-11 00:01 - 000000000 ____D C:\FRST
2018-04-10 23:57 - 2018-04-10 23:57 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000499-000000.txt
2018-04-10 23:57 - 2018-04-10 23:57 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000498-000000.txt
2018-04-10 23:31 - 2018-04-10 23:31 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000497-000000.txt
2018-04-10 23:31 - 2018-04-10 23:31 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000496-000000.txt
2018-04-10 23:29 - 2018-04-10 23:29 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000495-000000.txt
2018-04-10 23:28 - 2018-04-10 23:28 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000494-000000.txt
2018-04-10 23:25 - 2018-04-10 23:25 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000493-000000.txt
2018-04-10 23:25 - 2018-04-10 23:25 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000492-000000.txt
2018-04-10 23:21 - 2018-04-10 23:21 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000491-000000.txt
2018-04-10 23:21 - 2018-04-10 23:21 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000490-000000.txt
2018-04-10 23:18 - 2018-04-10 23:18 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000489-000000.txt
2018-04-10 23:17 - 2018-04-10 23:17 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000488-000000.txt
2018-04-10 23:14 - 2018-04-10 23:14 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000487-000000.txt
2018-04-10 23:13 - 2018-04-10 23:13 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000486-000000.txt
2018-04-10 23:10 - 2018-04-10 23:10 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000485-000000.txt
2018-04-10 23:10 - 2018-04-10 23:10 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000484-000000.txt
2018-04-10 23:06 - 2018-04-10 23:06 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000483-000000.txt
2018-04-10 23:06 - 2018-04-10 23:06 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000482-000000.txt
2018-04-10 23:03 - 2018-04-10 23:03 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000481-000000.txt
2018-04-10 23:02 - 2018-04-10 23:02 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000480-000000.txt
2018-04-10 22:59 - 2018-04-10 22:59 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000479-000000.txt
2018-04-10 22:58 - 2018-04-10 22:58 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000478-000000.txt
2018-04-10 22:55 - 2018-04-10 22:55 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000476-000000.txt
2018-04-10 22:55 - 2018-04-10 22:55 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000477-000000.txt
2018-04-10 22:51 - 2018-04-10 22:51 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000475-000000.txt
2018-04-10 22:51 - 2018-04-10 22:51 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000474-000000.txt
2018-04-10 22:48 - 2018-04-10 22:48 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000473-000000.txt
2018-04-10 22:47 - 2018-04-10 22:47 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000472-000000.txt
2018-04-10 22:44 - 2018-04-10 22:44 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000471-000000.txt
2018-04-10 22:44 - 2018-04-10 22:44 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000470-000000.txt
2018-04-10 22:40 - 2018-04-10 22:40 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000469-000000.txt
2018-04-10 22:40 - 2018-04-10 22:40 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000468-000000.txt
2018-04-10 22:37 - 2018-04-10 22:37 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000467-000000.txt
2018-04-10 22:36 - 2018-04-10 22:36 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000466-000000.txt
2018-04-10 22:33 - 2018-04-10 22:33 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000465-000000.txt
2018-04-10 22:32 - 2018-04-10 22:32 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000464-000000.txt
2018-04-10 22:29 - 2018-04-10 22:29 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000463-000000.txt
2018-04-10 22:29 - 2018-04-10 22:29 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000462-000000.txt
2018-04-10 22:25 - 2018-04-10 22:25 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000460-000000.txt
2018-04-10 22:25 - 2018-04-10 22:25 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000461-000000.txt
2018-04-10 22:22 - 2018-04-10 22:22 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000459-000000.txt
2018-04-10 22:21 - 2018-04-10 22:21 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000458-000000.txt
2018-04-10 22:18 - 2018-04-10 22:18 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000457-000000.txt
2018-04-10 22:17 - 2018-04-10 22:17 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000456-000000.txt
2018-04-10 22:14 - 2018-04-10 22:14 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000455-000000.txt
2018-04-10 22:14 - 2018-04-10 22:14 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000454-000000.txt
2018-04-10 22:10 - 2018-04-10 22:10 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000453-000000.txt
2018-04-10 22:10 - 2018-04-10 22:10 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000452-000000.txt
2018-04-10 22:07 - 2018-04-10 22:07 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000451-000000.txt
2018-04-10 22:06 - 2018-04-10 22:06 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000450-000000.txt
2018-04-10 22:03 - 2018-04-10 22:03 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000449-000000.txt
2018-04-10 22:02 - 2018-04-10 22:02 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000448-000000.txt
2018-04-10 21:59 - 2018-04-10 21:59 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000447-000000.txt
2018-04-10 21:59 - 2018-04-10 21:59 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000446-000000.txt
2018-04-10 21:55 - 2018-04-10 21:55 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000445-000000.txt
2018-04-10 21:55 - 2018-04-10 21:55 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000444-000000.txt
2018-04-10 21:52 - 2018-04-10 21:52 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000443-000000.txt
2018-04-10 21:51 - 2018-04-10 21:51 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000442-000000.txt
2018-04-10 21:48 - 2018-04-10 21:48 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000441-000000.txt
2018-04-10 21:47 - 2018-04-10 21:47 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000440-000000.txt
2018-04-10 13:38 - 2018-04-10 13:38 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000439-000000.txt
2018-04-10 13:37 - 2018-04-10 13:37 - 000080375 _____ C:\Users\CARLOS\Desktop\Ficha_estudiante.xlsx
2018-04-10 13:37 - 2018-04-10 13:37 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000438-000000.txt
2018-04-10 13:35 - 2018-04-10 13:35 - 001051170 _____ C:\Users\CARLOS\Downloads\Buduba Santiago (1).xlsx
2018-04-10 13:34 - 2018-04-10 13:36 - 000080375 _____ C:\Users\CARLOS\Downloads\Ficha_estudiante.xlsx
2018-04-10 13:34 - 2018-04-10 13:34 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000437-000000.txt
2018-04-10 13:33 - 2018-04-10 13:33 - 001051170 _____ C:\Users\CARLOS\Downloads\Buduba Santiago.xlsx
2018-04-10 13:33 - 2018-04-10 13:33 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000436-000000.txt
2018-04-10 13:30 - 2018-04-10 13:30 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000435-000000.txt
2018-04-10 13:29 - 2018-04-10 13:29 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000434-000000.txt
2018-04-10 13:26 - 2018-04-10 13:26 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000433-000000.txt
2018-04-10 13:26 - 2018-04-10 13:26 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000432-000000.txt
2018-04-10 13:23 - 2018-04-10 13:23 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000431-000000.txt
2018-04-10 13:22 - 2018-04-10 13:22 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000430-000000.txt
2018-04-10 13:21 - 2018-04-10 13:21 - 000000000 ___HD C:\$SysReset
2018-04-10 13:19 - 2018-04-10 13:19 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000429-000000.txt
2018-04-10 13:18 - 2018-04-10 13:18 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000428-000000.txt
2018-04-10 13:15 - 2018-04-10 13:15 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000427-000000.txt
2018-04-10 13:15 - 2018-04-10 13:15 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000426-000000.txt
2018-04-10 13:11 - 2018-04-10 13:11 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000425-000000.txt
2018-04-10 13:11 - 2018-04-10 13:11 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000424-000000.txt
2018-04-10 13:08 - 2018-04-10 13:08 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000423-000000.txt
2018-04-10 13:07 - 2018-04-10 13:07 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000422-000000.txt
2018-04-10 13:04 - 2018-04-10 13:04 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000421-000000.txt
2018-04-10 13:03 - 2018-04-10 13:03 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000420-000000.txt
2018-04-10 13:00 - 2018-04-10 13:00 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000419-000000.txt
2018-04-10 13:00 - 2018-04-10 13:00 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000418-000000.txt
2018-04-10 12:56 - 2018-04-10 12:56 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000417-000000.txt
2018-04-10 12:56 - 2018-04-10 12:56 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000416-000000.txt
2018-04-10 12:53 - 2018-04-10 12:53 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000415-000000.txt
2018-04-10 12:52 - 2018-04-10 12:52 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000414-000000.txt
2018-04-10 12:49 - 2018-04-10 12:49 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000413-000000.txt
2018-04-10 12:48 - 2018-04-10 12:48 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000412-000000.txt
2018-04-10 12:45 - 2018-04-10 12:45 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000411-000000.txt
2018-04-10 12:45 - 2018-04-10 12:45 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000410-000000.txt
2018-04-10 12:41 - 2018-04-10 12:41 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000408-000000.txt
2018-04-10 12:41 - 2018-04-10 12:41 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000409-000000.txt
2018-04-10 12:38 - 2018-04-10 12:38 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000407-000000.txt
2018-04-10 12:37 - 2018-04-10 12:37 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000406-000000.txt
2018-04-10 12:34 - 2018-04-10 12:34 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000405-000000.txt
2018-04-10 12:33 - 2018-04-10 12:33 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000404-000000.txt
2018-04-10 12:30 - 2018-04-10 12:30 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000403-000000.txt
2018-04-10 12:30 - 2018-04-10 12:30 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000402-000000.txt
2018-04-10 12:26 - 2018-04-10 12:26 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000401-000000.txt
2018-04-10 12:26 - 2018-04-10 12:26 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000400-000000.txt
2018-04-10 12:23 - 2018-04-10 12:23 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000399-000000.txt
2018-04-10 12:22 - 2018-04-10 12:22 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000398-000000.txt
2018-04-10 12:19 - 2018-04-10 12:19 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000396-000000.txt
2018-04-10 12:19 - 2018-04-10 12:19 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000397-000000.txt
2018-04-10 12:15 - 2018-04-10 12:15 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000395-000000.txt
2018-04-10 12:15 - 2018-04-10 12:15 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000394-000000.txt
2018-04-10 12:12 - 2018-04-10 12:12 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000393-000000.txt
2018-04-10 12:11 - 2018-04-10 12:11 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000392-000000.txt
2018-04-10 12:08 - 2018-04-10 12:08 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000391-000000.txt
2018-04-10 12:07 - 2018-04-10 12:07 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000390-000000.txt
2018-04-10 12:04 - 2018-04-10 12:04 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000389-000000.txt
2018-04-10 12:04 - 2018-04-10 12:04 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000388-000000.txt
2018-04-10 12:00 - 2018-04-10 12:00 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000387-000000.txt
2018-04-10 12:00 - 2018-04-10 12:00 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000386-000000.txt
2018-04-10 11:57 - 2018-04-10 11:57 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000385-000000.txt
2018-04-10 11:56 - 2018-04-10 11:56 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000384-000000.txt
2018-04-10 11:53 - 2018-04-10 11:53 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000383-000000.txt
2018-04-10 11:52 - 2018-04-10 11:52 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000382-000000.txt
2018-04-10 11:49 - 2018-04-10 11:49 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000381-000000.txt
2018-04-10 11:49 - 2018-04-10 11:49 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000380-000000.txt
2018-04-10 11:45 - 2018-04-10 11:45 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000379-000000.txt
2018-04-10 11:45 - 2018-04-10 11:45 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000378-000000.txt
2018-04-10 11:42 - 2018-04-10 11:42 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000377-000000.txt
2018-04-10 11:41 - 2018-04-10 11:41 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000376-000000.txt
2018-04-10 11:38 - 2018-04-10 11:38 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000375-000000.txt
2018-04-10 11:38 - 2018-04-10 11:38 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000374-000000.txt
2018-04-10 11:34 - 2018-04-10 11:34 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000373-000000.txt
2018-04-10 11:34 - 2018-04-10 11:34 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000372-000000.txt
2018-04-10 11:31 - 2018-04-10 11:31 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000371-000000.txt
2018-04-10 11:30 - 2018-04-10 11:30 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000370-000000.txt
2018-04-10 11:27 - 2018-04-10 11:27 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000369-000000.txt
2018-04-10 11:26 - 2018-04-10 11:26 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000368-000000.txt
2018-04-10 11:23 - 2018-04-10 11:23 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000367-000000.txt
2018-04-10 11:23 - 2018-04-10 11:23 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000366-000000.txt
2018-04-10 11:19 - 2018-04-10 11:19 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000365-000000.txt
2018-04-10 11:19 - 2018-04-10 11:19 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000364-000000.txt
2018-04-10 10:49 - 2018-04-10 22:05 - 000000000 ____D C:\AdwCleaner
2018-04-10 10:37 - 2018-04-10 10:37 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000363-000000.txt
2018-04-10 10:37 - 2018-04-10 10:37 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000362-000000.txt
2018-04-10 00:59 - 2018-04-10 00:59 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-04-10 00:38 - 2018-04-10 00:38 - 000002008 _____ C:\Users\CARLOS\Desktop\Avast Free Antivirus.lnk
2018-04-10 00:33 - 2018-04-10 00:33 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-04-10 00:21 - 2018-04-10 00:21 - 000178320 _____ (AVAST Software) C:\Users\CARLOS\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2018-04-10 00:09 - 2018-04-10 00:09 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000361-000000.txt
2018-04-10 00:09 - 2018-04-10 00:09 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000360-000000.txt
2018-04-09 21:22 - 2018-04-09 21:22 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000359-000000.txt
2018-04-09 21:22 - 2018-04-09 21:22 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000358-000000.txt
2018-04-09 20:36 - 2018-04-10 23:59 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-04-09 20:35 - 2018-04-09 20:35 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000357-000000.txt
2018-04-09 20:33 - 2018-04-09 20:33 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000356-000000.txt
2018-04-09 20:29 - 2018-04-10 23:59 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-04-09 20:29 - 2018-04-10 23:59 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-04-09 20:29 - 2018-04-09 20:35 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-09 20:29 - 2018-04-09 20:29 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-04-09 20:29 - 2018-04-09 20:29 - 000001953 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-09 20:29 - 2018-04-09 20:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-09 20:29 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-09 20:28 - 2018-04-09 20:28 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-09 20:16 - 2018-04-09 20:19 - 071942408 _____ (Malwarebytes ) C:\Users\CARLOS\Downloads\mb3-setup-35891.35891-3.4.5.2467-1.0.342-1.0.4514.exe
2018-04-08 00:34 - 2018-04-08 00:34 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000355-000000.txt
2018-04-08 00:31 - 2018-04-08 00:31 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000354-000000.txt
2018-04-07 22:34 - 2018-04-07 22:34 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000353-000000.txt
2018-04-07 22:32 - 2018-04-07 22:32 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000352-000000.txt
2018-04-06 22:51 - 2018-04-10 11:28 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-04-06 22:51 - 2018-04-06 22:52 - 000000000 ____D C:\Program Files\CCleaner
2018-04-06 22:51 - 2018-04-06 22:51 - 000002850 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-04-06 22:51 - 2018-04-06 22:51 - 000000904 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-04-06 22:51 - 2018-04-06 22:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-04-06 22:50 - 2018-04-06 22:51 - 015333312 _____ (Piriform Ltd) C:\Users\CARLOS\Downloads\ccsetup541pro.exe
2018-04-06 22:48 - 2018-04-06 22:48 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-06 22:46 - 2018-04-06 22:46 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Deployment
2018-04-06 22:34 - 2018-04-06 22:34 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000351-000000.txt
2018-04-06 22:34 - 2018-04-06 22:34 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000350-000000.txt
2018-04-06 21:44 - 2018-04-06 21:44 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000349-000000.txt
2018-04-06 21:44 - 2018-04-06 21:44 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000348-000000.txt
2018-04-06 21:34 - 2018-04-06 21:34 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000347-000000.txt
2018-04-06 21:32 - 2018-04-06 21:32 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000346-000000.txt
2018-04-06 21:19 - 2018-04-06 21:19 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000345-000000.txt
2018-04-06 21:18 - 2018-04-06 21:18 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000344-000000.txt
2018-04-06 21:06 - 2018-04-06 21:06 - 015333312 _____ (Piriform Ltd) C:\Users\CARLOS\Downloads\4a7d68fe-3710-4d33-9a5b-6655616f43b0.tmp
2018-04-06 21:05 - 2018-04-06 21:06 - 008222496 _____ (Malwarebytes) C:\Users\CARLOS\Downloads\9bd81cbc-9c90-4ab8-bf7e-c850d98ca3c0.tmp
2018-04-06 21:05 - 2018-04-06 21:06 - 003932181 _____ C:\Users\CARLOS\Downloads\6668c332-6402-4a6d-a392-7a8896a76b13.tmp
2018-04-06 20:55 - 2018-04-06 20:55 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000343-000000.txt
2018-04-06 20:53 - 2018-04-06 20:53 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000342-000000.txt
2018-04-06 20:39 - 2018-04-06 20:39 - 000001182 _____ C:\Users\Public\Desktop\Rhinoceros 5.lnk
2018-04-06 20:39 - 2018-04-06 20:39 - 000000000 ____D C:\Program Files (x86)\McNeelUpdate
2018-04-06 20:38 - 2018-04-06 20:38 - 000000000 ____D C:\Program Files (x86)\Rhinoceros 5
2018-04-06 19:27 - 2018-04-06 19:27 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000341-000000.txt
2018-04-06 19:27 - 2018-04-06 19:27 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000340-000000.txt
2018-04-06 19:19 - 2018-04-06 22:49 - 000000000 ____D C:\ProgramData\dahjService
2018-04-06 19:19 - 2018-04-06 19:19 - 000003758 _____ C:\WINDOWS\System32\Tasks\{D84182F4-150B-0854-A78D-74B1D3AF2653}
2018-04-06 19:19 - 2018-04-06 19:19 - 000003564 _____ C:\WINDOWS\System32\Tasks\{E99BF826-2C93-FBAE-3C64-CCBA227B8812}
2018-04-06 19:19 - 2018-04-06 19:19 - 000000003 _____ C:\Users\CARLOS\AppData\Local\wbem.ini
2018-04-06 19:19 - 2017-09-29 10:42 - 000174592 _____ (Microsoft Corporation) C:\Users\CARLOS\AppData\Roaming\fyKuEOi.exe
2018-04-06 19:19 - 2017-09-29 10:42 - 000059904 ____N (Microsoft Corporation) C:\Users\CARLOS\AppData\Local\xKyAUNE.exe
2018-04-06 19:19 - 2017-09-29 10:42 - 000059904 ____N (Microsoft Corporation) C:\Users\CARLOS\AppData\Local\Tumo.exe
2018-04-06 19:18 - 2018-04-06 19:20 - 011512643 _____ (ChemTable Software) C:\Users\CARLOS\AppData\Roaming\hui.exe
2018-04-06 18:07 - 2018-04-06 20:41 - 000001196 _____ C:\Users\Public\Desktop\Rhinoceros 5 (64-bit).lnk
2018-04-06 18:07 - 2018-04-06 18:07 - 000000000 ____D C:\Program Files\Rhinoceros 5 (64-bit)
2018-04-06 17:40 - 2018-04-06 18:01 - 474323528 _____ (Igor Pavlov) C:\Users\CARLOS\Downloads\rh50_es-es_5.14.00522.08390 (1).exe
2018-04-06 17:03 - 2018-04-06 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhino 6
2018-04-06 17:03 - 2018-04-06 20:19 - 000000000 ____D C:\Program Files\Rhino 6
2018-04-06 16:29 - 2018-04-06 20:28 - 000000000 ____D C:\Users\CARLOS\Desktop\Nueva carpeta (3)
2018-04-06 16:05 - 2018-04-06 16:05 - 000000000 ____D C:\Users\CARLOS\AppData\Local\3dmouse
2018-04-05 00:50 - 2018-04-05 00:58 - 249195384 _____ (Robert McNeel & Associates) C:\Users\CARLOS\Downloads\rhino_es-es_6.3.18090.00471.exe
2018-04-05 00:09 - 2018-04-05 00:09 - 000055924 _____ C:\Users\CARLOS\Downloads\WhatsApp Image 2018-04-05 at 00.10.34.jpeg
2018-04-04 23:52 - 2018-04-04 23:52 - 001595351 _____ C:\Users\CARLOS\Downloads\Plantilla maqueta.ai
2018-04-04 14:06 - 2018-04-04 14:06 - 000689664 _____ C:\WINDOWS\cae18f11c7879759b35f229cae0de6d7.exe
2018-04-04 14:06 - 2018-04-04 14:06 - 000047241 _____ C:\WINDOWS\uninstaller.dat
2018-03-31 13:17 - 2018-03-31 13:17 - 000066940 _____ C:\Users\CARLOS\Downloads\WhatsApp Image 2018-03-31 at 13.18.00.jpeg
2018-03-23 14:57 - 2018-03-23 14:57 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Tempzxpsign5784121b5fcc9882
2018-03-23 14:55 - 2018-03-23 14:55 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Tempzxpsign286219933262f2a6
2018-03-23 14:55 - 2018-03-23 14:55 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Tempzxpsign10e6fc7b5769e3d2
2018-03-23 13:18 - 2018-03-23 13:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2018-03-23 12:08 - 2018-03-23 12:08 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000339-000000.txt
2018-03-23 12:08 - 2018-03-23 12:08 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000338-000000.txt
2018-03-23 12:00 - 2018-03-23 12:01 - 093808776 _____ (Intel® Corporation) C:\Users\CARLOS\Downloads\WiFi_Win10_64_18.40.4.exe
2018-03-23 11:50 - 2018-03-13 04:09 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-23 11:50 - 2018-03-13 04:08 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-23 11:50 - 2018-03-13 04:06 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-23 11:50 - 2018-03-13 04:06 - 000270752 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-23 11:50 - 2018-03-13 04:06 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-23 11:50 - 2018-03-13 04:05 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-23 11:50 - 2018-03-13 04:05 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-23 11:50 - 2018-03-13 04:04 - 000749472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-23 11:50 - 2018-03-13 04:04 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-23 11:50 - 2018-03-13 04:04 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-23 11:50 - 2018-03-13 04:03 - 005907288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-03-23 11:50 - 2018-03-13 04:03 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-23 11:50 - 2018-03-13 04:03 - 000779960 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-03-23 11:50 - 2018-03-13 04:03 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-03-23 11:50 - 2018-03-13 04:03 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-23 11:50 - 2018-03-13 04:03 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-23 11:50 - 2018-03-13 04:03 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-03-23 11:50 - 2018-03-13 04:03 - 000279960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-23 11:50 - 2018-03-13 04:03 - 000273312 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-23 11:50 - 2018-03-13 04:02 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-23 11:50 - 2018-03-13 04:02 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-23 11:50 - 2018-03-13 04:02 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-03-23 11:50 - 2018-03-13 04:02 - 001415288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-23 11:50 - 2018-03-13 04:02 - 001209752 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-23 11:50 - 2018-03-13 04:01 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-03-23 11:50 - 2018-03-13 03:59 - 000535968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-03-23 11:50 - 2018-03-13 03:58 - 000377760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-23 11:50 - 2018-03-13 03:58 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-23 11:50 - 2018-03-13 03:57 - 000711432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-03-23 11:50 - 2018-03-13 03:57 - 000540056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-23 11:50 - 2018-03-13 03:55 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-23 11:50 - 2018-03-13 03:55 - 001778360 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-03-23 11:50 - 2018-03-13 03:55 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-03-23 11:50 - 2018-03-13 03:55 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-23 11:50 - 2018-03-13 03:55 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-23 11:50 - 2018-03-13 03:55 - 000246176 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-03-23 11:50 - 2018-03-13 03:54 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-03-23 11:50 - 2018-03-13 03:54 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-23 11:50 - 2018-03-13 03:54 - 000555936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-23 11:50 - 2018-03-13 03:54 - 000163744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-03-23 11:50 - 2018-03-13 03:53 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-23 11:50 - 2018-03-13 03:53 - 000902928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-03-23 11:50 - 2018-03-13 03:53 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2018-03-23 11:50 - 2018-03-13 03:53 - 000113568 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-03-23 11:50 - 2018-03-13 03:52 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-23 11:50 - 2018-03-13 03:52 - 000172112 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2018-03-23 11:50 - 2018-03-13 03:51 - 002773408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-03-23 11:50 - 2018-03-13 03:51 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-03-23 11:50 - 2018-03-13 03:50 - 000617312 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-03-23 11:50 - 2018-03-13 02:56 - 025253376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-23 11:50 - 2018-03-13 02:41 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-03-23 11:50 - 2018-03-13 02:40 - 003663872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-23 11:50 - 2018-03-13 02:40 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-23 11:50 - 2018-03-13 02:40 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-03-23 11:50 - 2018-03-13 02:37 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-03-23 11:50 - 2018-03-13 02:37 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-23 11:50 - 2018-03-13 02:37 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-23 11:50 - 2018-03-13 02:36 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2018-03-23 11:50 - 2018-03-13 02:36 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-03-23 11:50 - 2018-03-13 02:35 - 008031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-23 11:50 - 2018-03-13 02:35 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-23 11:50 - 2018-03-13 02:35 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-03-23 11:50 - 2018-03-13 02:34 - 008727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-03-23 11:50 - 2018-03-13 02:34 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-03-23 11:50 - 2018-03-13 02:33 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-23 11:50 - 2018-03-13 02:33 - 007544832 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-03-23 11:50 - 2018-03-13 02:33 - 001574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2018-03-23 11:50 - 2018-03-13 02:33 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-23 11:50 - 2018-03-13 02:33 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-03-23 11:50 - 2018-03-13 02:33 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-03-23 11:50 - 2018-03-13 02:33 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2018-03-23 11:50 - 2018-03-13 02:33 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-03-23 11:50 - 2018-03-13 02:32 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-23 11:50 - 2018-03-13 02:32 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2018-03-23 11:50 - 2018-03-13 02:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-03-23 11:50 - 2018-03-13 02:32 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-03-23 11:50 - 2018-03-13 02:31 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-23 11:50 - 2018-03-13 02:31 - 004746240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-23 11:50 - 2018-03-13 02:31 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-03-23 11:50 - 2018-03-13 02:31 - 001263104 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-03-23 11:50 - 2018-03-13 02:31 - 001173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-03-23 11:50 - 2018-03-13 02:30 - 007145472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-03-23 11:50 - 2018-03-13 02:30 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-03-23 11:50 - 2018-03-13 02:30 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-03-23 11:50 - 2018-03-13 02:30 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2018-03-23 11:50 - 2018-03-13 02:30 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-03-23 11:50 - 2018-03-13 02:29 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-03-23 11:50 - 2018-03-13 02:29 - 003170816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-03-23 11:50 - 2018-03-13 02:29 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-03-23 11:50 - 2018-03-13 02:29 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-03-23 11:50 - 2018-03-13 02:29 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 003160576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-23 11:50 - 2018-03-13 02:28 - 001967104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 001157632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 000837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-03-23 11:50 - 2018-03-13 02:28 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-03-23 11:50 - 2018-03-13 02:27 - 003125760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-03-23 11:50 - 2018-03-13 02:27 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-03-23 11:50 - 2018-03-13 02:27 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-03-23 11:50 - 2018-03-13 02:27 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-03-23 11:50 - 2018-03-13 02:27 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-03-23 11:50 - 2018-03-13 02:26 - 001737728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-03-23 11:50 - 2018-03-13 02:25 - 001346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-03-23 11:50 - 2018-03-13 02:25 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-23 11:50 - 2018-03-13 02:25 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-23 11:50 - 2018-03-13 02:24 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-03-23 11:50 - 2018-03-13 02:24 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-03-23 11:50 - 2018-03-13 02:23 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-03-23 11:50 - 2018-03-13 02:23 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2018-03-23 11:50 - 2018-03-13 02:23 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2018-03-23 11:50 - 2018-03-13 02:22 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-23 11:50 - 2018-03-13 02:22 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2018-03-23 11:50 - 2018-03-13 02:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-23 11:50 - 2018-03-13 02:22 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-23 11:50 - 2018-03-13 02:19 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-23 11:50 - 2018-03-13 02:19 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-03-23 11:50 - 2018-03-13 02:19 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-03-23 11:50 - 2018-03-13 02:19 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-03-23 11:50 - 2018-03-13 02:18 - 000213408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-23 11:50 - 2018-03-13 02:15 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-03-23 11:50 - 2018-03-13 02:08 - 001555784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-03-23 11:50 - 2018-03-13 02:08 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-03-23 11:50 - 2018-03-13 02:06 - 000704080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-03-23 11:50 - 2018-03-13 02:06 - 000564640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2018-03-23 11:50 - 2018-03-13 02:04 - 006481096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-23 11:50 - 2018-03-13 02:04 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-23 11:50 - 2018-03-13 02:04 - 000140592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2018-03-23 11:50 - 2018-03-13 01:44 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-03-23 11:50 - 2018-03-13 01:44 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-23 11:50 - 2018-03-13 01:43 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-23 11:50 - 2018-03-13 01:43 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-03-23 11:50 - 2018-03-13 01:41 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-23 11:50 - 2018-03-13 01:41 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-23 11:50 - 2018-03-13 01:40 - 006118400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-03-23 11:50 - 2018-03-13 01:39 - 019355136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-23 11:50 - 2018-03-13 01:39 - 018923520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-23 11:50 - 2018-03-13 01:39 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-23 11:50 - 2018-03-13 01:39 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-03-23 11:50 - 2018-03-13 01:38 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-03-23 11:50 - 2018-03-13 01:37 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-23 11:50 - 2018-03-13 01:37 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2018-03-23 11:50 - 2018-03-13 01:37 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2018-03-23 11:50 - 2018-03-13 01:37 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-03-23 11:50 - 2018-03-13 01:37 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-03-23 11:50 - 2018-03-13 01:36 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-23 11:50 - 2018-03-13 01:35 - 006204416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-03-23 11:50 - 2018-03-13 01:34 - 002409984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-03-23 11:50 - 2018-03-13 01:33 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-03-23 11:50 - 2018-03-13 01:33 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-03-23 11:50 - 2018-03-13 01:32 - 006030848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-23 11:50 - 2018-03-13 01:32 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-23 11:50 - 2018-03-13 01:32 - 002577408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-03-23 11:50 - 2018-03-13 01:31 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-03-23 11:50 - 2018-03-13 01:31 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-03-23 11:50 - 2018-03-13 01:31 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-03-23 11:50 - 2018-03-13 01:31 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-03-23 11:50 - 2018-03-13 01:30 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-03-23 11:50 - 2018-03-13 01:30 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-03-23 11:50 - 2018-03-13 01:28 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-03-23 11:50 - 2018-03-13 01:27 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2018-03-23 11:50 - 2018-03-13 01:27 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2018-03-23 11:49 - 2018-03-13 03:58 - 000441248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-03-23 11:49 - 2018-03-13 03:55 - 000417440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2018-03-23 11:49 - 2018-03-13 03:55 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-03-23 11:49 - 2018-03-13 03:54 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-23 11:49 - 2018-03-13 03:53 - 000143264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2018-03-23 11:49 - 2018-03-13 03:53 - 000091152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2018-03-23 11:49 - 2018-03-13 03:52 - 000127136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2018-03-23 11:49 - 2018-03-13 02:40 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-03-23 11:49 - 2018-03-13 02:38 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2018-03-23 11:49 - 2018-03-13 02:38 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-03-23 11:49 - 2018-03-13 02:38 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2018-03-23 11:49 - 2018-03-13 02:37 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2018-03-23 11:49 - 2018-03-13 02:37 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2018-03-23 11:49 - 2018-03-13 02:37 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2018-03-23 11:49 - 2018-03-13 02:35 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-03-23 11:49 - 2018-03-13 02:35 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-03-23 11:49 - 2018-03-13 02:35 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2018-03-23 11:49 - 2018-03-13 02:35 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-03-23 11:49 - 2018-03-13 02:35 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2018-03-23 11:49 - 2018-03-13 02:35 - 000219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-03-23 11:49 - 2018-03-13 02:35 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlgpclnt.dll
2018-03-23 11:49 - 2018-03-13 02:34 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-03-23 11:49 - 2018-03-13 02:34 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-03-23 11:49 - 2018-03-13 02:34 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2018-03-23 11:49 - 2018-03-13 02:33 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2018-03-23 11:49 - 2018-03-13 02:33 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2018-03-23 11:49 - 2018-03-13 02:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2018-03-23 11:49 - 2018-03-13 02:32 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-03-23 11:49 - 2018-03-13 02:31 - 002849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-03-23 11:49 - 2018-03-13 02:31 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2018-03-23 11:49 - 2018-03-13 02:31 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2018-03-23 11:49 - 2018-03-13 02:30 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-03-23 11:49 - 2018-03-13 02:29 - 000984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-03-23 11:49 - 2018-03-13 02:28 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-03-23 11:49 - 2018-03-13 02:26 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-03-23 11:49 - 2018-03-13 02:25 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2018-03-23 11:49 - 2018-03-13 02:24 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2018-03-23 11:49 - 2018-03-13 02:07 - 000115104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-23 11:49 - 2018-03-13 01:44 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-03-23 11:49 - 2018-03-13 01:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-03-23 11:49 - 2018-03-13 01:40 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2018-03-23 11:49 - 2018-03-13 01:39 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2018-03-23 11:49 - 2018-03-13 01:39 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-03-23 11:49 - 2018-03-13 01:39 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-03-23 11:49 - 2018-03-13 01:38 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlgpclnt.dll
2018-03-23 11:49 - 2018-03-13 01:37 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2018-03-23 11:49 - 2018-03-13 01:37 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2018-03-23 11:49 - 2018-03-13 01:37 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2018-03-23 11:49 - 2018-03-13 01:36 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-03-23 11:49 - 2018-03-13 01:36 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-03-23 11:49 - 2018-03-13 01:36 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-03-23 11:49 - 2018-03-13 01:34 - 000706048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-03-23 11:49 - 2018-03-13 01:32 - 001948672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-03-23 11:49 - 2018-03-13 01:31 - 001348608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-03-23 11:49 - 2018-03-13 01:26 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2018-03-22 01:48 - 2018-03-22 01:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-03-22 01:47 - 2018-04-06 18:08 - 000000000 ____D C:\Users\CARLOS\Downloads\DS.SolidWorks.2018.SP0.Premium-SSQ
2018-03-22 01:47 - 2018-03-22 01:47 - 013804384 _____ C:\Users\CARLOS\Desktop\SolidWorks.2018.Activator-SSQ.rar
2018-03-22 01:46 - 2018-03-22 01:46 - 000071890 _____ C:\Users\CARLOS\Downloads\SLDWRKSTorrent.rar
2018-03-21 12:01 - 2018-03-21 12:21 - 000000000 ____D C:\Users\CARLOS\Downloads\Harry Potter And The Deathly Hallows Part 2 2011 1080p Bluray x264 (DTS) - HarryLala
2018-03-20 23:15 - 2018-03-20 23:29 - 000000000 ____D C:\Users\CARLOS\Downloads\Harry Potter and the Deathly Hallows Part 1 (2010) [1080p]
2018-03-16 11:26 - 2018-04-06 19:21 - 000000000 ____D C:\Users\CARLOS\AppData\LocalLow\uTorrent
2018-03-15 21:30 - 2018-03-15 21:30 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000337-000000.txt
2018-03-15 21:29 - 2018-03-15 21:29 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000336-000000.txt
2018-03-14 19:35 - 2018-03-02 00:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 19:35 - 2018-03-01 04:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 19:35 - 2018-03-01 04:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-14 19:35 - 2018-03-01 04:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 19:35 - 2018-03-01 04:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-14 19:35 - 2018-03-01 04:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-14 19:35 - 2018-03-01 04:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-14 19:35 - 2018-03-01 04:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-14 19:35 - 2018-03-01 04:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-14 19:35 - 2018-03-01 04:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-14 19:35 - 2018-03-01 04:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-14 19:35 - 2018-03-01 04:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 19:35 - 2018-03-01 03:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-14 19:35 - 2018-03-01 03:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-14 19:35 - 2018-03-01 03:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-14 19:35 - 2018-03-01 03:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-14 19:35 - 2018-03-01 03:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-14 19:35 - 2018-03-01 03:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-14 19:35 - 2018-03-01 03:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-14 19:35 - 2018-03-01 03:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-14 19:35 - 2018-03-01 03:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-14 19:35 - 2018-03-01 03:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-14 19:35 - 2018-03-01 02:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-14 19:35 - 2018-03-01 02:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-14 19:35 - 2018-03-01 02:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-14 19:35 - 2018-03-01 02:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-14 19:35 - 2018-03-01 02:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-14 19:35 - 2018-03-01 02:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-14 19:35 - 2018-03-01 02:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 19:35 - 2018-03-01 02:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-14 19:35 - 2018-03-01 02:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 19:35 - 2018-03-01 02:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-14 19:35 - 2018-03-01 02:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-14 19:35 - 2018-03-01 02:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 19:35 - 2018-03-01 02:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 19:35 - 2018-03-01 02:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-14 19:35 - 2018-03-01 02:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 19:35 - 2018-03-01 02:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-14 19:35 - 2018-03-01 02:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-14 19:35 - 2018-03-01 02:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-14 19:35 - 2018-03-01 02:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-14 19:35 - 2018-03-01 02:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-14 19:35 - 2018-03-01 02:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-14 19:35 - 2018-03-01 02:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-14 19:35 - 2018-03-01 02:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-14 19:35 - 2018-03-01 02:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-14 19:35 - 2018-03-01 02:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-14 19:35 - 2018-03-01 02:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-14 19:35 - 2018-03-01 02:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-14 19:35 - 2018-03-01 02:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-14 19:35 - 2018-03-01 02:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 19:35 - 2018-03-01 02:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-14 19:35 - 2018-03-01 02:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-14 19:35 - 2018-02-21 23:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-14 19:35 - 2018-02-21 23:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-14 19:35 - 2018-02-21 23:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-14 19:35 - 2018-02-21 23:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-14 19:35 - 2018-02-21 23:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-14 19:35 - 2018-02-21 23:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-14 19:35 - 2018-02-21 23:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-14 19:35 - 2018-02-21 23:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-14 19:35 - 2018-02-21 23:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-14 19:35 - 2018-02-21 23:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-14 19:35 - 2018-02-21 22:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-14 19:35 - 2018-02-21 22:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-14 19:35 - 2018-02-21 22:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-14 19:35 - 2018-02-21 22:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-14 19:35 - 2018-02-21 21:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-14 19:35 - 2018-02-21 21:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-14 19:35 - 2018-02-21 21:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-14 19:34 - 2018-03-02 00:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 19:34 - 2018-03-02 00:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 19:34 - 2018-03-02 00:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 19:34 - 2018-03-02 00:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-14 19:34 - 2018-03-02 00:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 19:34 - 2018-03-01 23:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-14 19:34 - 2018-03-01 17:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-14 19:34 - 2018-03-01 04:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 19:34 - 2018-03-01 04:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 19:34 - 2018-03-01 04:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 19:34 - 2018-03-01 04:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 19:34 - 2018-03-01 04:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-14 19:34 - 2018-03-01 04:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 19:34 - 2018-03-01 04:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-14 19:34 - 2018-03-01 03:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-14 19:34 - 2018-03-01 03:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-14 19:34 - 2018-03-01 03:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-14 19:34 - 2018-03-01 03:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-14 19:34 - 2018-03-01 03:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-14 19:34 - 2018-03-01 02:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 19:34 - 2018-03-01 02:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-14 19:34 - 2018-03-01 02:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-14 19:34 - 2018-03-01 02:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-14 19:34 - 2018-03-01 02:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-14 19:34 - 2018-03-01 02:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-14 19:34 - 2018-03-01 02:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-14 19:34 - 2018-03-01 02:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-14 19:34 - 2018-03-01 02:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-14 19:34 - 2018-03-01 02:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 19:34 - 2018-03-01 02:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 19:34 - 2018-03-01 02:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 19:34 - 2018-03-01 02:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 19:34 - 2018-03-01 02:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-14 19:34 - 2018-03-01 02:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-14 19:34 - 2018-03-01 02:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 19:34 - 2018-03-01 02:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 19:34 - 2018-03-01 02:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-14 19:34 - 2018-03-01 02:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-14 19:34 - 2018-02-21 23:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-14 19:34 - 2018-02-21 22:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-14 19:34 - 2018-02-21 22:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-14 19:34 - 2018-02-21 22:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-14 19:34 - 2018-02-21 21:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-14 19:34 - 2018-02-21 21:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 19:34 - 2018-02-21 21:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-14 19:34 - 2018-02-21 21:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-14 19:34 - 2018-02-21 21:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-13 23:08 - 2018-03-13 23:08 - 000000000 ____D C:\Users\CARLOS\Documents\FeedbackHub
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-11 00:07 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-04-11 00:07 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-10 23:57 - 2017-12-02 12:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-10 23:56 - 2017-09-29 10:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-10 23:56 - 2017-09-29 05:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-04-10 23:55 - 2017-12-02 11:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-10 23:28 - 2017-12-02 12:13 - 000005260 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for SANTI-Santi Santi
2018-04-10 21:52 - 2017-09-29 10:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-10 21:52 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-10 13:36 - 2017-12-02 11:44 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Packages
2018-04-10 11:19 - 2013-04-16 16:26 - 000000000 ____D C:\ProgramData\AVAST Software
2018-04-10 10:35 - 2013-02-22 02:23 - 000000000 ____D C:\Users\CARLOS\AppData\Roaming\Skype
2018-04-10 10:22 - 2017-12-02 11:43 - 000000000 ____D C:\Users\CARLOS
2018-04-10 00:39 - 2017-11-03 23:26 - 000000000 ___RD C:\Users\CARLOS\Desktop\-
2018-04-09 22:05 - 2018-02-04 18:25 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Spotify
2018-04-09 22:03 - 2018-02-04 18:10 - 000000000 ____D C:\Users\CARLOS\AppData\Roaming\Spotify
2018-04-09 21:37 - 2018-02-16 23:27 - 000000000 ____D C:\WINDOWS\Minidump
2018-04-09 21:28 - 2013-01-30 21:00 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Adobe
2018-04-09 20:36 - 2017-10-11 13:15 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-04-09 20:28 - 2015-09-15 13:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-09 20:16 - 2017-12-02 12:13 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-04-09 14:48 - 2017-12-02 16:05 - 001058630 _____ C:\WINDOWS\system32\perfh00A.dat
2018-04-09 14:48 - 2017-12-02 16:05 - 000239600 _____ C:\WINDOWS\system32\perfc00A.dat
2018-04-09 14:48 - 2017-12-02 12:10 - 002354402 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-08 00:28 - 2016-03-25 19:24 - 000000000 ____D C:\Users\CARLOS\AppData\Roaming\vlc
2018-04-07 22:43 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-04-07 22:28 - 2013-04-07 21:58 - 000000000 ____D C:\WINDOWS\pss
2018-04-06 22:48 - 2013-01-30 00:54 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Google
2018-04-06 22:47 - 2017-12-02 12:13 - 000003618 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-06 22:47 - 2017-12-02 12:13 - 000003494 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-06 22:47 - 2013-01-30 00:54 - 000000000 ____D C:\Program Files (x86)\Google
2018-04-06 21:12 - 2017-09-29 10:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-06 20:54 - 2017-12-02 11:36 - 005089376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-06 20:46 - 2013-01-31 20:15 - 000000000 ___RD C:\Users\CARLOS\Desktop\Stuff
2018-04-06 20:43 - 2017-04-26 22:28 - 000000000 ____D C:\Users\CARLOS\Desktop\Facultad
2018-04-06 20:41 - 2017-10-26 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhinoceros 5
2018-04-06 20:30 - 2017-10-26 16:59 - 000000500 _____ C:\WINDOWS\SysWOW64\Drivers\ibyfyu_413.set
2018-04-06 20:30 - 2017-10-26 16:59 - 000000500 _____ C:\WINDOWS\SysWOW64\Drivers\ddpnqch185.dat
2018-04-06 20:30 - 2017-10-26 16:59 - 000000500 _____ C:\WINDOWS\d_jdmjol162.ini
2018-04-06 20:23 - 2014-10-27 16:41 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-06 19:21 - 2013-03-17 01:35 - 000000000 ____D C:\Users\CARLOS\AppData\Roaming\uTorrent
2018-04-06 16:28 - 2017-10-26 19:06 - 000000000 ____D C:\Users\CARLOS\AppData\Roaming\McNeel
2018-04-06 16:28 - 2017-10-26 16:59 - 000000000 ____D C:\ProgramData\McNeel
2018-04-04 23:52 - 2017-02-20 19:55 - 000000033 _____ C:\Users\CARLOS\AppData\Roaming\AdobeWLCMCache.dat
2018-03-27 11:50 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-27 11:05 - 2012-08-30 21:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-03-23 13:19 - 2012-11-16 11:00 - 000000000 ____D C:\ProgramData\Intel
2018-03-23 12:03 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-22 01:56 - 2012-08-30 20:56 - 000000000 ____D C:\Program Files (x86)\TOSHIBA
2018-03-22 01:55 - 2015-10-24 00:44 - 000000000 ____D C:\GOG Games
2018-03-22 01:53 - 2017-10-04 14:28 - 000000000 ____D C:\Program Files\rempl
2018-03-22 01:51 - 2014-10-06 21:45 - 000000000 ____D C:\ProgramData\HP
2018-03-22 01:49 - 2017-12-30 10:57 - 000000000 ____D C:\ProgramData\Garmin
2018-03-22 01:48 - 2017-08-29 23:05 - 000000000 ____D C:\Users\CARLOS\AppData\Roaming\Splitscreen Studios
2018-03-21 21:00 - 2015-10-03 23:13 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-15 21:36 - 2017-12-02 12:13 - 000004556 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-03-15 21:35 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-15 21:35 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-15 21:34 - 2017-10-04 02:19 - 000000000 ___RD C:\Users\CARLOS\3D Objects
2018-03-15 21:34 - 2016-11-20 15:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-14 20:50 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-14 20:50 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-03-14 20:50 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-14 20:30 - 2018-03-07 16:57 - 000010622 _____ C:\Users\CARLOS\Desktop\Horarios 2018.xlsx
2018-03-14 19:52 - 2014-09-09 20:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-14 19:47 - 2017-10-11 10:56 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 19:47 - 2013-01-31 03:03 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-14 19:38 - 2017-09-29 10:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 19:38 - 2017-09-29 10:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-13 02:02 - 2017-12-02 11:40 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
 
==================== Files in the root of some directories =======
 
2017-02-20 19:55 - 2018-04-04 23:52 - 000000033 _____ () C:\Users\CARLOS\AppData\Roaming\AdobeWLCMCache.dat
2018-04-06 19:19 - 2017-09-29 10:42 - 000174592 _____ (Microsoft Corporation) C:\Users\CARLOS\AppData\Roaming\fyKuEOi.exe
2018-04-06 19:18 - 2018-04-06 19:20 - 011512643 _____ (ChemTable Software) C:\Users\CARLOS\AppData\Roaming\hui.exe
2017-11-02 00:25 - 2017-11-02 00:25 - 000000028 _____ () C:\Users\CARLOS\AppData\Roaming\kulerdata.json
2015-04-19 09:20 - 2015-04-19 09:20 - 000005872 _____ () C:\Users\CARLOS\AppData\Roaming\veZb3rKDtZpUUQqQzbc
2014-06-12 12:40 - 2014-06-12 12:40 - 000000042 _____ () C:\Users\CARLOS\AppData\Roaming\WB.CFG
2014-02-02 15:34 - 2014-02-02 15:34 - 000000094 _____ () C:\Users\CARLOS\AppData\Local\fusioncache.dat
2015-07-25 10:52 - 2015-07-25 10:52 - 000000000 ___SH () C:\Users\CARLOS\AppData\Local\LumaEmu
2015-07-18 20:28 - 2015-08-10 00:15 - 000534535 _____ () C:\Users\CARLOS\AppData\Local\package.nw.new
2013-03-15 19:40 - 2018-01-11 23:23 - 000007590 _____ () C:\Users\CARLOS\AppData\Local\Resmon.ResmonCfg
2018-04-06 19:19 - 2017-09-29 10:42 - 000059904 ____N (Microsoft Corporation) C:\Users\CARLOS\AppData\Local\Tumo.exe
2018-04-06 19:19 - 2018-04-06 19:19 - 000000003 _____ () C:\Users\CARLOS\AppData\Local\wbem.ini
2013-07-01 21:26 - 2013-07-01 21:28 - 000027074 _____ () C:\Users\CARLOS\AppData\Local\WiDiSetupLog.20130701.212647.txt
2018-04-06 19:19 - 2017-09-29 10:42 - 000059904 ____N (Microsoft Corporation) C:\Users\CARLOS\AppData\Local\xKyAUNE.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-04-10 23:20
 
==================== End of FRST.txt ============================

 

 

And here is the Adittion file:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Santi (11-04-2018 00:13:05)
Running from E:\
Windows 10 Home Version 1709 16299.334 (X64) (2017-12-02 15:15:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1380135985-2673685752-3878894861-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1380135985-2673685752-3878894861-503 - Limited - Disabled)
Guest (S-1-5-21-1380135985-2673685752-3878894861-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1380135985-2673685752-3878894861-1012 - Limited - Enabled)
Santi (S-1-5-21-1380135985-2673685752-3878894861-1001 - Administrator - Enabled) => C:\Users\CARLOS
WDAGUtilityAccount (S-1-5-21-1380135985-2673685752-3878894861-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{8FD6FE5A-E1E1-47F3-BBE6-FE2B1364DCB8}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{2394186A-5445-4293-B739-352009350342}) (Version: 3.0.0.9 - Intel) Hidden
µTorrent (HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_1_0) (Version: 21.1.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1) (Version: 18.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlefield 2™ (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Cosmoteer 0.13.6 (HKLM\...\{BC4C8EB1-3CD1-465D-B4D3-A15F9F0B4C4F}_is1) (Version: 0.13.6 - Walt Destler)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0195 - Disc Soft Ltd)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON XP-211 214 216 Series Printer Uninstall (HKLM\...\EPSON XP-211 214 216 Series) (Version:  - SEIKO EPSON Corporation)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4653 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{01f3f6b8-1a81-4b10-b51f-f69af12e1d69}) (Version: 3.0.0.9 - Intel)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
Malwarebytes versión 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mount and Blade - Warband  - Napoleonic Wars (HKLM-x32\...\Mount and Blade: Warband  - Napoleonic Wars_is1) (Version: 2.1.1.11 - GOG.com)
Mount and Blade - Warband  - Viking Conquest (HKLM-x32\...\Mount and Blade: Warband  - Viking Conquest_is1) (Version: 2.1.1.11 - GOG.com)
Mount and Blade - Warband (HKLM-x32\...\1207666913_is1) (Version: 2.2.0.10 - GOG.com)
Mount and Blade - With Fire and Sword (HKLM-x32\...\1207666903_is1) (Version: 2.0.0.4 - GOG.com)
Mount and Blade (HKLM-x32\...\1207666893_is1) (Version: 2.0.0.4 - GOG.com)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version:  - Native Instruments)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29031 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Rhinoceros 5 (64-bit) (HKLM\...\{31120413-C19E-464C-A0BE-DF13B595BA7F}) (Version: 5.14.00522.08390 - Robert McNeel & Associates)
Rhinoceros 5 (HKLM-x32\...\{015DA80B-D206-42B4-8A52-2054BF0E7434}) (Version: 5.14.00522.08390 - Robert McNeel & Associates)
Rhinoceros 5 Help Media (HKLM-x32\...\{552F40DE-871B-48D8-B07F-43ED512E9B7A}) (Version: 5.6.31022.16390 - Robert McNeel & Associates)
Rhinoceros 5 Language Pack Installer (es-ES) (HKLM-x32\...\{59EDC04B-7048-4424-833C-AB64B1A727B8}) (Version: 5.6.31022.16390 - Robert McNeel & Associates)
SketchUp 2016 (HKLM\...\{9BAF512C-7517-4527-A323-4B006ACD1E65}) (Version: 16.1.1449 - Trimble Navigation Limited)
SketchUp 2017 (HKLM\...\{31645965-D0A5-4D0B-98C8-48A2C804AD7A}) (Version: 17.2.2555 - Trimble Navigation Limited)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Software Intel® PROSet/Wireless (HKLM-x32\...\{88540041-fd0c-4588-9b2f-251e29f7c5a1}) (Version: 18.40.4 - Intel Corporation)
Spotify (HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)
SRS Premium Sound Control Panel (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.3 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
The Elder Scrolls V Skyrim - Legendary Edition (HKLM-x32\...\The Elder Scrolls V Skyrim - Legendary Edition_is1) (Version:  - )
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.8.1C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.1.1 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 1.0.0.5C - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{63E575B6-BEF3-4DE7-823E-508837914157}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.38 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.1 - Compal) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.1 - Compal) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WhatsApp (HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\WhatsApp) (Version: 0.2.5863 - WhatsApp)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1380135985-2673685752-3878894861-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\CARLOS\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1380135985-2673685752-3878894861-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\CARLOS\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1380135985-2673685752-3878894861-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1380135985-2673685752-3878894861-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\CARLOS\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1380135985-2673685752-3878894861-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-05-18] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C0D3589-B585-4DF0-B1AB-F9AABF7D563B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {13DF347F-BCBD-4D32-8EE4-9124D51F00B4} - System32\Tasks\415EF284-2185-47D0-8DF6-6894FFEA027 => C:\Users\CARLOS\AppData\Local\415EF284-2185-47D0-8DF6-6894FFEA027\415EF284-2185-47D0-8DF6-6894FFEA027.exe <==== ATTENTION
Task: {158302CF-C03A-486A-80E1-EAA4B2B27D5D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {170753D0-0BA5-428A-A3EA-7319A75F8A51} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-06] (Microsoft Corporation)
Task: {19022932-6CBC-45F2-A0B1-0E658EA8AA00} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {2039F255-AD1A-4AB3-9C4B-904CBEF6089E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-15] (Adobe Systems Incorporated)
Task: {21B3EDAD-FC12-4970-B7C7-3511390E9BD8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {30CAE21F-7394-444F-8B4B-FAE3841C98C7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-07] (Microsoft Corporation)
Task: {36D5F91A-3F93-4020-BB5F-F784D0E05C0F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-07] (Microsoft Corporation)
Task: {3A6B0FBA-621D-45E4-A75F-804A86F5F951} - System32\Tasks\{13F98F80-1A1C-496D-936D-561828BAF175} => C:\windows\system32\pcalua.exe -a "C:\Users\CARLOS\Desktop\Santi\Juegos\Assassins Creed Revelations\Assassins Creed Revelations Repack\Desinstalar.exe"
Task: {3DB62B8E-A1C8-49D9-9B9E-44C4C18EBAE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-07] (Microsoft Corporation)
Task: {3E5BFE66-BF39-4FFE-97EC-21987AB47FC2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {52CC9CED-D415-49CC-92E8-F7734A05F467} - System32\Tasks\{8236EAE4-3C5C-4D50-B02D-08CD52987C81} => C:\windows\system32\pcalua.exe -a F:\DirectX\dxsetup.exe -d F:\DirectX
Task: {5D6B783F-8C86-4179-8BE3-7088AE4AFB6E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {5E00DB4E-1AA1-48B8-B6F6-0ED330447B4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-06] (Google Inc.)
Task: {62EA05AA-4B0B-4732-BD52-56EF8523A835} - System32\Tasks\EPSON XP-211 214 216 Series Update {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {6892B9A1-D8B9-4352-ADEE-F304639F6F8A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6AD7CAE5-F03D-4319-954D-618A2AC5DEB3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-07] (Microsoft Corporation)
Task: {6E99E421-6880-4F91-B000-BC1A74AF3B37} - System32\Tasks\veZb3rKDtZpUUQqQzbc => C:\Users\CARLOS\AppData\Roaming\veZb3rKDtZpUUQqQzbc.exe <==== ATTENTION
Task: {71BEBB0F-C2EA-4F99-AB5F-34275A58E5EF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {73260907-06DD-4A3C-9DDB-468F7B709AA9} - System32\Tasks\AdobeAAMUpdater-1.0-SANTI-Santi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {75C30A3C-6AC7-4A32-9BD9-8178E8E020B5} - System32\Tasks\{472863B6-13DE-44A4-BAB8-312D127139BD} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/6.2.0.106/es/abandoninstall?source=lightinstaller&page=tsInstall
Task: {782E6FD9-4B82-4681-B2F0-4D69D5C6F67E} - \WPD\SqmUpload_S-1-5-21-1380135985-2673685752-3878894861-1001 -> No File <==== ATTENTION
Task: {7FA1ED39-E9B1-400B-B109-E398AD42DEA0} - System32\Tasks\{E99BF826-2C93-FBAE-3C64-CCBA227B8812} => C:\Users\CARLOS\AppData\Local\xKyAUNE.exe [2017-09-29] (Microsoft Corporation)
Task: {85195F64-848E-46BE-BBC9-CB0E4F417CE3} - System32\Tasks\{EF5025B2-0FA0-4AAD-B444-1C02313CF04C} => C:\windows\system32\pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{993908C2-50E1-4CCB-9846-D663D340896C}
Task: {86FA2C3A-F129-4460-8F79-D9FD9F04461E} - System32\Tasks\YOAIsMzsbxkY => C:\Users\CARLOS\AppData\Roaming\YOAIsMzsbxkY.exe <==== ATTENTION
Task: {89F842C3-FE16-4C3F-9A3F-C713F15B7822} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {8AC4CBAA-04FC-45F5-8223-E73507CF731A} - System32\Tasks\{9ED14EEC-F443-4B6D-9D87-CBBBB5F82D8A} => C:\windows\system32\pcalua.exe -a D:\autorun.exe -d D:\
Task: {90C3B907-419D-4455-85CF-5EDAB406461D} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {941D7A5E-A571-4D8E-9F68-3654F14157BD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {96CAA543-C12B-47B4-BE0E-821D9BC37286} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {9DDF20BE-9177-4233-A5D8-5243DF51C71B} - System32\Tasks\{28542C32-3052-4480-9787-DCC04DD4304B} => C:\windows\system32\pcalua.exe -a E:\Setup.exe -d E:\
Task: {9EF5232D-91F3-4E3C-A3F8-DC9F1F2F2625} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\System32\NotificationUI.exe
Task: {A3EF8C08-574E-4446-A31D-0A9D0F9BE4FC} - System32\Tasks\EPSON XP-211 214 216 Series Update {F126981A-2314-4E2A-93CA-53BF623BD006} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {A84F077E-98CB-48F6-842B-99371F27E246} - System32\Tasks\{D7672155-1040-4166-952F-D89CEDBF3153} => C:\windows\system32\pcalua.exe -a D:\autorun.exe
Task: {AB3DB388-B6E2-4429-BAC8-1A119A074917} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SANTI-Santi Santi => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {B327D731-01CE-4372-BF32-FD8C95B1745D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C974E068-C74C-483E-B267-4CA602857DE0} - System32\Tasks\{6A1E1343-D44A-4551-A6F9-FDB80F295D9F} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/6.9.59.106/es/abandoninstall?page=tsProgressBar
Task: {CA04F4D2-FF61-457D-B04B-477BDA886DF2} - System32\Tasks\EPSON XP-211 214 216 Series Update {CCD030A0-F6A7-41FE-A3EE-5F351C414A00} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {D156705B-C79F-404B-A8F6-9C4C72E40027} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {D41E6A5F-3AE6-417D-8E68-80F1D0622506} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {D47240FC-23A9-4602-9E09-AD274394507A} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {DDC36F07-780D-4D76-98CB-507ABFA4FB93} - System32\Tasks\Ofmnkjx0PTfoRJq => C:\Users\CARLOS\AppData\Roaming\Ofmnkjx0PTfoRJq.exe <==== ATTENTION
Task: {E0AC1880-727B-4534-826D-F3EA85FB7372} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-15] (Adobe Systems Incorporated)
Task: {EA10C71E-E0F3-4485-A6F4-993E74E03484} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {EA866BD1-994A-4FA8-91C6-F985C42EE347} - System32\Tasks\AdobeGCInvoker-1.0-SANTI-Santi => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {EBF938FA-D723-4B4A-B1D2-B25EE3B9E600} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {F126981A-2314-4E2A-93CA-53BF623BD006} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {F4B37F58-089A-4DB2-BCEB-BFF08E07FB2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-06] (Google Inc.)
Task: {F5D600E3-350A-45E4-82D0-8F959D54DAFD} - System32\Tasks\{D84182F4-150B-0854-A78D-74B1D3AF2653} => C:\Users\CARLOS\AppData\Local\Tumo.exe [2017-09-29] (Microsoft Corporation)
Task: {FFA3EAED-1BB4-4BB1-86FF-28A1AA4F3C04} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {CCD030A0-F6A7-41FE-A3EE-5F351C414A00} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Invitation {CCD030A0-F6A7-41FE-A3EE-5F351C414A00}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Invitation {F126981A-2314-4E2A-93CA-53BF623BD006}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Invitation {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Update {CCD030A0-F6A7-41FE-A3EE-5F351C414A00}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE:/EXE:{CCD030A0-F6A7-41FE-A3EE-5F351C414A00} /F:UpdateWORKGROUP\SANTI$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Update {F126981A-2314-4E2A-93CA-53BF623BD006}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE:/EXE:{F126981A-2314-4E2A-93CA-53BF623BD006} /F:UpdateWORKGROUP\SANTI$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Update {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE:/EXE:{FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE} /F:UpdateWORKGROUP\SANTI$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\Ofmnkjx0PTfoRJq.job => C:\Users\CARLOS\AppData\Roaming\Ofmnkjx0PTfoRJq.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\veZb3rKDtZpUUQqQzbc.job => C:\Users\CARLOS\AppData\Roaming\veZb3rKDtZpUUQqQzbc.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\YOAIsMzsbxkY.job => C:\Users\CARLOS\AppData\Roaming\YOAIsMzsbxkY.exe <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 10:41 - 2017-09-29 10:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-07 19:04 - 2017-03-07 19:04 - 000157456 _____ () C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
2014-02-05 13:57 - 2014-02-05 13:57 - 000066872 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2013-07-04 13:29 - 2013-05-12 14:16 - 000381096 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-07-04 13:29 - 2013-06-06 00:54 - 000518824 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-07-04 13:29 - 2013-06-06 00:53 - 000612008 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2018-04-09 20:29 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-09 20:29 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-08-14 03:48 - 2017-08-14 03:48 - 000491600 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2018-03-14 19:35 - 2018-02-21 21:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 19:35 - 2018-02-21 21:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-26 19:24 - 2018-03-26 19:25 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-26 19:24 - 2018-03-26 19:25 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-26 19:24 - 2018-03-26 19:25 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-26 19:24 - 2018-03-26 19:25 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\skypert.dll
2018-03-26 19:24 - 2018-03-26 19:24 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2012-07-18 23:38 - 2012-07-18 23:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 23:38 - 2012-07-18 23:38 - 000049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 00:13 - 2012-08-14 00:13 - 000018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2012-08-04 20:01 - 2012-08-04 20:01 - 000213136 _____ () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
2011-08-12 19:57 - 2011-08-12 19:57 - 000437632 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2018-04-06 22:48 - 2018-03-20 03:00 - 002683224 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libglesv2.dll
2018-04-06 22:48 - 2018-03-20 03:00 - 000127832 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libegl.dll
2018-04-06 22:48 - 2018-03-20 03:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-04-06 22:48 - 2018-03-20 03:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2012-11-16 11:00 - 2012-06-26 05:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [156]
AlternateDataStreams: C:\Users\CARLOS\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\CARLOS\AppData\Local\9SFZWfTPHD:DvZpua3pGCT7tpRsA2wnDkaztAy6 [1896]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\garmin.com -> hxxps://my.garmin.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 02:26 - 2012-07-26 02:26 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\CARLOS\Desktop\Stuff\Fotos\Wallpapers\wallpapers_hd_go4.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CDPSvc => 2
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\StartupFolder: => "GoPro Importer.lnk"
HKLM\...\StartupApproved\Run: => "TSleepSrv"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Philips Device Listener"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "RVTProApp"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\StartupFolder: => "Enviar a OneNote.lnk"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "GarenaPlus"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "Pando Media Booster"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "MKLOL"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "MK LOL"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "{11B6CA74-0359-4E8B-9729-1902B9ADD29C}"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "OneDriveSetup"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{E5218C12-1E40-45D9-B7E8-6E7BFD909DAE}C:\program files\cosmoteer\cosmoteer.exe] => (Allow) C:\program files\cosmoteer\cosmoteer.exe
FirewallRules: [TCP Query User{4B8E5BF8-84C8-47D6-81F1-8939C2D46076}C:\program files\cosmoteer\cosmoteer.exe] => (Allow) C:\program files\cosmoteer\cosmoteer.exe
FirewallRules: [{7D5243DF-5F19-4878-838A-EBB035E807C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{F9EF0143-8D4F-472F-964F-A7E2B427E348}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [UDP Query User{9CA2BDCB-041F-4A37-BA2D-911E038F799A}C:\users\carlos\desktop\stuff\juegos\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\carlos\desktop\stuff\juegos\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{8DF1EBDA-CB4B-48D8-9BFF-8B52C98A8E93}C:\users\carlos\desktop\stuff\juegos\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\carlos\desktop\stuff\juegos\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8EE96F46-8D8A-4475-851C-07B270F32654}C:\users\carlos\desktop\stuff\juegos\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\carlos\desktop\stuff\juegos\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{1CA67359-954F-4372-AC7E-56D6B8977025}C:\users\carlos\desktop\stuff\juegos\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\carlos\desktop\stuff\juegos\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C5A4E21A-2A6A-48EF-8E6F-C5BF479ADE27}C:\users\carlos\desktop\stuff\juegos\oxygen not included\oxygen.not.included.v221697\oxygennotincluded.exe] => (Allow) C:\users\carlos\desktop\stuff\juegos\oxygen not included\oxygen.not.included.v221697\oxygennotincluded.exe
FirewallRules: [TCP Query User{8968EE28-6B2A-4CA6-A3DD-8EC476C792A7}C:\users\carlos\desktop\stuff\juegos\oxygen not included\oxygen.not.included.v221697\oxygennotincluded.exe] => (Allow) C:\users\carlos\desktop\stuff\juegos\oxygen not included\oxygen.not.included.v221697\oxygennotincluded.exe
FirewallRules: [UDP Query User{8D56B8FF-F029-4FF0-A724-34784016D7E9}C:\users\carlos\desktop\stuff\juegos\my summer car\my.summer.car.v25.07.2017\mysummercar.exe] => (Allow) C:\users\carlos\desktop\stuff\juegos\my summer car\my.summer.car.v25.07.2017\mysummercar.exe
FirewallRules: [TCP Query User{05E97956-11AF-451D-BA73-4310070086B1}C:\users\carlos\desktop\stuff\juegos\my summer car\my.summer.car.v25.07.2017\mysummercar.exe] => (Allow) C:\users\carlos\desktop\stuff\juegos\my summer car\my.summer.car.v25.07.2017\mysummercar.exe
FirewallRules: [UDP Query User{C6251265-5762-4F82-AC94-5D31DC5014E7}C:\program files (x86)\ea games\need for speed underground 2\speed2eu.exe] => (Allow) C:\program files (x86)\ea games\need for speed underground 2\speed2eu.exe
FirewallRules: [TCP Query User{672E0C37-ADCD-4C84-9112-BCCF53098E4C}C:\program files (x86)\ea games\need for speed underground 2\speed2eu.exe] => (Allow) C:\program files (x86)\ea games\need for speed underground 2\speed2eu.exe
FirewallRules: [UDP Query User{CD43F468-4511-4B06-8E4A-4CDE6117951A}C:\users\carlos\desktop\stuff\juegos\forts\forts.v2017.04.28a\forts.exe] => (Allow) C:\users\carlos\desktop\stuff\juegos\forts\forts.v2017.04.28a\forts.exe
FirewallRules: [TCP Query User{D20B0A50-7C1F-444D-9F32-B7CA90CCCC0D}C:\users\carlos\desktop\stuff\juegos\forts\forts.v2017.04.28a\forts.exe] => (Allow) C:\users\carlos\desktop\stuff\juegos\forts\forts.v2017.04.28a\forts.exe
FirewallRules: [UDP Query User{053FDC91-12B0-4DFD-8682-DA0F3AE21DF2}C:\users\carlos\desktop\stuff\juegos\forts\forts.v2017.19.04a.fixed\forts.exe] => (Allow) C:\users\carlos\desktop\stuff\juegos\forts\forts.v2017.19.04a.fixed\forts.exe
FirewallRules: [TCP Query User{CC13008F-60B7-49FB-89C6-71F8D2139412}C:\users\carlos\desktop\stuff\juegos\forts\forts.v2017.19.04a.fixed\forts.exe] => (Allow) C:\users\carlos\desktop\stuff\juegos\forts\forts.v2017.19.04a.fixed\forts.exe
FirewallRules: [UDP Query User{45EFEF04-A55B-4D64-BF7F-CB5DC0086EA5}C:\users\carlos\desktop\stuff\juegos\forts\forts.v2017.19.04a.fixed\forts.exe] => (Allow) C:\users\carlos\desktop\stuff\juegos\forts\forts.v2017.19.04a.fixed\forts.exe
FirewallRules: [TCP Query User{F137409F-6D76-4FAE-8B38-326535521CB5}C:\users\carlos\desktop\stuff\juegos\forts\forts.v2017.19.04a.fixed\forts.exe] => (Allow) C:\users\carlos\desktop\stuff\juegos\forts\forts.v2017.19.04a.fixed\forts.exe
FirewallRules: [{54615A68-4063-43AE-8ED0-2404D98CC2F9}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{C9CF15B5-37B7-4DE6-88CC-0426FCED18C6}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [UDP Query User{3AA0C408-A6FC-430F-945A-7AA4A6314DAA}C:\users\carlos\desktop\stuff\juegos\oxygen not included\oxygen.not.included.v206534\oxygennotincluded.exe] => (Allow) C:\users\carlos\desktop\stuff\juegos\oxygen not included\oxygen.not.included.v206534\oxygennotincluded.exe
FirewallRules: [TCP Query User{C07E41FD-B30C-4CB8-8042-991841F88926}C:\users\carlos\desktop\stuff\juegos\oxygen not included\oxygen.not.included.v206534\oxygennotincluded.exe] => (Allow) C:\users\carlos\desktop\stuff\juegos\oxygen not included\oxygen.not.included.v206534\oxygennotincluded.exe
FirewallRules: [UDP Query User{90062BD5-0368-4F96-B640-E6CA805C306E}C:\program files (x86)\superfighters deluxe\superfighters deluxe.exe] => (Allow) C:\program files (x86)\superfighters deluxe\superfighters deluxe.exe
FirewallRules: [TCP Query User{89991EA8-0CF8-4690-A93A-8AAE1A06A6CE}C:\program files (x86)\superfighters deluxe\superfighters deluxe.exe] => (Allow) C:\program files (x86)\superfighters deluxe\superfighters deluxe.exe
FirewallRules: [UDP Query User{4B78E849-5BDD-4798-8CF8-1C313346ACE7}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{72F7412F-E9C2-41F0-B5BD-C20EFA8F755B}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{1A6FE642-C073-4D1A-80D4-FE173235A975}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6BC01B59-D139-4349-91FC-B93D0D18433D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [UDP Query User{735458F3-43C7-49BD-BAA1-E56AE26928EE}C:\program files (x86)\ea games\battlefield 2\bf2.exe] => (Allow) C:\program files (x86)\ea games\battlefield 2\bf2.exe
FirewallRules: [TCP Query User{FCC98E65-03E0-467D-919A-37137ADCB88A}C:\program files (x86)\ea games\battlefield 2\bf2.exe] => (Allow) C:\program files (x86)\ea games\battlefield 2\bf2.exe
FirewallRules: [UDP Query User{6FE2998D-025B-4E06-BB57-43706681F34F}C:\users\carlos\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\carlos\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{11D84C70-24FD-407C-9A12-B2E5CD49485B}C:\users\carlos\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\carlos\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [{06BF0F45-B55D-4F67-A9CF-E2F834DEE1DE}] => (Allow) C:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe
FirewallRules: [{7D7C29BC-5DE6-4900-BC7D-75EC950DA5DC}] => (Allow) C:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe
FirewallRules: [{CDD7B8D2-835A-49F5-A14B-08DFA8A84ACD}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HP Deskjet 2540 series.exe
FirewallRules: [{7BD25702-9051-4A74-A7E2-B3BE5A51B424}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HP Deskjet 2540 series.exe
FirewallRules: [{5CF52BDB-2859-4FE1-9C48-55073AE4C724}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HP Deskjet 2540 series.exe
FirewallRules: [{00AA93F3-6059-4E70-9F13-0E7254C21806}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HP Deskjet 2540 series.exe
FirewallRules: [UDP Query User{E17FBAA9-6C91-4BE7-888E-181E6C9C35C5}C:\users\carlos\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\carlos\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{45D6B226-CC33-4DB4-87AE-CD69BEF3E00D}C:\users\carlos\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\carlos\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{43E1C02F-FD65-47D3-A2C5-073CE2D08E5A}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{70BF689F-41BE-4EB3-BD73-36E10510C341}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{94B994CB-3835-4C1C-863A-52F0A1386AA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{88683DF6-152E-4147-A5A0-B007890BB2B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{6637A4FA-DA3C-40CC-AB3F-B97696A8B753}] => (Block) C:\users\carlos\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [{C32B76FC-329E-4B3D-869F-52CB2023EBC7}] => (Block) C:\users\carlos\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [UDP Query User{4914BEEE-6D06-4236-985D-143BE8EA74C2}C:\users\carlos\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Allow) C:\users\carlos\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [TCP Query User{1A1698B2-BAF1-4432-BEDB-536DE03D3C61}C:\users\carlos\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Allow) C:\users\carlos\appdata\roaming\utorrent\updates\3.4.5_41202.exe
FirewallRules: [{A1737C76-70FD-47EA-95B7-F03574C3C7DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{124C56B9-9E51-43A0-8375-FBF55E7211A0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{830EDB3E-8DEA-4308-99B4-52C459A8A280}] => (Block) E:\cosas nico\left 4 dead\left4dead2.exe
FirewallRules: [{2CE2F3F3-E887-4354-99B0-96DE6BD92BD5}] => (Block) E:\cosas nico\left 4 dead\left4dead2.exe
FirewallRules: [UDP Query User{76B3CB75-121A-4752-B873-E810F8CC8E5C}E:\cosas nico\left 4 dead\left4dead2.exe] => (Allow) E:\cosas nico\left 4 dead\left4dead2.exe
FirewallRules: [TCP Query User{E85A7BD3-7A3F-4D8D-842F-EFFEF612F86C}E:\cosas nico\left 4 dead\left4dead2.exe] => (Allow) E:\cosas nico\left 4 dead\left4dead2.exe
FirewallRules: [{8C14BC9A-3659-46E0-B767-3BFD7ABA47EE}] => (Block) E:\cosas nico\call of duty world at war\codwaw.exe
FirewallRules: [{55BAC175-E83A-4661-98B0-3C99A0E9A1A7}] => (Block) E:\cosas nico\call of duty world at war\codwaw.exe
FirewallRules: [UDP Query User{659F80EE-F09E-4E16-B726-95BB168AE733}E:\cosas nico\call of duty world at war\codwaw.exe] => (Allow) E:\cosas nico\call of duty world at war\codwaw.exe
FirewallRules: [TCP Query User{475B3687-AB87-4946-AE84-704C9179C6FC}E:\cosas nico\call of duty world at war\codwaw.exe] => (Allow) E:\cosas nico\call of duty world at war\codwaw.exe
FirewallRules: [{ACAB14DD-E3D6-4FCC-BF5F-C269777F3D9A}] => (Block) E:\cosas nico\call of duty 4 modern warfare\iw3mp.exe
FirewallRules: [{636F5552-8B3B-4710-916A-3DEF438D23BA}] => (Block) E:\cosas nico\call of duty 4 modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{6849E715-9252-4EAF-B779-3E3D37E002C7}E:\cosas nico\call of duty 4 modern warfare\iw3mp.exe] => (Allow) E:\cosas nico\call of duty 4 modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{8C94B29A-9074-4DB4-9FFC-DBA7C0E26F7E}E:\cosas nico\call of duty 4 modern warfare\iw3mp.exe] => (Allow) E:\cosas nico\call of duty 4 modern warfare\iw3mp.exe
FirewallRules: [{7275EE68-ECEF-495B-9C4F-45CF7C938ADB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E2946C8A-D76D-4D6E-8383-CCEB16AF641C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B234498E-7446-4D9D-A429-43FEF3CA2C04}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D7DFA0ED-1E34-45EF-89A2-4FC66F6357AD}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CCF5CCC0-6713-4D0F-9AF7-EDF91D88CCE2}] => (Allow) LPort=1900
FirewallRules: [{1853343E-E53C-4BD6-B41E-78BB35DD9806}] => (Allow) LPort=2869
FirewallRules: [{BCF7A64F-09ED-4246-8AFD-28611392BDC5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5683304C-1ED6-49BD-8502-BF3F3E15C9F0}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F67E7757-8EF7-4DED-B1C2-B6CF7F9D433D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{28ECADD5-822C-43DD-9AC3-8041D1DC2AC4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7B646DF2-403B-43A4-AA39-BEB4050679A6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{25562963-CAB8-4B13-BA6A-95C554B1A582}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A2B99029-E0FE-4684-B7F7-7D5B42587453}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [UDP Query User{D53E1094-D239-4D3B-8C81-C5F224DF955E}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{9A21DC04-EF32-4F86-9F95-00EB1257F337}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{60EB1A7B-047A-42A3-9B25-60C7DD36036E}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{8D99344E-6D13-41A3-97F1-668719404F38}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{A296BF3C-9511-4E6F-A381-599EAF3B0A14}C:\users\carlos\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\carlos\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6C089074-290F-453E-AF1D-B0D6667AE7F0}C:\users\carlos\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\carlos\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EF73D990-D477-46CA-B538-88E02E1529A4}C:\users\carlos\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\carlos\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{81A39B74-73B7-47BE-85FB-28561C11EE0D}C:\users\carlos\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\carlos\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9DC260D0-278D-48C8-B284-CF86AFF04AB6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{628ABAB0-0184-4FA7-872D-3CDDF2C83AF1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8B6809B5-D7B7-4FA1-8155-4A39AF1249FD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F3831490-B0F5-4817-8C6F-164B71C9AC98}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F7BD3F37-6117-48B2-A5AA-D825F1608602}] => (Allow) C:\Users\CARLOS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8C7D6EEA-3F12-4DDF-A540-B3FBF9916461}] => (Allow) C:\Users\CARLOS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{621F113A-ED0E-4E70-B61D-7E63F4A5EC0C}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{080A66EA-4811-4C98-9225-FD65CE3ED657}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{D3363E1A-CB03-4D6F-9AEA-AAEF00AFD4A4}C:\program files\cosmoteer\cosmoteer.exe] => (Allow) C:\program files\cosmoteer\cosmoteer.exe
FirewallRules: [UDP Query User{1E05F6D1-D1FD-48A9-BC3A-9318332E4659}C:\program files\cosmoteer\cosmoteer.exe] => (Allow) C:\program files\cosmoteer\cosmoteer.exe
FirewallRules: [TCP Query User{8B9F03C1-C4EA-46DD-B52A-5804C429B386}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{E66D1CCD-8AA9-4479-A653-E6469EFFEBB6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{E7A2437F-CA52-4D24-BE3C-75730259CCB9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{14975003-3178-41AA-BCA2-024576FB3B08}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe
FirewallRules: [{6AD32030-AE42-4627-919A-BD371C0CC7BD}] => (Allow) C:\Users\CARLOS\AppData\Local\Tumo.exe
FirewallRules: [{D6F337B1-7CA1-4584-A77B-E1B01C34F8A5}] => (Allow) C:\Users\CARLOS\AppData\Local\xKyAUNE.exe
FirewallRules: [{03C69F1B-F610-4058-BC69-60F332C76633}] => (Allow) C:\Users\CARLOS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{237B82FD-7053-461B-8593-39D9FC470ACF}] => (Allow) C:\Users\CARLOS\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{613F7730-B009-434E-9BB4-0A03C398512E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
31-03-2018 15:19:06 Scheduled Checkpoint
06-04-2018 20:32:12 Eliminado Rhinoceros 5 (64-bit)
06-04-2018 20:33:28 Eliminado Rhinoceros 5
11-04-2018 00:08:02 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/11/2018 12:04:51 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (04/10/2018 09:49:51 PM) (Source: MsiInstaller) (EventID: 11704) (User: SANTI)
Description: Продукт: IC__iPackage -- Ошибка 1704. Установка "IC__iPackage" приостановлена. Для продолжения отмените изменения, сделанные этой установкой. Вы хотите отменить изменения?
 
Error: (04/10/2018 10:41:10 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows no puede cargar el archivo DLL del contador extensible rdyboost. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error de Windows.
 
Error: (04/10/2018 10:41:02 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Error del procedimiento de apertura para el servicio "BITS" en el archivo DLL "C:\Windows\System32\bitsperf.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error.
 
Error: (04/10/2018 12:14:27 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (04/09/2018 08:16:17 PM) (Source: MsiInstaller) (EventID: 11704) (User: SANTI)
Description: Product: Adobe Refresh Manager -- Error 1704.An installation for IC__iPackage is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
 
Error: (04/09/2018 02:47:05 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (04/07/2018 10:14:02 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (04/11/2018 12:16:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Energy Server Service queencreek se cerró con el siguiente error: 
El flujo no es un flujo pequeño.
 
Error: (04/11/2018 12:15:58 AM) (Source: DCOM) (EventID: 10010) (User: SANTI)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (04/11/2018 12:14:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.265.416.0).
 
Error: (04/11/2018 12:13:58 AM) (Source: DCOM) (EventID: 10010) (User: SANTI)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (04/11/2018 12:13:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Energy Server Service queencreek se cerró con el siguiente error: 
El flujo no es un flujo pequeño.
 
Error: (04/11/2018 12:12:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Energy Server Service queencreek se cerró con el siguiente error: 
El flujo no es un flujo pequeño.
 
Error: (04/11/2018 12:11:58 AM) (Source: DCOM) (EventID: 10010) (User: SANTI)
Description: El servidor {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (04/11/2018 12:09:58 AM) (Source: DCOM) (EventID: 10010) (User: SANTI)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.
 
 
Windows Defender:
===================================
Date: 2018-04-10 00:40:13.613
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {F070EFC3-9C11-4EA0-8930-844B32C2C57A}
Tipo de examen: Antimalware
Parámetros de examen: Examen completo
Usuario: SANTI\Santi
 
Date: 2018-04-09 22:26:09.391
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
Nombre: Trojan:Win32/Tiggre!rfn
Id.: 2147723625
Gravedad: Severe
Categoría: Trojan
Ruta de acceso: file:_C:\Users\CARLOS\Desktop\Nueva carpeta (3)\Rhinoceros 6x Folie3D\rhino.6-patch\rhino.6-patch.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Versión de firma: AV: 1.265.333.0, AS: 1.265.333.0, NIS: 119.0.0.0
Versión de motor: AM: 1.1.14700.5, NIS: 2.1.14600.4
 
Date: 2018-04-09 21:13:27.320
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
Nombre: TrojanDownloader:Win32/Dofoil.AD
Id.: 242629
Gravedad: Severe
Categoría: Trojan Downloader
Ruta de acceso: file:_C:\Users\CARLOS\AppData\Roaming\xesvtv.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Versión de firma: AV: 1.265.333.0, AS: 1.265.333.0, NIS: 119.0.0.0
Versión de motor: AM: 1.1.14700.5, NIS: 2.1.14600.4
 
Date: 2018-04-09 20:39:42.737
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
Nombre: Trojan:Win32/Skeeyah.A!rfn
Id.: 2147694182
Gravedad: Severe
Categoría: Trojan
Ruta de acceso: file:_C:\Users\CARLOS\AppData\Local\Temp\WinNtBackend-544215271955768.tmp.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.265.326.0, AS: 1.265.326.0, NIS: 119.0.0.0
Versión de motor: AM: 1.1.14700.5, NIS: 2.1.14600.4
 
Date: 2018-04-07 23:14:29.629
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {226D829B-4B06-4D25-BD09-BE9AC5A10911}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: SANTI\Santi
 
Date: 2018-04-11 00:13:43.010
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 
Origen de actualización: Usuario
Tipo de firma: 
Tipo de actualización: 
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 
Código de error: 0x80070652
Descripción del error: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-04-11 00:09:46.915
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.265.412.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.14700.5
Código de error: 0x80240016
Descripción del error: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-04-10 23:42:43.623
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.265.412.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\NETWORK SERVICE
Versión de motor actual: 
Versión de motor anterior: 1.1.14700.5
Código de error: 0x80072ee7
Descripción del error: The server name or address could not be resolved 
 
Date: 2018-04-10 23:42:43.622
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 119.0.0.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: Sistema de inspección de red
Tipo de actualización: Completa
Usuario: NT AUTHORITY\NETWORK SERVICE
Versión de motor actual: 
Versión de motor anterior: 2.1.14600.4
Código de error: 0x80072ee7
Descripción del error: The server name or address could not be resolved 
 
Date: 2018-04-10 23:42:43.610
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.265.412.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\NETWORK SERVICE
Versión de motor actual: 
Versión de motor anterior: 1.1.14700.5
Código de error: 0x80072ee7
Descripción del error: The server name or address could not be resolved 
 
CodeIntegrity:
===================================
 
Date: 2018-04-10 10:47:57.291
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-04-10 10:47:56.848
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-04-10 10:47:56.135
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-04-10 10:47:47.314
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-04-10 10:47:43.621
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-04-10 10:47:42.792
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-04-10 10:46:11.358
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-04-09 20:29:48.201
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 52%
Total physical RAM: 6033.95 MB
Available physical RAM: 2885.84 MB
Total Virtual: 6993.95 MB
Available Virtual: 3485.89 MB
 
==================== Drives ================================
 
Drive c: (TI10651700D) (Fixed) (Total:687.31 GB) (Free:169.92 GB) NTFS
Drive e: () (Removable) (Total:7.25 GB) (Free:7.24 GB) FAT32
 
\\?\Volume{22dc9396-ff52-11e1-a1b5-f3f27e95aba3}\ (System) (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
\\?\Volume{22dc939c-ff52-11e1-a1b5-f3f27e95aba3}\ () (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
\\?\Volume{e5ab442e-dde1-46de-9eed-1e562f8c15e4}\ () (Fixed) (Total:0.9 GB) (Free:0.47 GB) NTFS
\\?\Volume{260d824f-c8c0-4242-ad9c-04f1cd3b572e}\ (Recovery) (Fixed) (Total:9.61 GB) (Free:0.68 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Protective MBR) (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)
 
==================== End of Addition.txt ============================


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:15 PM

Posted 11 April 2018 - 01:00 AM

The image shows the items quarantined by adwcleaner.
  • Highlight the entire content of the quote box below.

Start::
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/
hxxp://숱鐲숱鐲숱鐲ᷜᆔጱ蠀抰銷翹/
hxxp://℘銼翹/
hxxp:///
hxxp:///
hxxp:///
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKF~1\PlugIns\IEHelp.dll => No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\albumart@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\fileassociation@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gogear@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\langpack-es-ES@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\msc@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mtp@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-branding@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-likemusic@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-promotions@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-skin@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-ui@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\windowsmedia@songbirdnest.com [not found]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-04-04] ()
2018-04-11 00:09 - 2018-04-11 00:09 - 000004242 _____ C:\WINDOWS\system32\default_error_stack*.txt
2018-04-06 19:19 - 2017-09-29 10:42 - 000174592 _____ (Microsoft Corporation) C:\Users\CARLOS\AppData\Roaming\fyKuEOi.exe
2018-04-06 19:19 - 2017-09-29 10:42 - 000059904 ____N (Microsoft Corporation) C:\Users\CARLOS\AppData\Local\xKyAUNE.exe
C:\Users\CARLOS\AppData\Local\Tempzxpsign*
2017-02-20 19:55 - 2018-04-04 23:52 - 000000033 _____ () C:\Users\CARLOS\AppData\Roaming\AdobeWLCMCache.dat
2018-04-06 19:19 - 2017-09-29 10:42 - 000174592 _____ (Microsoft Corporation) C:\Users\CARLOS\AppData\Roaming\fyKuEOi.exe
2018-04-06 19:18 - 2018-04-06 19:20 - 011512643 _____ (ChemTable Software) C:\Users\CARLOS\AppData\Roaming\hui.exe
2017-11-02 00:25 - 2017-11-02 00:25 - 000000028 _____ () C:\Users\CARLOS\AppData\Roaming\kulerdata.json
2015-04-19 09:20 - 2015-04-19 09:20 - 000005872 _____ () C:\Users\CARLOS\AppData\Roaming\veZb3rKDtZpUUQqQzbc
2014-06-12 12:40 - 2014-06-12 12:40 - 000000042 _____ () C:\Users\CARLOS\AppData\Roaming\WB.CFG
2014-02-02 15:34 - 2014-02-02 15:34 - 000000094 _____ () C:\Users\CARLOS\AppData\Local\fusioncache.dat
2015-07-25 10:52 - 2015-07-25 10:52 - 000000000 ___SH () C:\Users\CARLOS\AppData\Local\LumaEmu
2015-07-18 20:28 - 2015-08-10 00:15 - 000534535 _____ () C:\Users\CARLOS\AppData\Local\package.nw.new
2018-04-06 19:19 - 2017-09-29 10:42 - 000059904 ____N (Microsoft Corporation) C:\Users\CARLOS\AppData\Local\Tumo.exe
2018-04-06 19:19 - 2018-04-06 19:19 - 000000003 _____ () C:\Users\CARLOS\AppData\Local\wbem.ini
2013-07-01 21:26 - 2013-07-01 21:28 - 000027074 _____ () C:\Users\CARLOS\AppData\Local\WiDiSetupLog.20130701.212647.txt
2018-04-06 19:19 - 2017-09-29 10:42 - 000059904 ____N (Microsoft Corporation) C:\Users\CARLOS\AppData\Local\xKyAUNE.exe
CustomCLSID: HKU\S-1-5-21-1380135985-2673685752-3878894861-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\CARLOS\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1380135985-2673685752-3878894861-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\CARLOS\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1380135985-2673685752-3878894861-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\CARLOS\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0C0D3589-B585-4DF0-B1AB-F9AABF7D563B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {13DF347F-BCBD-4D32-8EE4-9124D51F00B4} - System32\Tasks\415EF284-2185-47D0-8DF6-6894FFEA027 => C:\Users\CARLOS\AppData\Local\415EF284-2185-47D0-8DF6-6894FFEA027\415EF284-2185-47D0-8DF6-6894FFEA027.exe <==== ATTENTION
Task: {DDC36F07-780D-4D76-98CB-507ABFA4FB93} - System32\Tasks\Ofmnkjx0PTfoRJq => C:\Users\CARLOS\AppData\Roaming\Ofmnkjx0PTfoRJq.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Ofmnkjx0PTfoRJq.job => C:\Users\CARLOS\AppData\Roaming\Ofmnkjx0PTfoRJq.exe <==== ATTENTION
C:\Users\CARLOS\AppData\Roaming\Ofmnkjx0PTfoRJq.exe
Task: C:\WINDOWS\Tasks\veZb3rKDtZpUUQqQzbc.job => C:\Users\CARLOS\AppData\Roaming\veZb3rKDtZpUUQqQzbc.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\YOAIsMzsbxkY.job => C:\Users\CARLOS\AppData\Roaming\YOAIsMzsbxkY.exe <==== ATTENTION
C:\Users\CARLOS\AppData\Roaming\YOAIsMzsbxkY.exe
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "{11B6CA74-0359-4E8B-9729-1902B9ADD29C}"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
FirewallRules: [{D6F337B1-7CA1-4584-A77B-E1B01C34F8A5}] => (Allow) C:\Users\CARLOS\AppData\Local\xKyAUNE.exe
GroupPolicyUsers\S-1-5-21-1380135985-2673685752-3878894861-1001\User: Restriction <==== ATTENTION
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
  • Run FRST once again.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

Edited by JSntgRvr, 11 April 2018 - 01:01 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Santibuduba

Santibuduba
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 11 April 2018 - 03:42 PM

Alright, here is the fixlog!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Santi (11-04-2018 16:52:11) Run:1
Running from E:\
Loaded Profiles: Santi &  (Available Profiles: Santi)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/
hxxp://숱鐲숱鐲숱鐲ᷜᆔጱ蠀抰銷翹/
hxxp://℘銼翹/
hxxp:///
hxxp:///
hxxp:///
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKF~1\PlugIns\IEHelp.dll => No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\albumart@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\fileassociation@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gogear@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\langpack-es-ES@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\msc@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mtp@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-branding@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-likemusic@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-promotions@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-skin@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-ui@philips.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\windowsmedia@songbirdnest.com [not found]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-04-04] ()
2018-04-11 00:09 - 2018-04-11 00:09 - 000004242 _____ C:\WINDOWS\system32\default_error_stack*.txt
2018-04-06 19:19 - 2017-09-29 10:42 - 000174592 _____ (Microsoft Corporation) C:\Users\CARLOS\AppData\Roaming\fyKuEOi.exe
2018-04-06 19:19 - 2017-09-29 10:42 - 000059904 ____N (Microsoft Corporation) C:\Users\CARLOS\AppData\Local\xKyAUNE.exe
C:\Users\CARLOS\AppData\Local\Tempzxpsign*
2017-02-20 19:55 - 2018-04-04 23:52 - 000000033 _____ () C:\Users\CARLOS\AppData\Roaming\AdobeWLCMCache.dat
2018-04-06 19:19 - 2017-09-29 10:42 - 000174592 _____ (Microsoft Corporation) C:\Users\CARLOS\AppData\Roaming\fyKuEOi.exe
2018-04-06 19:18 - 2018-04-06 19:20 - 011512643 _____ (ChemTable Software) C:\Users\CARLOS\AppData\Roaming\hui.exe
2017-11-02 00:25 - 2017-11-02 00:25 - 000000028 _____ () C:\Users\CARLOS\AppData\Roaming\kulerdata.json
2015-04-19 09:20 - 2015-04-19 09:20 - 000005872 _____ () C:\Users\CARLOS\AppData\Roaming\veZb3rKDtZpUUQqQzbc
2014-06-12 12:40 - 2014-06-12 12:40 - 000000042 _____ () C:\Users\CARLOS\AppData\Roaming\WB.CFG
2014-02-02 15:34 - 2014-02-02 15:34 - 000000094 _____ () C:\Users\CARLOS\AppData\Local\fusioncache.dat
2015-07-25 10:52 - 2015-07-25 10:52 - 000000000 ___SH () C:\Users\CARLOS\AppData\Local\LumaEmu
2015-07-18 20:28 - 2015-08-10 00:15 - 000534535 _____ () C:\Users\CARLOS\AppData\Local\package.nw.new
2018-04-06 19:19 - 2017-09-29 10:42 - 000059904 ____N (Microsoft Corporation) C:\Users\CARLOS\AppData\Local\Tumo.exe
2018-04-06 19:19 - 2018-04-06 19:19 - 000000003 _____ () C:\Users\CARLOS\AppData\Local\wbem.ini
2013-07-01 21:26 - 2013-07-01 21:28 - 000027074 _____ () C:\Users\CARLOS\AppData\Local\WiDiSetupLog.20130701.212647.txt
2018-04-06 19:19 - 2017-09-29 10:42 - 000059904 ____N (Microsoft Corporation) C:\Users\CARLOS\AppData\Local\xKyAUNE.exe
CustomCLSID: HKU\S-1-5-21-1380135985-2673685752-3878894861-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\CARLOS\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1380135985-2673685752-3878894861-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\CARLOS\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1380135985-2673685752-3878894861-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\CARLOS\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {0C0D3589-B585-4DF0-B1AB-F9AABF7D563B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {13DF347F-BCBD-4D32-8EE4-9124D51F00B4} - System32\Tasks\415EF284-2185-47D0-8DF6-6894FFEA027 => C:\Users\CARLOS\AppData\Local\415EF284-2185-47D0-8DF6-6894FFEA027\415EF284-2185-47D0-8DF6-6894FFEA027.exe <==== ATTENTION
Task: {DDC36F07-780D-4D76-98CB-507ABFA4FB93} - System32\Tasks\Ofmnkjx0PTfoRJq => C:\Users\CARLOS\AppData\Roaming\Ofmnkjx0PTfoRJq.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Ofmnkjx0PTfoRJq.job => C:\Users\CARLOS\AppData\Roaming\Ofmnkjx0PTfoRJq.exe <==== ATTENTION
C:\Users\CARLOS\AppData\Roaming\Ofmnkjx0PTfoRJq.exe
Task: C:\WINDOWS\Tasks\veZb3rKDtZpUUQqQzbc.job => C:\Users\CARLOS\AppData\Roaming\veZb3rKDtZpUUQqQzbc.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\YOAIsMzsbxkY.job => C:\Users\CARLOS\AppData\Roaming\YOAIsMzsbxkY.exe <==== ATTENTION
C:\Users\CARLOS\AppData\Roaming\YOAIsMzsbxkY.exe
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "{11B6CA74-0359-4E8B-9729-1902B9ADD29C}"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
FirewallRules: [{D6F337B1-7CA1-4584-A77B-E1B01C34F8A5}] => (Allow) C:\Users\CARLOS\AppData\Local\xKyAUNE.exe
GroupPolicyUsers\S-1-5-21-1380135985-2673685752-3878894861-1001\User: Restriction <==== ATTENTION
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
"HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
hxxp://숱鐲숱鐲숱鐲ᷜᆔጱ蠀抰銷翹/ => Error: No automatic fix found for this entry.
hxxp://℘銼翹/ => Error: No automatic fix found for this entry.
hxxp:/// => Error: No automatic fix found for this entry.
hxxp:/// => Error: No automatic fix found for this entry.
hxxp:/// => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{C08DF07A-3E49-4E25-9AB0-D3882835F153}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\albumart@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\fileassociation@philips.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\gogear@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\langpack-es-ES@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\msc@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\mtp@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-branding@philips.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-likemusic@philips.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-promotions@philips.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-skin@philips.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-ui@philips.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Philips\Philips Songbird\extensions\windowsmedia@songbirdnest.com => path removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => removed successfully
"HKLM\System\CurrentControlSet\Services\MyWiFiDHCPDNS" => removed successfully
MyWiFiDHCPDNS => service removed successfully
 
=========== "C:\WINDOWS\system32\default_error_stack*.txt" ==========
 
C:\WINDOWS\system32\default_error_stack-000000-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000001-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000002-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000003-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000004-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000005-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000006-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000007-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000008-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000009-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000010-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000011-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000012-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000013-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000014-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000015-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000016-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000017-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000018-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000019-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000020-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000021-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000022-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000023-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000024-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000025-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000026-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000027-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000028-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000029-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000030-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000031-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000032-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000033-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000034-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000035-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000036-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000037-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000038-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000039-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000040-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000041-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000042-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000043-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000044-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000045-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000046-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000047-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000048-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000049-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000050-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000051-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000052-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000053-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000054-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000055-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000056-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000057-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000058-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000059-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000060-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000061-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000062-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000063-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000064-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000065-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000066-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000067-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000068-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000069-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000070-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000071-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000072-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000073-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000074-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000075-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000076-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000077-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000078-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000079-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000080-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000081-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000082-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000083-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000084-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000085-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000086-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000087-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000088-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000089-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000090-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000091-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000092-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000093-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000094-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000095-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000096-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000097-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000098-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000099-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000100-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000101-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000102-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000103-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000104-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000105-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000106-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000107-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000108-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000109-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000110-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000111-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000112-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000113-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000114-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000115-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000116-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000117-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000118-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000119-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000120-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000121-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000122-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000123-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000124-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000125-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000126-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000127-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000128-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000129-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000130-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000131-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000132-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000133-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000134-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000135-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000136-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000137-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000138-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000139-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000140-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000141-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000142-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000143-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000144-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000145-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000146-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000147-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000148-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000149-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000150-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000151-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000152-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000153-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000154-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000155-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000156-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000157-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000158-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000159-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000160-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000161-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000162-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000163-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000164-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000165-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000166-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000167-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000168-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000169-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000170-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000171-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000172-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000173-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000174-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000175-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000176-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000177-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000178-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000179-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000180-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000181-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000182-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000183-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000184-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000185-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000186-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000187-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000188-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000189-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000190-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000191-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000192-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000193-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000194-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000195-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000196-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000197-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000198-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000199-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000200-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000201-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000202-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000203-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000204-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000205-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000206-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000207-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000208-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000209-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000210-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000211-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000212-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000213-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000214-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000215-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000216-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000217-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000218-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000219-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000220-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000221-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000222-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000223-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000224-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000225-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000226-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000227-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000228-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000229-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000230-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000231-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000232-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000233-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000234-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000235-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000236-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000237-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000238-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000239-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000240-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000241-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000242-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000243-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000244-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000245-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000246-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000247-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000248-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000249-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000250-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000251-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000252-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000253-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000254-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000255-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000256-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000257-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000258-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000259-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000260-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000261-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000262-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000263-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000264-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000265-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000266-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000267-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000268-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000269-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000270-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000271-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000272-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000273-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000274-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000275-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000276-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000277-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000278-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000279-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000280-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000281-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000282-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000283-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000284-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000285-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000286-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000287-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000288-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000289-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000290-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000291-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000292-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000293-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000294-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000295-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000296-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000297-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000298-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000299-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000300-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000301-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000302-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000303-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000304-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000305-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000306-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000307-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000308-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000309-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000310-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000311-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000312-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000313-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000314-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000315-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000316-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000317-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000318-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000319-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000320-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000321-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000322-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000323-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000324-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000325-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000326-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000327-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000328-000000.txt => moved successfully
Could not move "C:\WINDOWS\system32\default_error_stack-000329-000000.txt" => Scheduled to move on reboot.
C:\WINDOWS\system32\default_error_stack-000330-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000331-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000332-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000333-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000334-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000335-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000336-000000.txt => moved successfully
Could not move "C:\WINDOWS\system32\default_error_stack-000337-000000.txt" => Scheduled to move on reboot.
C:\WINDOWS\system32\default_error_stack-000338-000000.txt => moved successfully
Could not move "C:\WINDOWS\system32\default_error_stack-000339-000000.txt" => Scheduled to move on reboot.
C:\WINDOWS\system32\default_error_stack-000340-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000341-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000342-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000343-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000344-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000345-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000346-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000347-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000348-000000.txt => moved successfully
Could not move "C:\WINDOWS\system32\default_error_stack-000349-000000.txt" => Scheduled to move on reboot.
C:\WINDOWS\system32\default_error_stack-000350-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000351-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000352-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000353-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000354-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000355-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000356-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000357-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000358-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000359-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000360-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000361-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000362-000000.txt => moved successfully
Could not move "C:\WINDOWS\system32\default_error_stack-000363-000000.txt" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\default_error_stack-000364-000000.txt" => Scheduled to move on reboot.
C:\WINDOWS\system32\default_error_stack-000365-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000366-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000367-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000368-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000369-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000370-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000371-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000372-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000373-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000374-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000375-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000376-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000377-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000378-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000379-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000380-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000381-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000382-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000383-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000384-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000385-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000386-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000387-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000388-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000389-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000390-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000391-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000392-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000393-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000394-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000395-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000396-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000397-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000398-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000399-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000400-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000401-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000402-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000403-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000404-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000405-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000406-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000407-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000408-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000409-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000410-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000411-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000412-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000413-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000414-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000415-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000416-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000417-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000418-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000419-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000420-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000421-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000422-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000423-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000424-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000425-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000426-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000427-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000428-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000429-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000430-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000431-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000432-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000433-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000434-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000435-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000436-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000437-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000438-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000439-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000440-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000441-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000442-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000443-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000444-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000445-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000446-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000447-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000448-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000449-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000450-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000451-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000452-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000453-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000454-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000455-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000456-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000457-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000458-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000459-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000460-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000461-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000462-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000463-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000464-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000465-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000466-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000467-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000468-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000469-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000470-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000471-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000472-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000473-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000474-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000475-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000476-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000477-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000478-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000479-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000480-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000481-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000482-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000483-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000484-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000485-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000486-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000487-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000488-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000489-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000490-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000491-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000492-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000493-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000494-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000495-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000496-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000497-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000498-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000499-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000500-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000501-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000502-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000503-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000504-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000505-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000506-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000507-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000508-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000509-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000510-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000511-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000512-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000513-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000514-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000515-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000516-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000517-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000518-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000519-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000520-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000521-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000522-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000523-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000524-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000525-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000526-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000527-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000528-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000529-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000530-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000531-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000532-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000533-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000534-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000535-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000536-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000537-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000538-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000539-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000540-000000.txt => moved successfully
 
========= End -> "C:\WINDOWS\system32\default_error_stack*.txt" ========
 
C:\Users\CARLOS\AppData\Roaming\fyKuEOi.exe => moved successfully
C:\Users\CARLOS\AppData\Local\xKyAUNE.exe => moved successfully
 
=========== "C:\Users\CARLOS\AppData\Local\Tempzxpsign*" ==========
 
not found
 
========= End -> "C:\Users\CARLOS\AppData\Local\Tempzxpsign*" ========
 
C:\Users\CARLOS\AppData\Roaming\AdobeWLCMCache.dat => moved successfully
"C:\Users\CARLOS\AppData\Roaming\fyKuEOi.exe" => not found
C:\Users\CARLOS\AppData\Roaming\hui.exe => moved successfully
C:\Users\CARLOS\AppData\Roaming\kulerdata.json => moved successfully
C:\Users\CARLOS\AppData\Roaming\veZb3rKDtZpUUQqQzbc => moved successfully
C:\Users\CARLOS\AppData\Roaming\WB.CFG => moved successfully
C:\Users\CARLOS\AppData\Local\fusioncache.dat => moved successfully
C:\Users\CARLOS\AppData\Local\LumaEmu => moved successfully
C:\Users\CARLOS\AppData\Local\package.nw.new => moved successfully
C:\Users\CARLOS\AppData\Local\Tumo.exe => moved successfully
C:\Users\CARLOS\AppData\Local\wbem.ini => moved successfully
C:\Users\CARLOS\AppData\Local\WiDiSetupLog.20130701.212647.txt => moved successfully
"C:\Users\CARLOS\AppData\Local\xKyAUNE.exe" => not found
"HKU\S-1-5-21-1380135985-2673685752-3878894861-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}" => removed successfully
"HKU\S-1-5-21-1380135985-2673685752-3878894861-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}" => removed successfully
"HKU\S-1-5-21-1380135985-2673685752-3878894861-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WondershareVideoConverterFileOpreation" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FEB746CA-95C2-485F-B386-C30D4E56D22E} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C0D3589-B585-4DF0-B1AB-F9AABF7D563B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C0D3589-B585-4DF0-B1AB-F9AABF7D563B}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13DF347F-BCBD-4D32-8EE4-9124D51F00B4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13DF347F-BCBD-4D32-8EE4-9124D51F00B4}" => removed successfully
C:\WINDOWS\System32\Tasks\415EF284-2185-47D0-8DF6-6894FFEA027 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\415EF284-2185-47D0-8DF6-6894FFEA027" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DDC36F07-780D-4D76-98CB-507ABFA4FB93}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDC36F07-780D-4D76-98CB-507ABFA4FB93}" => removed successfully
C:\WINDOWS\System32\Tasks\Ofmnkjx0PTfoRJq => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ofmnkjx0PTfoRJq" => removed successfully
C:\WINDOWS\Tasks\Ofmnkjx0PTfoRJq.job => moved successfully
"C:\Users\CARLOS\AppData\Roaming\Ofmnkjx0PTfoRJq.exe" => not found
C:\WINDOWS\Tasks\veZb3rKDtZpUUQqQzbc.job => moved successfully
C:\WINDOWS\Tasks\YOAIsMzsbxkY.job => moved successfully
"C:\Users\CARLOS\AppData\Roaming\YOAIsMzsbxkY.exe" => not found
"HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\{11B6CA74-0359-4E8B-9729-1902B9ADD29C}" => removed successfully
"HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\{11B6CA74-0359-4E8B-9729-1902B9ADD29C}" => removed successfully
"HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\EPLTarget\P0000000000000000" => removed successfully
"HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000000" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6F337B1-7CA1-4584-A77B-E1B01C34F8A5}" => removed successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1380135985-2673685752-3878894861-1001\User => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1380135985-2673685752-3878894861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112018162646806\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1380135985-2673685752-3878894861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112018162646806\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1380135985-2673685752-3878894861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112018162715479\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1380135985-2673685752-3878894861-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04112018162715479\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Aceptar
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Aceptar
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Configuraci¢n IP de Windows
 
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.
 
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Error al borrar el registro DebugChannel. No se puede realizar la operación solicitada en un canal directo habilitado. Deshabilite primero el canal para poder realizar la operación.
Error al borrar el registro Microsoft-RMS-MSIPC/Debug. No se puede realizar la operación solicitada en un canal directo habilitado. Deshabilite primero el canal para poder realizar la operación.
Error al borrar el registro Microsoft-Windows-LiveId/Analytic. Acceso denegado.
Error al borrar el registro Microsoft-Windows-LiveId/Operational. Acceso denegado.
Error al borrar el registro Microsoft-Windows-USBVideo/Analytic. Un proveedor de datos WMI no reconoce como válido el nombre de instancia pasado.
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {7056EE65-1E54-4560-9343-B6032C1469AD}.
Unable to cancel {E65F093E-5A4B-43E9-80E6-61835E512CC8}.
Unable to cancel {6D0E12F5-40B5-4423-A504-B9543A3644C9}.
Unable to cancel {A4F63C1A-D71B-4437-8C74-811E4BAF14CD}.
{B505033C-FCF0-490A-BF48-3B6F060B6CB8} canceled.
{40B120B7-8E7C-48A4-907F-C9E9B9402EA4} canceled.
{7BC2F5CA-CD4C-4B56-9C30-06E3DE1B4A34} canceled.
{7380177D-13D4-45C8-957F-D97390D14C15} canceled.
{F57102EF-69DB-499A-893E-9D95B1E221B3} canceled.
5 out of 9 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95033076 B
Java, Flash, Steam htmlcache => 696902419 B
Windows/system/drivers => 99102534 B
Edge => 2267665 B
Chrome => 399832450 B
Firefox => 13070050 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 5084 B
NetworkService => 648876 B
CARLOS => 129232334 B
 
RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-04-2018 17:25:27)
 
C:\WINDOWS\system32\default_error_stack-000329-000000.txt => Is moved successfully
C:\WINDOWS\system32\default_error_stack-000337-000000.txt => Is moved successfully
C:\WINDOWS\system32\default_error_stack-000339-000000.txt => Is moved successfully
C:\WINDOWS\system32\default_error_stack-000349-000000.txt => Is moved successfully
C:\WINDOWS\system32\default_error_stack-000363-000000.txt => Is moved successfully
C:\WINDOWS\system32\default_error_stack-000364-000000.txt => Is moved successfully
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
 
==== End of Fixlog 17:25:32 ====

And here you have the logs from the scan!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Santi (administrator) on SANTI (11-04-2018 17:30:24)
Running from E:\
Loaded Profiles: Santi (Available Profiles: Santi)
Platform: Windows 10 Home Version 1709 16299.334 (X64) Language: Inglés (Estados Unidos)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
() C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
() C:\Program Files\Toshiba\Hotkey\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Spotify Ltd) C:\Users\CARLOS\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.367_none_16d8803832210dee\TiWorker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)
HKLM\...\Run: [TosPU] => C:\Program Files\TOSHIBA\PasswordUtility\TosPU.exe [2374552 2012-08-27] (Copyright © TOSHIBA Corp. 2012)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-28] (Synaptics Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2012-07-20] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-09-18] (Intel)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM-x32\...\Run: [chrome] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc.)
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\Run: [Speech Recognition] => C:\windows\Speech\Common\sapisvr.exe [44032 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-08-29] (Disc Soft Ltd)
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\Run: [Spotify Web Helper] => C:\Users\CARLOS\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-31] (Spotify Ltd)
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\MountPoints2: {25c0fdf2-5392-11e3-bec6-b888e31ba722} - "E:\setup.exe" 
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2015-09-15]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (No File)
Startup: C:\Users\CARLOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar a OneNote.lnk [2017-10-04]
ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\CARLOS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Supervisar alertas de tinta - HP Deskjet 2540 series.lnk [2017-02-18]
ShortcutTarget: Supervisar alertas de tinta - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\bin\HPStatusBL.dll (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{52ebbd13-0232-419d-a357-bb1847d37716}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a89ed696-7da7-4387-9647-5933b50f2990}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131675270821724724&GUID=7D1FD928-B88B-41AB-A9F7-E807E467A2B9
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://home.toshiba.com?cid=J13
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-15] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-15] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\CARLOS\AppData\Roaming\Philips-Songbird\Profiles\stpzumqw.default [2015-04-21]
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\windows\system32\npDeployJava1.dll [2013-05-27] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1380135985-2673685752-3878894861-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\CARLOS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-27] (Unity Technologies ApS)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/"
CHR Profile: C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default [2018-04-11]
CHR Extension: (Presentaciones) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-06]
CHR Extension: (Documentos) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-06]
CHR Extension: (Google Drive) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-06]
CHR Extension: (YouTube) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-06]
CHR Extension: (Adblock Plus) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-06]
CHR Extension: (Adobe Acrobat) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-04-06]
CHR Extension: (Hojas de cálculo) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-06]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-06]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-04-06]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\CARLOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-08-29] (Disc Soft Ltd)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2017-09-18] (Intel)
S3 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [236832 2015-10-07] (EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-08-07] (Realsil Microelectronics Inc.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2017-05-18] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 McNeelUpdate; c:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [66904 2017-05-22] (Robert McNeel & Associates)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [66872 2014-02-05] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [320512 2017-01-11] (Realtek Semiconductor)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe [157456 2017-03-07] ()
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-07] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-04] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswTap; C:\WINDOWS\system32\DRIVERS\aswTap.sys [53904 2017-02-26] (The OpenVPN Project)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-09-14] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-09-14] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
S3 hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2015-07-14] (LogMeIn Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-04-09] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-04-11] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-04-11] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-09] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-04-11] (Malwarebytes)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew00.sys [3352336 2015-05-04] (Intel Corporation)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 semav6msr64; C:\windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-28] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-07] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-07] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
R3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-11 17:31 - 2018-04-11 17:31 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000380-000000.txt
2018-04-11 17:30 - 2018-04-11 17:30 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000379-000000.txt
2018-04-11 17:27 - 2018-04-11 17:27 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000378-000000.txt
2018-04-11 17:26 - 2018-04-11 17:26 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000377-000000.txt
2018-04-11 17:23 - 2018-04-11 17:23 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000376-000000.txt
2018-04-11 17:23 - 2018-04-11 17:23 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000375-000000.txt
2018-04-11 17:13 - 2018-04-11 17:13 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000374-000000.txt
2018-04-11 17:12 - 2018-04-11 17:12 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000373-000000.txt
2018-04-11 17:09 - 2018-04-11 17:09 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000372-000000.txt
2018-04-11 17:08 - 2018-04-11 17:08 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000371-000000.txt
2018-04-11 17:05 - 2018-04-11 17:05 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000369-000000.txt
2018-04-11 17:05 - 2018-04-11 17:05 - 000004238 _____ C:\WINDOWS\system32\default_error_stack-000370-000000.txt
2018-04-11 17:01 - 2018-04-11 17:01 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000368-000000.txt
2018-04-11 17:01 - 2018-04-11 17:01 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000367-000000.txt
2018-04-11 16:58 - 2018-04-11 16:58 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000366-000000.txt
2018-04-11 16:57 - 2018-04-11 16:57 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000365-000000.txt
2018-04-11 16:31 - 2018-04-11 16:31 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-04-11 00:35 - 2018-04-11 00:44 - 000140561 _____ C:\Users\CARLOS\Downloads\WhatsApp Image 2018-04-11 at 00.29.58 (1).jpeg
2018-04-11 00:31 - 2018-04-11 00:35 - 000142274 _____ C:\Users\CARLOS\Downloads\WhatsApp Image 2018-04-11 at 00.29.58.jpeg
2018-04-11 00:01 - 2018-04-11 17:30 - 000000000 ____D C:\FRST
2018-04-10 13:37 - 2018-04-10 13:37 - 000080375 _____ C:\Users\CARLOS\Desktop\Ficha_estudiante.xlsx
2018-04-10 13:35 - 2018-04-10 13:35 - 001051170 _____ C:\Users\CARLOS\Downloads\Buduba Santiago (1).xlsx
2018-04-10 13:34 - 2018-04-10 13:36 - 000080375 _____ C:\Users\CARLOS\Downloads\Ficha_estudiante.xlsx
2018-04-10 13:33 - 2018-04-10 13:33 - 001051170 _____ C:\Users\CARLOS\Downloads\Buduba Santiago.xlsx
2018-04-10 13:21 - 2018-04-10 13:21 - 000000000 ___HD C:\$SysReset
2018-04-10 10:49 - 2018-04-10 22:05 - 000000000 ____D C:\AdwCleaner
2018-04-10 00:59 - 2018-04-10 00:59 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-04-10 00:38 - 2018-04-10 00:38 - 000002008 _____ C:\Users\CARLOS\Desktop\Avast Free Antivirus.lnk
2018-04-10 00:33 - 2018-04-10 00:33 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-04-10 00:21 - 2018-04-10 00:21 - 000178320 _____ (AVAST Software) C:\Users\CARLOS\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2018-04-09 20:36 - 2018-04-11 17:27 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-04-09 20:29 - 2018-04-11 17:24 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-04-09 20:29 - 2018-04-11 17:24 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-04-09 20:29 - 2018-04-09 20:35 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-09 20:29 - 2018-04-09 20:29 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-04-09 20:29 - 2018-04-09 20:29 - 000001953 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-09 20:29 - 2018-04-09 20:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-09 20:29 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-09 20:28 - 2018-04-09 20:28 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-09 20:16 - 2018-04-09 20:19 - 071942408 _____ (Malwarebytes ) C:\Users\CARLOS\Downloads\mb3-setup-35891.35891-3.4.5.2467-1.0.342-1.0.4514.exe
2018-04-06 22:51 - 2018-04-10 11:28 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-04-06 22:51 - 2018-04-06 22:52 - 000000000 ____D C:\Program Files\CCleaner
2018-04-06 22:51 - 2018-04-06 22:51 - 000002850 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-04-06 22:51 - 2018-04-06 22:51 - 000000904 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-04-06 22:51 - 2018-04-06 22:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-04-06 22:50 - 2018-04-06 22:51 - 015333312 _____ (Piriform Ltd) C:\Users\CARLOS\Downloads\ccsetup541pro.exe
2018-04-06 22:48 - 2018-04-06 22:48 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-06 22:46 - 2018-04-06 22:46 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Deployment
2018-04-06 21:06 - 2018-04-06 21:06 - 015333312 _____ (Piriform Ltd) C:\Users\CARLOS\Downloads\4a7d68fe-3710-4d33-9a5b-6655616f43b0.tmp
2018-04-06 21:05 - 2018-04-06 21:06 - 008222496 _____ (Malwarebytes) C:\Users\CARLOS\Downloads\9bd81cbc-9c90-4ab8-bf7e-c850d98ca3c0.tmp
2018-04-06 21:05 - 2018-04-06 21:06 - 003932181 _____ C:\Users\CARLOS\Downloads\6668c332-6402-4a6d-a392-7a8896a76b13.tmp
2018-04-06 20:39 - 2018-04-06 20:39 - 000001182 _____ C:\Users\Public\Desktop\Rhinoceros 5.lnk
2018-04-06 20:39 - 2018-04-06 20:39 - 000000000 ____D C:\Program Files (x86)\McNeelUpdate
2018-04-06 20:38 - 2018-04-06 20:38 - 000000000 ____D C:\Program Files (x86)\Rhinoceros 5
2018-04-06 19:19 - 2018-04-06 22:49 - 000000000 ____D C:\ProgramData\dahjService
2018-04-06 19:19 - 2018-04-06 19:19 - 000003758 _____ C:\WINDOWS\System32\Tasks\{D84182F4-150B-0854-A78D-74B1D3AF2653}
2018-04-06 19:19 - 2018-04-06 19:19 - 000003564 _____ C:\WINDOWS\System32\Tasks\{E99BF826-2C93-FBAE-3C64-CCBA227B8812}
2018-04-06 18:07 - 2018-04-06 20:41 - 000001196 _____ C:\Users\Public\Desktop\Rhinoceros 5 (64-bit).lnk
2018-04-06 18:07 - 2018-04-06 18:07 - 000000000 ____D C:\Program Files\Rhinoceros 5 (64-bit)
2018-04-06 17:40 - 2018-04-06 18:01 - 474323528 _____ (Igor Pavlov) C:\Users\CARLOS\Downloads\rh50_es-es_5.14.00522.08390 (1).exe
2018-04-06 17:03 - 2018-04-06 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhino 6
2018-04-06 17:03 - 2018-04-06 20:19 - 000000000 ____D C:\Program Files\Rhino 6
2018-04-06 16:29 - 2018-04-06 20:28 - 000000000 ____D C:\Users\CARLOS\Desktop\Nueva carpeta (3)
2018-04-06 16:05 - 2018-04-06 16:05 - 000000000 ____D C:\Users\CARLOS\AppData\Local\3dmouse
2018-04-05 00:50 - 2018-04-05 00:58 - 249195384 _____ (Robert McNeel & Associates) C:\Users\CARLOS\Downloads\rhino_es-es_6.3.18090.00471.exe
2018-04-05 00:09 - 2018-04-05 00:09 - 000055924 _____ C:\Users\CARLOS\Downloads\WhatsApp Image 2018-04-05 at 00.10.34.jpeg
2018-04-04 23:52 - 2018-04-04 23:52 - 001595351 _____ C:\Users\CARLOS\Downloads\Plantilla maqueta.ai
2018-04-04 14:06 - 2018-04-04 14:06 - 000689664 _____ C:\WINDOWS\cae18f11c7879759b35f229cae0de6d7.exe
2018-04-04 14:06 - 2018-04-04 14:06 - 000047241 _____ C:\WINDOWS\uninstaller.dat
2018-03-31 13:17 - 2018-03-31 13:17 - 000066940 _____ C:\Users\CARLOS\Downloads\WhatsApp Image 2018-03-31 at 13.18.00.jpeg
2018-03-23 14:57 - 2018-03-23 14:57 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Tempzxpsign5784121b5fcc9882
2018-03-23 14:55 - 2018-03-23 14:55 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Tempzxpsign286219933262f2a6
2018-03-23 14:55 - 2018-03-23 14:55 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Tempzxpsign10e6fc7b5769e3d2
2018-03-23 13:18 - 2018-03-23 13:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2018-03-23 12:00 - 2018-03-23 12:01 - 093808776 _____ (Intel® Corporation) C:\Users\CARLOS\Downloads\WiFi_Win10_64_18.40.4.exe
2018-03-23 11:50 - 2018-03-13 04:09 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-23 11:50 - 2018-03-13 04:08 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-23 11:50 - 2018-03-13 04:06 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-23 11:50 - 2018-03-13 04:06 - 000270752 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-23 11:50 - 2018-03-13 04:06 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-23 11:50 - 2018-03-13 04:05 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-23 11:50 - 2018-03-13 04:05 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-23 11:50 - 2018-03-13 04:04 - 000749472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-23 11:50 - 2018-03-13 04:04 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-23 11:50 - 2018-03-13 04:04 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-23 11:50 - 2018-03-13 04:03 - 005907288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-03-23 11:50 - 2018-03-13 04:03 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-23 11:50 - 2018-03-13 04:03 - 000779960 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-03-23 11:50 - 2018-03-13 04:03 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-03-23 11:50 - 2018-03-13 04:03 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-23 11:50 - 2018-03-13 04:03 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-23 11:50 - 2018-03-13 04:03 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-03-23 11:50 - 2018-03-13 04:03 - 000279960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-23 11:50 - 2018-03-13 04:03 - 000273312 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-23 11:50 - 2018-03-13 04:02 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-23 11:50 - 2018-03-13 04:02 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-23 11:50 - 2018-03-13 04:02 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-03-23 11:50 - 2018-03-13 04:02 - 001415288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-23 11:50 - 2018-03-13 04:02 - 001209752 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-23 11:50 - 2018-03-13 04:01 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-03-23 11:50 - 2018-03-13 03:59 - 000535968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-03-23 11:50 - 2018-03-13 03:58 - 000377760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-23 11:50 - 2018-03-13 03:58 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-23 11:50 - 2018-03-13 03:57 - 000711432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-03-23 11:50 - 2018-03-13 03:57 - 000540056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-23 11:50 - 2018-03-13 03:55 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-23 11:50 - 2018-03-13 03:55 - 001778360 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-03-23 11:50 - 2018-03-13 03:55 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-03-23 11:50 - 2018-03-13 03:55 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-23 11:50 - 2018-03-13 03:55 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-23 11:50 - 2018-03-13 03:55 - 000246176 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-03-23 11:50 - 2018-03-13 03:54 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-03-23 11:50 - 2018-03-13 03:54 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-23 11:50 - 2018-03-13 03:54 - 000555936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-23 11:50 - 2018-03-13 03:54 - 000163744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-03-23 11:50 - 2018-03-13 03:53 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-23 11:50 - 2018-03-13 03:53 - 000902928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-03-23 11:50 - 2018-03-13 03:53 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2018-03-23 11:50 - 2018-03-13 03:53 - 000113568 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-03-23 11:50 - 2018-03-13 03:52 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-23 11:50 - 2018-03-13 03:52 - 000172112 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2018-03-23 11:50 - 2018-03-13 03:51 - 002773408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-03-23 11:50 - 2018-03-13 03:51 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-03-23 11:50 - 2018-03-13 03:50 - 000617312 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-03-23 11:50 - 2018-03-13 02:56 - 025253376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-23 11:50 - 2018-03-13 02:41 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-03-23 11:50 - 2018-03-13 02:40 - 003663872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-23 11:50 - 2018-03-13 02:40 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-23 11:50 - 2018-03-13 02:40 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-03-23 11:50 - 2018-03-13 02:37 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-03-23 11:50 - 2018-03-13 02:37 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-23 11:50 - 2018-03-13 02:37 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-23 11:50 - 2018-03-13 02:36 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2018-03-23 11:50 - 2018-03-13 02:36 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-03-23 11:50 - 2018-03-13 02:35 - 008031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-23 11:50 - 2018-03-13 02:35 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-23 11:50 - 2018-03-13 02:35 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-03-23 11:50 - 2018-03-13 02:34 - 008727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-03-23 11:50 - 2018-03-13 02:34 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-03-23 11:50 - 2018-03-13 02:33 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-23 11:50 - 2018-03-13 02:33 - 007544832 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-03-23 11:50 - 2018-03-13 02:33 - 001574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2018-03-23 11:50 - 2018-03-13 02:33 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-23 11:50 - 2018-03-13 02:33 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-03-23 11:50 - 2018-03-13 02:33 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-03-23 11:50 - 2018-03-13 02:33 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2018-03-23 11:50 - 2018-03-13 02:33 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-03-23 11:50 - 2018-03-13 02:32 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-23 11:50 - 2018-03-13 02:32 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2018-03-23 11:50 - 2018-03-13 02:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-03-23 11:50 - 2018-03-13 02:32 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-03-23 11:50 - 2018-03-13 02:31 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-23 11:50 - 2018-03-13 02:31 - 004746240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-23 11:50 - 2018-03-13 02:31 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-03-23 11:50 - 2018-03-13 02:31 - 001263104 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-03-23 11:50 - 2018-03-13 02:31 - 001173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-03-23 11:50 - 2018-03-13 02:30 - 007145472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-03-23 11:50 - 2018-03-13 02:30 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-03-23 11:50 - 2018-03-13 02:30 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-03-23 11:50 - 2018-03-13 02:30 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2018-03-23 11:50 - 2018-03-13 02:30 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-03-23 11:50 - 2018-03-13 02:29 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-03-23 11:50 - 2018-03-13 02:29 - 003170816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-03-23 11:50 - 2018-03-13 02:29 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-03-23 11:50 - 2018-03-13 02:29 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-03-23 11:50 - 2018-03-13 02:29 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 003160576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-23 11:50 - 2018-03-13 02:28 - 001967104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 001157632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 000837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-03-23 11:50 - 2018-03-13 02:28 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-03-23 11:50 - 2018-03-13 02:28 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-03-23 11:50 - 2018-03-13 02:27 - 003125760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-03-23 11:50 - 2018-03-13 02:27 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-03-23 11:50 - 2018-03-13 02:27 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-03-23 11:50 - 2018-03-13 02:27 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-03-23 11:50 - 2018-03-13 02:27 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-03-23 11:50 - 2018-03-13 02:26 - 001737728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-03-23 11:50 - 2018-03-13 02:25 - 001346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-03-23 11:50 - 2018-03-13 02:25 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-23 11:50 - 2018-03-13 02:25 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-23 11:50 - 2018-03-13 02:24 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-03-23 11:50 - 2018-03-13 02:24 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-03-23 11:50 - 2018-03-13 02:23 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-03-23 11:50 - 2018-03-13 02:23 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2018-03-23 11:50 - 2018-03-13 02:23 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2018-03-23 11:50 - 2018-03-13 02:22 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-23 11:50 - 2018-03-13 02:22 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2018-03-23 11:50 - 2018-03-13 02:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-23 11:50 - 2018-03-13 02:22 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-23 11:50 - 2018-03-13 02:19 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-23 11:50 - 2018-03-13 02:19 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-03-23 11:50 - 2018-03-13 02:19 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-03-23 11:50 - 2018-03-13 02:19 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-03-23 11:50 - 2018-03-13 02:18 - 000213408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-23 11:50 - 2018-03-13 02:15 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-03-23 11:50 - 2018-03-13 02:08 - 001555784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-03-23 11:50 - 2018-03-13 02:08 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-03-23 11:50 - 2018-03-13 02:06 - 000704080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-03-23 11:50 - 2018-03-13 02:06 - 000564640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2018-03-23 11:50 - 2018-03-13 02:04 - 006481096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-23 11:50 - 2018-03-13 02:04 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-23 11:50 - 2018-03-13 02:04 - 000140592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2018-03-23 11:50 - 2018-03-13 01:44 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-03-23 11:50 - 2018-03-13 01:44 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-23 11:50 - 2018-03-13 01:43 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-23 11:50 - 2018-03-13 01:43 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-03-23 11:50 - 2018-03-13 01:41 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-23 11:50 - 2018-03-13 01:41 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-23 11:50 - 2018-03-13 01:40 - 006118400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-03-23 11:50 - 2018-03-13 01:39 - 019355136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-23 11:50 - 2018-03-13 01:39 - 018923520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-23 11:50 - 2018-03-13 01:39 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-23 11:50 - 2018-03-13 01:39 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-03-23 11:50 - 2018-03-13 01:38 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-03-23 11:50 - 2018-03-13 01:37 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-23 11:50 - 2018-03-13 01:37 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2018-03-23 11:50 - 2018-03-13 01:37 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2018-03-23 11:50 - 2018-03-13 01:37 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-03-23 11:50 - 2018-03-13 01:37 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-03-23 11:50 - 2018-03-13 01:36 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-23 11:50 - 2018-03-13 01:35 - 006204416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-03-23 11:50 - 2018-03-13 01:34 - 002409984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-03-23 11:50 - 2018-03-13 01:33 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-03-23 11:50 - 2018-03-13 01:33 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-03-23 11:50 - 2018-03-13 01:32 - 006030848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-23 11:50 - 2018-03-13 01:32 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-23 11:50 - 2018-03-13 01:32 - 002577408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-03-23 11:50 - 2018-03-13 01:31 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-03-23 11:50 - 2018-03-13 01:31 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-03-23 11:50 - 2018-03-13 01:31 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-03-23 11:50 - 2018-03-13 01:31 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-03-23 11:50 - 2018-03-13 01:30 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-03-23 11:50 - 2018-03-13 01:30 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-03-23 11:50 - 2018-03-13 01:28 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-03-23 11:50 - 2018-03-13 01:27 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2018-03-23 11:50 - 2018-03-13 01:27 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2018-03-23 11:49 - 2018-03-13 03:58 - 000441248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-03-23 11:49 - 2018-03-13 03:55 - 000417440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2018-03-23 11:49 - 2018-03-13 03:55 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-03-23 11:49 - 2018-03-13 03:54 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-23 11:49 - 2018-03-13 03:53 - 000143264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2018-03-23 11:49 - 2018-03-13 03:53 - 000091152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2018-03-23 11:49 - 2018-03-13 03:52 - 000127136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2018-03-23 11:49 - 2018-03-13 02:40 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-03-23 11:49 - 2018-03-13 02:38 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2018-03-23 11:49 - 2018-03-13 02:38 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-03-23 11:49 - 2018-03-13 02:38 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2018-03-23 11:49 - 2018-03-13 02:37 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2018-03-23 11:49 - 2018-03-13 02:37 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2018-03-23 11:49 - 2018-03-13 02:37 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2018-03-23 11:49 - 2018-03-13 02:35 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-03-23 11:49 - 2018-03-13 02:35 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-03-23 11:49 - 2018-03-13 02:35 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2018-03-23 11:49 - 2018-03-13 02:35 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-03-23 11:49 - 2018-03-13 02:35 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2018-03-23 11:49 - 2018-03-13 02:35 - 000219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-03-23 11:49 - 2018-03-13 02:35 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlgpclnt.dll
2018-03-23 11:49 - 2018-03-13 02:34 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-03-23 11:49 - 2018-03-13 02:34 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-03-23 11:49 - 2018-03-13 02:34 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2018-03-23 11:49 - 2018-03-13 02:33 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2018-03-23 11:49 - 2018-03-13 02:33 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2018-03-23 11:49 - 2018-03-13 02:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2018-03-23 11:49 - 2018-03-13 02:32 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-03-23 11:49 - 2018-03-13 02:31 - 002849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-03-23 11:49 - 2018-03-13 02:31 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2018-03-23 11:49 - 2018-03-13 02:31 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2018-03-23 11:49 - 2018-03-13 02:30 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-03-23 11:49 - 2018-03-13 02:29 - 000984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-03-23 11:49 - 2018-03-13 02:28 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-03-23 11:49 - 2018-03-13 02:26 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-03-23 11:49 - 2018-03-13 02:25 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2018-03-23 11:49 - 2018-03-13 02:24 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2018-03-23 11:49 - 2018-03-13 02:07 - 000115104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-23 11:49 - 2018-03-13 01:44 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-03-23 11:49 - 2018-03-13 01:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-03-23 11:49 - 2018-03-13 01:40 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2018-03-23 11:49 - 2018-03-13 01:39 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2018-03-23 11:49 - 2018-03-13 01:39 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-03-23 11:49 - 2018-03-13 01:39 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-03-23 11:49 - 2018-03-13 01:38 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlgpclnt.dll
2018-03-23 11:49 - 2018-03-13 01:37 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2018-03-23 11:49 - 2018-03-13 01:37 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2018-03-23 11:49 - 2018-03-13 01:37 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2018-03-23 11:49 - 2018-03-13 01:36 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-03-23 11:49 - 2018-03-13 01:36 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-03-23 11:49 - 2018-03-13 01:36 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-03-23 11:49 - 2018-03-13 01:34 - 000706048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-03-23 11:49 - 2018-03-13 01:32 - 001948672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-03-23 11:49 - 2018-03-13 01:31 - 001348608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-03-23 11:49 - 2018-03-13 01:26 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2018-03-22 01:48 - 2018-03-22 01:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-03-22 01:47 - 2018-04-06 18:08 - 000000000 ____D C:\Users\CARLOS\Downloads\DS.SolidWorks.2018.SP0.Premium-SSQ
2018-03-22 01:47 - 2018-03-22 01:47 - 013804384 _____ C:\Users\CARLOS\Desktop\SolidWorks.2018.Activator-SSQ.rar
2018-03-22 01:46 - 2018-03-22 01:46 - 000071890 _____ C:\Users\CARLOS\Downloads\SLDWRKSTorrent.rar
2018-03-21 12:01 - 2018-03-21 12:21 - 000000000 ____D C:\Users\CARLOS\Downloads\Harry Potter And The Deathly Hallows Part 2 2011 1080p Bluray x264 (DTS) - HarryLala
2018-03-20 23:15 - 2018-03-20 23:29 - 000000000 ____D C:\Users\CARLOS\Downloads\Harry Potter and the Deathly Hallows Part 1 (2010) [1080p]
2018-03-16 11:26 - 2018-04-06 19:21 - 000000000 ____D C:\Users\CARLOS\AppData\LocalLow\uTorrent
2018-03-14 19:35 - 2018-03-02 00:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 19:35 - 2018-03-01 04:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 19:35 - 2018-03-01 04:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-14 19:35 - 2018-03-01 04:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 19:35 - 2018-03-01 04:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-14 19:35 - 2018-03-01 04:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-14 19:35 - 2018-03-01 04:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-14 19:35 - 2018-03-01 04:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-14 19:35 - 2018-03-01 04:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-14 19:35 - 2018-03-01 04:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-14 19:35 - 2018-03-01 04:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-14 19:35 - 2018-03-01 04:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 19:35 - 2018-03-01 03:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-14 19:35 - 2018-03-01 03:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-14 19:35 - 2018-03-01 03:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-14 19:35 - 2018-03-01 03:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-14 19:35 - 2018-03-01 03:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-14 19:35 - 2018-03-01 03:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-14 19:35 - 2018-03-01 03:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-14 19:35 - 2018-03-01 03:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-14 19:35 - 2018-03-01 03:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-14 19:35 - 2018-03-01 03:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-14 19:35 - 2018-03-01 02:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-14 19:35 - 2018-03-01 02:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-14 19:35 - 2018-03-01 02:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-14 19:35 - 2018-03-01 02:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-14 19:35 - 2018-03-01 02:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-14 19:35 - 2018-03-01 02:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-14 19:35 - 2018-03-01 02:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 19:35 - 2018-03-01 02:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-14 19:35 - 2018-03-01 02:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 19:35 - 2018-03-01 02:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-14 19:35 - 2018-03-01 02:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-14 19:35 - 2018-03-01 02:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 19:35 - 2018-03-01 02:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 19:35 - 2018-03-01 02:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-14 19:35 - 2018-03-01 02:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 19:35 - 2018-03-01 02:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-14 19:35 - 2018-03-01 02:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-14 19:35 - 2018-03-01 02:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-14 19:35 - 2018-03-01 02:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-14 19:35 - 2018-03-01 02:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-14 19:35 - 2018-03-01 02:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-14 19:35 - 2018-03-01 02:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-14 19:35 - 2018-03-01 02:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-14 19:35 - 2018-03-01 02:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-14 19:35 - 2018-03-01 02:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-14 19:35 - 2018-03-01 02:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-14 19:35 - 2018-03-01 02:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-14 19:35 - 2018-03-01 02:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-14 19:35 - 2018-03-01 02:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 19:35 - 2018-03-01 02:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-14 19:35 - 2018-03-01 02:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-14 19:35 - 2018-02-21 23:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-14 19:35 - 2018-02-21 23:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-14 19:35 - 2018-02-21 23:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-14 19:35 - 2018-02-21 23:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-14 19:35 - 2018-02-21 23:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-14 19:35 - 2018-02-21 23:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-14 19:35 - 2018-02-21 23:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-14 19:35 - 2018-02-21 23:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-14 19:35 - 2018-02-21 23:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-14 19:35 - 2018-02-21 23:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-14 19:35 - 2018-02-21 22:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-14 19:35 - 2018-02-21 22:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-14 19:35 - 2018-02-21 22:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-14 19:35 - 2018-02-21 22:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-14 19:35 - 2018-02-21 21:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-14 19:35 - 2018-02-21 21:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-14 19:35 - 2018-02-21 21:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-14 19:34 - 2018-03-02 00:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 19:34 - 2018-03-02 00:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 19:34 - 2018-03-02 00:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 19:34 - 2018-03-02 00:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-14 19:34 - 2018-03-02 00:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 19:34 - 2018-03-01 23:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-14 19:34 - 2018-03-01 17:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-14 19:34 - 2018-03-01 04:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 19:34 - 2018-03-01 04:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 19:34 - 2018-03-01 04:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 19:34 - 2018-03-01 04:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 19:34 - 2018-03-01 04:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-14 19:34 - 2018-03-01 04:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 19:34 - 2018-03-01 04:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-14 19:34 - 2018-03-01 03:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-14 19:34 - 2018-03-01 03:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-14 19:34 - 2018-03-01 03:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-14 19:34 - 2018-03-01 03:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-14 19:34 - 2018-03-01 03:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-14 19:34 - 2018-03-01 02:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 19:34 - 2018-03-01 02:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-14 19:34 - 2018-03-01 02:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-14 19:34 - 2018-03-01 02:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-14 19:34 - 2018-03-01 02:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-14 19:34 - 2018-03-01 02:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-14 19:34 - 2018-03-01 02:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-14 19:34 - 2018-03-01 02:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-14 19:34 - 2018-03-01 02:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-14 19:34 - 2018-03-01 02:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 19:34 - 2018-03-01 02:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 19:34 - 2018-03-01 02:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 19:34 - 2018-03-01 02:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 19:34 - 2018-03-01 02:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-14 19:34 - 2018-03-01 02:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-14 19:34 - 2018-03-01 02:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 19:34 - 2018-03-01 02:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 19:34 - 2018-03-01 02:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-14 19:34 - 2018-03-01 02:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-14 19:34 - 2018-02-21 23:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-14 19:34 - 2018-02-21 22:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-14 19:34 - 2018-02-21 22:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-14 19:34 - 2018-02-21 22:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-14 19:34 - 2018-02-21 21:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-14 19:34 - 2018-02-21 21:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 19:34 - 2018-02-21 21:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-14 19:34 - 2018-02-21 21:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-14 19:34 - 2018-02-21 21:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-13 23:08 - 2018-03-13 23:08 - 000000000 ____D C:\Users\CARLOS\Documents\FeedbackHub
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-11 17:31 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-11 17:23 - 2017-12-02 12:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-11 17:17 - 2017-09-29 05:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-04-11 17:16 - 2017-09-29 10:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-11 17:07 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-04-11 17:05 - 2013-10-28 12:31 - 000000000 ____D C:\Users\CARLOS\AppData\LocalLow\Temp
2018-04-11 00:45 - 2017-12-02 11:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-10 23:28 - 2017-12-02 12:13 - 000005260 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for SANTI-Santi Santi
2018-04-10 21:52 - 2017-09-29 10:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-10 21:52 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-10 13:36 - 2017-12-02 11:44 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Packages
2018-04-10 11:19 - 2013-04-16 16:26 - 000000000 ____D C:\ProgramData\AVAST Software
2018-04-10 10:35 - 2013-02-22 02:23 - 000000000 ____D C:\Users\CARLOS\AppData\Roaming\Skype
2018-04-10 10:22 - 2017-12-02 11:43 - 000000000 ____D C:\Users\CARLOS
2018-04-10 00:39 - 2017-11-03 23:26 - 000000000 ___RD C:\Users\CARLOS\Desktop\-
2018-04-09 22:05 - 2018-02-04 18:25 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Spotify
2018-04-09 22:03 - 2018-02-04 18:10 - 000000000 ____D C:\Users\CARLOS\AppData\Roaming\Spotify
2018-04-09 21:37 - 2018-02-16 23:27 - 000000000 ____D C:\WINDOWS\Minidump
2018-04-09 21:28 - 2013-01-30 21:00 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Adobe
2018-04-09 20:36 - 2017-10-11 13:15 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-04-09 20:28 - 2015-09-15 13:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-09 20:16 - 2017-12-02 12:13 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-04-09 14:48 - 2017-12-02 16:05 - 001058630 _____ C:\WINDOWS\system32\perfh00A.dat
2018-04-09 14:48 - 2017-12-02 16:05 - 000239600 _____ C:\WINDOWS\system32\perfc00A.dat
2018-04-09 14:48 - 2017-12-02 12:10 - 002354402 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-08 00:28 - 2016-03-25 19:24 - 000000000 ____D C:\Users\CARLOS\AppData\Roaming\vlc
2018-04-07 22:43 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-04-07 22:28 - 2013-04-07 21:58 - 000000000 ____D C:\WINDOWS\pss
2018-04-06 22:48 - 2013-01-30 00:54 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Google
2018-04-06 22:47 - 2017-12-02 12:13 - 000003618 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-06 22:47 - 2017-12-02 12:13 - 000003494 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-06 22:47 - 2013-01-30 00:54 - 000000000 ____D C:\Program Files (x86)\Google
2018-04-06 21:12 - 2017-09-29 10:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-06 20:54 - 2017-12-02 11:36 - 005089376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-06 20:46 - 2013-01-31 20:15 - 000000000 ___RD C:\Users\CARLOS\Desktop\Stuff
2018-04-06 20:43 - 2017-04-26 22:28 - 000000000 ____D C:\Users\CARLOS\Desktop\Facultad
2018-04-06 20:41 - 2017-10-26 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhinoceros 5
2018-04-06 20:30 - 2017-10-26 16:59 - 000000500 _____ C:\WINDOWS\SysWOW64\Drivers\ibyfyu_413.set
2018-04-06 20:30 - 2017-10-26 16:59 - 000000500 _____ C:\WINDOWS\SysWOW64\Drivers\ddpnqch185.dat
2018-04-06 20:30 - 2017-10-26 16:59 - 000000500 _____ C:\WINDOWS\d_jdmjol162.ini
2018-04-06 20:23 - 2014-10-27 16:41 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-06 19:21 - 2013-03-17 01:35 - 000000000 ____D C:\Users\CARLOS\AppData\Roaming\uTorrent
2018-04-06 16:28 - 2017-10-26 19:06 - 000000000 ____D C:\Users\CARLOS\AppData\Roaming\McNeel
2018-04-06 16:28 - 2017-10-26 16:59 - 000000000 ____D C:\ProgramData\McNeel
2018-04-03 16:37 - 2017-09-29 10:49 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-04-03 16:37 - 2017-09-29 10:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-27 11:50 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-27 11:05 - 2012-08-30 21:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-03-23 13:19 - 2012-11-16 11:00 - 000000000 ____D C:\ProgramData\Intel
2018-03-23 12:03 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-22 01:56 - 2012-08-30 20:56 - 000000000 ____D C:\Program Files (x86)\TOSHIBA
2018-03-22 01:55 - 2015-10-24 00:44 - 000000000 ____D C:\GOG Games
2018-03-22 01:53 - 2017-10-04 14:28 - 000000000 ____D C:\Program Files\rempl
2018-03-22 01:51 - 2014-10-06 21:45 - 000000000 ____D C:\ProgramData\HP
2018-03-22 01:49 - 2017-12-30 10:57 - 000000000 ____D C:\ProgramData\Garmin
2018-03-22 01:48 - 2017-08-29 23:05 - 000000000 ____D C:\Users\CARLOS\AppData\Roaming\Splitscreen Studios
2018-03-21 21:00 - 2015-10-03 23:13 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-15 21:36 - 2017-12-02 12:13 - 000004556 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-03-15 21:35 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-15 21:35 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-15 21:34 - 2017-10-04 02:19 - 000000000 ___RD C:\Users\CARLOS\3D Objects
2018-03-15 21:34 - 2016-11-20 15:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-14 20:50 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-14 20:50 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-03-14 20:50 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-14 20:30 - 2018-03-07 16:57 - 000010622 _____ C:\Users\CARLOS\Desktop\Horarios 2018.xlsx
2018-03-14 19:52 - 2014-09-09 20:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-14 19:47 - 2017-10-11 10:56 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 19:47 - 2013-01-31 03:03 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-14 19:38 - 2017-09-29 10:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 19:38 - 2017-09-29 10:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-13 02:02 - 2017-12-02 11:40 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
 
==================== Files in the root of some directories =======
 
2013-03-15 19:40 - 2018-01-11 23:23 - 000007590 _____ () C:\Users\CARLOS\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-04-10 23:20
 
==================== End of FRST.txt ============================
 
 
Here the addition one!
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Santi (11-04-2018 17:35:23)
Running from E:\
Windows 10 Home Version 1709 16299.334 (X64) (2017-12-02 15:15:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1380135985-2673685752-3878894861-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1380135985-2673685752-3878894861-503 - Limited - Disabled)
Guest (S-1-5-21-1380135985-2673685752-3878894861-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1380135985-2673685752-3878894861-1012 - Limited - Enabled)
Santi (S-1-5-21-1380135985-2673685752-3878894861-1001 - Administrator - Enabled) => C:\Users\CARLOS
WDAGUtilityAccount (S-1-5-21-1380135985-2673685752-3878894861-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{8FD6FE5A-E1E1-47F3-BBE6-FE2B1364DCB8}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{2394186A-5445-4293-B739-352009350342}) (Version: 3.0.0.9 - Intel) Hidden
µTorrent (HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_1_0) (Version: 21.1.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1) (Version: 18.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlefield 2™ (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Cosmoteer 0.13.6 (HKLM\...\{BC4C8EB1-3CD1-465D-B4D3-A15F9F0B4C4F}_is1) (Version: 0.13.6 - Walt Destler)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0195 - Disc Soft Ltd)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON XP-211 214 216 Series Printer Uninstall (HKLM\...\EPSON XP-211 214 216 Series) (Version:  - SEIKO EPSON Corporation)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4653 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{01f3f6b8-1a81-4b10-b51f-f69af12e1d69}) (Version: 3.0.0.9 - Intel)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
Malwarebytes versión 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mount and Blade - Warband  - Napoleonic Wars (HKLM-x32\...\Mount and Blade: Warband  - Napoleonic Wars_is1) (Version: 2.1.1.11 - GOG.com)
Mount and Blade - Warband  - Viking Conquest (HKLM-x32\...\Mount and Blade: Warband  - Viking Conquest_is1) (Version: 2.1.1.11 - GOG.com)
Mount and Blade - Warband (HKLM-x32\...\1207666913_is1) (Version: 2.2.0.10 - GOG.com)
Mount and Blade - With Fire and Sword (HKLM-x32\...\1207666903_is1) (Version: 2.0.0.4 - GOG.com)
Mount and Blade (HKLM-x32\...\1207666893_is1) (Version: 2.0.0.4 - GOG.com)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version:  - Native Instruments)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29031 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Rhinoceros 5 (64-bit) (HKLM\...\{31120413-C19E-464C-A0BE-DF13B595BA7F}) (Version: 5.14.00522.08390 - Robert McNeel & Associates)
Rhinoceros 5 (HKLM-x32\...\{015DA80B-D206-42B4-8A52-2054BF0E7434}) (Version: 5.14.00522.08390 - Robert McNeel & Associates)
Rhinoceros 5 Help Media (HKLM-x32\...\{552F40DE-871B-48D8-B07F-43ED512E9B7A}) (Version: 5.6.31022.16390 - Robert McNeel & Associates)
Rhinoceros 5 Language Pack Installer (es-ES) (HKLM-x32\...\{59EDC04B-7048-4424-833C-AB64B1A727B8}) (Version: 5.6.31022.16390 - Robert McNeel & Associates)
SketchUp 2016 (HKLM\...\{9BAF512C-7517-4527-A323-4B006ACD1E65}) (Version: 16.1.1449 - Trimble Navigation Limited)
SketchUp 2017 (HKLM\...\{31645965-D0A5-4D0B-98C8-48A2C804AD7A}) (Version: 17.2.2555 - Trimble Navigation Limited)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Software Intel® PROSet/Wireless (HKLM-x32\...\{88540041-fd0c-4588-9b2f-251e29f7c5a1}) (Version: 18.40.4 - Intel Corporation)
Spotify (HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)
SRS Premium Sound Control Panel (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.3 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
The Elder Scrolls V Skyrim - Legendary Edition (HKLM-x32\...\The Elder Scrolls V Skyrim - Legendary Edition_is1) (Version:  - )
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.8.1C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.1.1 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 1.0.0.5C - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{63E575B6-BEF3-4DE7-823E-508837914157}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.38 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.1 - Compal) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.1 - Compal) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WhatsApp (HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\WhatsApp) (Version: 0.2.5863 - WhatsApp)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1380135985-2673685752-3878894861-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1380135985-2673685752-3878894861-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-05-18] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {158302CF-C03A-486A-80E1-EAA4B2B27D5D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {170753D0-0BA5-428A-A3EA-7319A75F8A51} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-06-06] (Microsoft Corporation)
Task: {19022932-6CBC-45F2-A0B1-0E658EA8AA00} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {2039F255-AD1A-4AB3-9C4B-904CBEF6089E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-15] (Adobe Systems Incorporated)
Task: {21B3EDAD-FC12-4970-B7C7-3511390E9BD8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {30CAE21F-7394-444F-8B4B-FAE3841C98C7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-07] (Microsoft Corporation)
Task: {36D5F91A-3F93-4020-BB5F-F784D0E05C0F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-07] (Microsoft Corporation)
Task: {3A6B0FBA-621D-45E4-A75F-804A86F5F951} - System32\Tasks\{13F98F80-1A1C-496D-936D-561828BAF175} => C:\windows\system32\pcalua.exe -a "C:\Users\CARLOS\Desktop\Santi\Juegos\Assassins Creed Revelations\Assassins Creed Revelations Repack\Desinstalar.exe"
Task: {3DB62B8E-A1C8-49D9-9B9E-44C4C18EBAE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-07] (Microsoft Corporation)
Task: {3E5BFE66-BF39-4FFE-97EC-21987AB47FC2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {52CC9CED-D415-49CC-92E8-F7734A05F467} - System32\Tasks\{8236EAE4-3C5C-4D50-B02D-08CD52987C81} => C:\windows\system32\pcalua.exe -a F:\DirectX\dxsetup.exe -d F:\DirectX
Task: {5D6B783F-8C86-4179-8BE3-7088AE4AFB6E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {5E00DB4E-1AA1-48B8-B6F6-0ED330447B4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-06] (Google Inc.)
Task: {62EA05AA-4B0B-4732-BD52-56EF8523A835} - System32\Tasks\EPSON XP-211 214 216 Series Update {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {6892B9A1-D8B9-4352-ADEE-F304639F6F8A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6AD7CAE5-F03D-4319-954D-618A2AC5DEB3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-07] (Microsoft Corporation)
Task: {6E99E421-6880-4F91-B000-BC1A74AF3B37} - System32\Tasks\veZb3rKDtZpUUQqQzbc => C:\Users\CARLOS\AppData\Roaming\veZb3rKDtZpUUQqQzbc.exe <==== ATTENTION
Task: {71BEBB0F-C2EA-4F99-AB5F-34275A58E5EF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {73260907-06DD-4A3C-9DDB-468F7B709AA9} - System32\Tasks\AdobeAAMUpdater-1.0-SANTI-Santi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {75C30A3C-6AC7-4A32-9BD9-8178E8E020B5} - System32\Tasks\{472863B6-13DE-44A4-BAB8-312D127139BD} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/6.2.0.106/es/abandoninstall?source=lightinstaller&page=tsInstall
Task: {782E6FD9-4B82-4681-B2F0-4D69D5C6F67E} - \WPD\SqmUpload_S-1-5-21-1380135985-2673685752-3878894861-1001 -> No File <==== ATTENTION
Task: {7FA1ED39-E9B1-400B-B109-E398AD42DEA0} - System32\Tasks\{E99BF826-2C93-FBAE-3C64-CCBA227B8812} => C:\Users\CARLOS\AppData\Local\xKyAUNE.exe
Task: {85195F64-848E-46BE-BBC9-CB0E4F417CE3} - System32\Tasks\{EF5025B2-0FA0-4AAD-B444-1C02313CF04C} => C:\windows\system32\pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{993908C2-50E1-4CCB-9846-D663D340896C}
Task: {86FA2C3A-F129-4460-8F79-D9FD9F04461E} - System32\Tasks\YOAIsMzsbxkY => C:\Users\CARLOS\AppData\Roaming\YOAIsMzsbxkY.exe <==== ATTENTION
Task: {89F842C3-FE16-4C3F-9A3F-C713F15B7822} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {8AC4CBAA-04FC-45F5-8223-E73507CF731A} - System32\Tasks\{9ED14EEC-F443-4B6D-9D87-CBBBB5F82D8A} => C:\windows\system32\pcalua.exe -a D:\autorun.exe -d D:\
Task: {90C3B907-419D-4455-85CF-5EDAB406461D} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {941D7A5E-A571-4D8E-9F68-3654F14157BD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {96CAA543-C12B-47B4-BE0E-821D9BC37286} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {9DDF20BE-9177-4233-A5D8-5243DF51C71B} - System32\Tasks\{28542C32-3052-4480-9787-DCC04DD4304B} => C:\windows\system32\pcalua.exe -a E:\Setup.exe -d E:\
Task: {9EF5232D-91F3-4E3C-A3F8-DC9F1F2F2625} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\System32\NotificationUI.exe
Task: {A3EF8C08-574E-4446-A31D-0A9D0F9BE4FC} - System32\Tasks\EPSON XP-211 214 216 Series Update {F126981A-2314-4E2A-93CA-53BF623BD006} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {A84F077E-98CB-48F6-842B-99371F27E246} - System32\Tasks\{D7672155-1040-4166-952F-D89CEDBF3153} => C:\windows\system32\pcalua.exe -a D:\autorun.exe
Task: {AB3DB388-B6E2-4429-BAC8-1A119A074917} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SANTI-Santi Santi => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {B327D731-01CE-4372-BF32-FD8C95B1745D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C974E068-C74C-483E-B267-4CA602857DE0} - System32\Tasks\{6A1E1343-D44A-4551-A6F9-FDB80F295D9F} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/6.9.59.106/es/abandoninstall?page=tsProgressBar
Task: {CA04F4D2-FF61-457D-B04B-477BDA886DF2} - System32\Tasks\EPSON XP-211 214 216 Series Update {CCD030A0-F6A7-41FE-A3EE-5F351C414A00} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {D156705B-C79F-404B-A8F6-9C4C72E40027} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {D41E6A5F-3AE6-417D-8E68-80F1D0622506} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {D47240FC-23A9-4602-9E09-AD274394507A} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {E0AC1880-727B-4534-826D-F3EA85FB7372} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-15] (Adobe Systems Incorporated)
Task: {EA10C71E-E0F3-4485-A6F4-993E74E03484} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {EA866BD1-994A-4FA8-91C6-F985C42EE347} - System32\Tasks\AdobeGCInvoker-1.0-SANTI-Santi => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {EBF938FA-D723-4B4A-B1D2-B25EE3B9E600} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {F126981A-2314-4E2A-93CA-53BF623BD006} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {F4B37F58-089A-4DB2-BCEB-BFF08E07FB2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-06] (Google Inc.)
Task: {F5D600E3-350A-45E4-82D0-8F959D54DAFD} - System32\Tasks\{D84182F4-150B-0854-A78D-74B1D3AF2653} => C:\Users\CARLOS\AppData\Local\Tumo.exe
Task: {FFA3EAED-1BB4-4BB1-86FF-28A1AA4F3C04} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {CCD030A0-F6A7-41FE-A3EE-5F351C414A00} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Invitation {CCD030A0-F6A7-41FE-A3EE-5F351C414A00}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Invitation {F126981A-2314-4E2A-93CA-53BF623BD006}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Invitation {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Update {CCD030A0-F6A7-41FE-A3EE-5F351C414A00}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE:/EXE:{CCD030A0-F6A7-41FE-A3EE-5F351C414A00} /F:UpdateWORKGROUP\SANTI$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Update {F126981A-2314-4E2A-93CA-53BF623BD006}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE:/EXE:{F126981A-2314-4E2A-93CA-53BF623BD006} /F:UpdateWORKGROUP\SANTI$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Update {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE:/EXE:{FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE} /F:UpdateWORKGROUP\SANTI$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 10:41 - 2017-09-29 10:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-07 19:04 - 2017-03-07 19:04 - 000157456 _____ () C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
2014-02-05 13:57 - 2014-02-05 13:57 - 000066872 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2013-07-04 13:29 - 2013-05-12 14:16 - 000381096 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-07-04 13:29 - 2013-06-06 00:54 - 000518824 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-07-04 13:29 - 2013-06-06 00:53 - 000612008 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2018-04-09 20:29 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-09 20:29 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-08-14 03:48 - 2017-08-14 03:48 - 000491600 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2018-03-14 19:35 - 2018-02-21 21:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 19:35 - 2018-02-21 21:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-02 16:13 - 2017-12-02 16:13 - 003657624 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-12-02 16:13 - 2017-12-02 16:13 - 002470296 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2012-07-18 23:38 - 2012-07-18 23:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 23:38 - 2012-07-18 23:38 - 000049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 00:13 - 2012-08-14 00:13 - 000018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2012-08-04 20:01 - 2012-08-04 20:01 - 000213136 _____ () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
2011-08-12 19:57 - 2011-08-12 19:57 - 000437632 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2018-04-06 22:48 - 2018-03-20 03:00 - 002683224 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libglesv2.dll
2018-04-06 22:48 - 2018-03-20 03:00 - 000127832 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libegl.dll
2018-04-06 22:48 - 2018-03-20 03:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-04-06 22:48 - 2018-03-20 03:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-03-26 19:24 - 2018-03-26 19:25 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-26 19:24 - 2018-03-26 19:25 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-26 19:24 - 2018-03-26 19:25 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-26 19:24 - 2018-03-26 19:25 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\skypert.dll
2018-03-26 19:24 - 2018-03-26 19:24 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2012-11-16 11:00 - 2012-06-26 05:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [156]
AlternateDataStreams: C:\Users\CARLOS\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\CARLOS\AppData\Local\9SFZWfTPHD:DvZpua3pGCT7tpRsA2wnDkaztAy6 [1896]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\garmin.com -> hxxps://my.garmin.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 02:26 - 2018-04-11 16:58 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\CARLOS\Desktop\Stuff\Fotos\Wallpapers\wallpapers_hd_go4.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CDPSvc => 2
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\StartupFolder: => "GoPro Importer.lnk"
HKLM\...\StartupApproved\Run: => "TSleepSrv"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Philips Device Listener"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "RVTProApp"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\StartupFolder: => "Enviar a OneNote.lnk"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "GarenaPlus"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "Pando Media Booster"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "MKLOL"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "MK LOL"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-1380135985-2673685752-3878894861-1001\...\StartupApproved\Run: => "OneDriveSetup"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
31-03-2018 15:19:06 Scheduled Checkpoint
06-04-2018 20:32:12 Eliminado Rhinoceros 5 (64-bit)
06-04-2018 20:33:28 Eliminado Rhinoceros 5
11-04-2018 00:08:02 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (04/11/2018 05:35:51 PM) (Source: DCOM) (EventID: 10010) (User: SANTI)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (04/11/2018 05:34:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Energy Server Service queencreek se cerró con el siguiente error: 
El flujo no es un flujo pequeño.
 
Error: (04/11/2018 05:34:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Energy Server Service queencreek se cerró con el siguiente error: 
El flujo no es un flujo pequeño.
 
Error: (04/11/2018 05:33:51 PM) (Source: DCOM) (EventID: 10010) (User: SANTI)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (04/11/2018 05:31:51 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: El servidor {9E175B68-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (04/11/2018 05:31:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Energy Server Service queencreek se cerró con el siguiente error: 
El flujo no es un flujo pequeño.
 
Error: (04/11/2018 05:30:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Energy Server Service queencreek se cerró con el siguiente error: 
El flujo no es un flujo pequeño.
 
Error: (04/11/2018 05:29:51 PM) (Source: DCOM) (EventID: 10010) (User: SANTI)
Description: El servidor {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} no se registró con DCOM dentro del tiempo de espera requerido.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 62%
Total physical RAM: 6033.95 MB
Available physical RAM: 2253.25 MB
Total Virtual: 6993.95 MB
Available Virtual: 3010.91 MB
 
==================== Drives ================================
 
Drive c: (TI10651700D) (Fixed) (Total:687.31 GB) (Free:170.48 GB) NTFS
Drive e: () (Removable) (Total:7.25 GB) (Free:7.24 GB) FAT32
 
\\?\Volume{22dc9396-ff52-11e1-a1b5-f3f27e95aba3}\ (System) (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
\\?\Volume{22dc939c-ff52-11e1-a1b5-f3f27e95aba3}\ () (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
\\?\Volume{e5ab442e-dde1-46de-9eed-1e562f8c15e4}\ () (Fixed) (Total:0.9 GB) (Free:0.47 GB) NTFS
\\?\Volume{260d824f-c8c0-4242-ad9c-04f1cd3b572e}\ (Recovery) (Fixed) (Total:9.61 GB) (Free:0.68 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Protective MBR) (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 
 
Thank you a lot!


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:15 PM

Posted 11 April 2018 - 08:09 PM

Intel QUEENCREEK, it is like a security for Intel, seems to be creating too many files. I will disable the utility. It does not appear to be malware, but it will fill-up your hard drive. Acrobat Reader is also creating print files. See if you can update to the latest version.
  • Highlight the entire content of the quote box below.

Start::
C:\WINDOWS\system32\default_error_stack*.txt
2018-03-23 14:57 - 2018-03-23 14:57 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Tempzxpsign5784121b5fcc9882
2018-03-23 14:55 - 2018-03-23 14:55 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Tempzxpsign286219933262f2a6
2018-03-23 14:55 - 2018-03-23 14:55 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Tempzxpsign10e6fc7b5769e3d2
Task: {7FA1ED39-E9B1-400B-B109-E398AD42DEA0} - System32\Tasks\{E99BF826-2C93-FBAE-3C64-CCBA227B8812} => C:\Users\CARLOS\AppData\Local\xKyAUNE.exe
Task: {F5D600E3-350A-45E4-82D0-8F959D54DAFD} - System32\Tasks\{D84182F4-150B-0854-A78D-74B1D3AF2653} => C:\Users\CARLOS\AppData\Local\Tumo.exe
C:\Users\CARLOS\AppData\Local\xKyAUNE.exe
C:\Users\CARLOS\AppData\Local\xKyAUNE.exe
C:\Users\CARLOS\AppData\Local\9SFZWfTPHD
Task: {6E99E421-6880-4F91-B000-BC1A74AF3B37} - System32\Tasks\veZb3rKDtZpUUQqQzbc => C:\Users\CARLOS\AppData\Roaming\veZb3rKDtZpUUQqQzbc.exe <==== ATTENTION
C:\Users\CARLOS\AppData\Roaming\veZb3rKDtZpUUQqQzbc.exe
C:\Windows\System32\Tasks\veZb3rKDtZpUUQqQzbc
Task: {782E6FD9-4B82-4681-B2F0-4D69D5C6F67E} - \WPD\SqmUpload_S-1-5-21-1380135985-2673685752-3878894861-1001 -> No File <==== ATTENTION
Task: {86FA2C3A-F129-4460-8F79-D9FD9F04461E} - System32\Tasks\YOAIsMzsbxkY => C:\Users\CARLOS\AppData\Roaming\YOAIsMzsbxkY.exe <==== ATTENTION
C:\Users\CARLOS\AppData\Roaming\YOAIsMzsbxkY.exe
C:\Windows\System32\Tasks\YOAIsMzsbxkY
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
Task: {782E6FD9-4B82-4681-B2F0-4D69D5C6F67E} - \WPD\SqmUpload_S-1-5-21-1380135985-2673685752-3878894861-1001 -> No File <==== ATTENTION
2018-04-06 21:06 - 2018-04-06 21:06 - 015333312 _____ (Piriform Ltd) C:\Users\CARLOS\Downloads\4a7d68fe-3710-4d33-9a5b-6655616f43b0.tmp
2018-04-06 21:05 - 2018-04-06 21:06 - 008222496 _____ (Malwarebytes) C:\Users\CARLOS\Downloads\9bd81cbc-9c90-4ab8-bf7e-c850d98ca3c0.tmp
2018-04-06 21:05 - 2018-04-06 21:06 - 003932181 _____ C:\Users\CARLOS\Downloads\6668c332-6402-4a6d-a392-7a8896a76b13.tmp
Task: {D47240FC-23A9-4602-9E09-AD274394507A} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe [157456 2017-03-07] ()
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

Edited by JSntgRvr, 11 April 2018 - 08:10 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Santibuduba

Santibuduba
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 11 April 2018 - 09:21 PM

Thank you, here are the logs!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Santi (11-04-2018 22:09:40) Run:2
Running from E:\
Loaded Profiles: Santi (Available Profiles: Santi)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\WINDOWS\system32\default_error_stack*.txt
2018-03-23 14:57 - 2018-03-23 14:57 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Tempzxpsign5784121b5fcc9882
2018-03-23 14:55 - 2018-03-23 14:55 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Tempzxpsign286219933262f2a6
2018-03-23 14:55 - 2018-03-23 14:55 - 000000000 ____D C:\Users\CARLOS\AppData\Local\Tempzxpsign10e6fc7b5769e3d2
Task: {7FA1ED39-E9B1-400B-B109-E398AD42DEA0} - System32\Tasks\{E99BF826-2C93-FBAE-3C64-CCBA227B8812} => C:\Users\CARLOS\AppData\Local\xKyAUNE.exe
Task: {F5D600E3-350A-45E4-82D0-8F959D54DAFD} - System32\Tasks\{D84182F4-150B-0854-A78D-74B1D3AF2653} => C:\Users\CARLOS\AppData\Local\Tumo.exe
C:\Users\CARLOS\AppData\Local\xKyAUNE.exe
C:\Users\CARLOS\AppData\Local\xKyAUNE.exe
C:\Users\CARLOS\AppData\Local\9SFZWfTPHD
Task: {6E99E421-6880-4F91-B000-BC1A74AF3B37} - System32\Tasks\veZb3rKDtZpUUQqQzbc => C:\Users\CARLOS\AppData\Roaming\veZb3rKDtZpUUQqQzbc.exe <==== ATTENTION
C:\Users\CARLOS\AppData\Roaming\veZb3rKDtZpUUQqQzbc.exe
C:\Windows\System32\Tasks\veZb3rKDtZpUUQqQzbc
Task: {782E6FD9-4B82-4681-B2F0-4D69D5C6F67E} - \WPD\SqmUpload_S-1-5-21-1380135985-2673685752-3878894861-1001 -> No File <==== ATTENTION
Task: {86FA2C3A-F129-4460-8F79-D9FD9F04461E} - System32\Tasks\YOAIsMzsbxkY => C:\Users\CARLOS\AppData\Roaming\YOAIsMzsbxkY.exe <==== ATTENTION
C:\Users\CARLOS\AppData\Roaming\YOAIsMzsbxkY.exe
C:\Windows\System32\Tasks\YOAIsMzsbxkY
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
Task: {782E6FD9-4B82-4681-B2F0-4D69D5C6F67E} - \WPD\SqmUpload_S-1-5-21-1380135985-2673685752-3878894861-1001 -> No File <==== ATTENTION
2018-04-06 21:06 - 2018-04-06 21:06 - 015333312 _____ (Piriform Ltd) C:\Users\CARLOS\Downloads\4a7d68fe-3710-4d33-9a5b-6655616f43b0.tmp
2018-04-06 21:05 - 2018-04-06 21:06 - 008222496 _____ (Malwarebytes) C:\Users\CARLOS\Downloads\9bd81cbc-9c90-4ab8-bf7e-c850d98ca3c0.tmp
2018-04-06 21:05 - 2018-04-06 21:06 - 003932181 _____ C:\Users\CARLOS\Downloads\6668c332-6402-4a6d-a392-7a8896a76b13.tmp
Task: {D47240FC-23A9-4602-9E09-AD274394507A} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe [157456 2017-03-07] ()
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
Reboot:
 
*****************
 
 
=========== "C:\WINDOWS\system32\default_error_stack*.txt" ==========
 
C:\WINDOWS\system32\default_error_stack-000365-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000366-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000367-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000368-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000369-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000370-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000371-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000372-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000373-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000374-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000375-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000376-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000377-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000378-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000379-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000380-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000381-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000382-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000383-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000384-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000385-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000386-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000387-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000388-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000389-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000390-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000391-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000392-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000393-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000394-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000395-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000396-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000397-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000398-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000399-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000400-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000401-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000402-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000403-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000404-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000405-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000406-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000407-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000408-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000409-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000410-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000411-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000412-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000413-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000414-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000415-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000416-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000417-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000418-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000419-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000420-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000421-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000422-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000423-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000424-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000425-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000426-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000427-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000428-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000429-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000430-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000431-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000432-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000433-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000434-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000435-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000436-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000437-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000438-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000439-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000440-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000441-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000442-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000443-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000444-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000445-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000446-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000447-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000448-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000449-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000450-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000451-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000452-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000453-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000454-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000455-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000456-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000457-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000458-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000459-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000460-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000461-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000462-000000.txt => moved successfully
 
========= End -> "C:\WINDOWS\system32\default_error_stack*.txt" ========
 
C:\Users\CARLOS\AppData\Local\Tempzxpsign5784121b5fcc9882 => moved successfully
C:\Users\CARLOS\AppData\Local\Tempzxpsign286219933262f2a6 => moved successfully
C:\Users\CARLOS\AppData\Local\Tempzxpsign10e6fc7b5769e3d2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7FA1ED39-E9B1-400B-B109-E398AD42DEA0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FA1ED39-E9B1-400B-B109-E398AD42DEA0}" => removed successfully
C:\WINDOWS\System32\Tasks\{E99BF826-2C93-FBAE-3C64-CCBA227B8812} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E99BF826-2C93-FBAE-3C64-CCBA227B8812}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5D600E3-350A-45E4-82D0-8F959D54DAFD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5D600E3-350A-45E4-82D0-8F959D54DAFD}" => removed successfully
C:\WINDOWS\System32\Tasks\{D84182F4-150B-0854-A78D-74B1D3AF2653} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D84182F4-150B-0854-A78D-74B1D3AF2653}" => removed successfully
"C:\Users\CARLOS\AppData\Local\xKyAUNE.exe" => not found
"C:\Users\CARLOS\AppData\Local\xKyAUNE.exe" => not found
C:\Users\CARLOS\AppData\Local\9SFZWfTPHD => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E99E421-6880-4F91-B000-BC1A74AF3B37}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E99E421-6880-4F91-B000-BC1A74AF3B37}" => removed successfully
C:\WINDOWS\System32\Tasks\veZb3rKDtZpUUQqQzbc => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\veZb3rKDtZpUUQqQzbc" => removed successfully
"C:\Users\CARLOS\AppData\Roaming\veZb3rKDtZpUUQqQzbc.exe" => not found
"C:\Windows\System32\Tasks\veZb3rKDtZpUUQqQzbc" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{782E6FD9-4B82-4681-B2F0-4D69D5C6F67E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{782E6FD9-4B82-4681-B2F0-4D69D5C6F67E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1380135985-2673685752-3878894861-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{86FA2C3A-F129-4460-8F79-D9FD9F04461E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86FA2C3A-F129-4460-8F79-D9FD9F04461E}" => removed successfully
C:\WINDOWS\System32\Tasks\YOAIsMzsbxkY => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YOAIsMzsbxkY" => removed successfully
"C:\Users\CARLOS\AppData\Roaming\YOAIsMzsbxkY.exe" => not found
"C:\Windows\System32\Tasks\YOAIsMzsbxkY" => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{782E6FD9-4B82-4681-B2F0-4D69D5C6F67E} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1380135985-2673685752-3878894861-1001 => could not remove. Access Denied.
C:\Users\CARLOS\Downloads\4a7d68fe-3710-4d33-9a5b-6655616f43b0.tmp => moved successfully
C:\Users\CARLOS\Downloads\9bd81cbc-9c90-4ab8-bf7e-c850d98ca3c0.tmp => moved successfully
C:\Users\CARLOS\Downloads\6668c332-6402-4a6d-a392-7a8896a76b13.tmp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D47240FC-23A9-4602-9E09-AD274394507A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D47240FC-23A9-4602-9E09-AD274394507A}" => removed successfully
C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\USER_ESRV_SVC_QUEENCREEK" => removed successfully
"HKLM\System\CurrentControlSet\Services\ESRV_SVC_QUEENCREEK" => removed successfully
ESRV_SVC_QUEENCREEK => service removed successfully
"HKLM\System\CurrentControlSet\Services\SystemUsageReportSvc_QUEENCREEK" => removed successfully
SystemUsageReportSvc_QUEENCREEK => service removed successfully
"HKLM\System\CurrentControlSet\Services\USER_ESRV_SVC_QUEENCREEK" => removed successfully
USER_ESRV_SVC_QUEENCREEK => service removed successfully
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-04-2018 22:12:25)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{782E6FD9-4B82-4681-B2F0-4D69D5C6F67E} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1380135985-2673685752-3878894861-1001 => could not remove. Access Denied.
 
==== End of Fixlog 22:12:25 ====
 
 
 
And here the other 2!


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:15 PM

Posted 11 April 2018 - 09:39 PM

The other two are not present.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Santibuduba

Santibuduba
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 11 April 2018 - 10:03 PM

Sorry, i couldnt copy them, adwcleaner didnt detect anything. Heres rogue killer log.

RogueKiller V12.12.12.0 (x64) [Apr  9 2018] (Gratuito) por Adlice Software
Realimentación : https://forum.adlice.com
 
Sistema Operativo : Windows 10 (10.0.16299) 64 bits version
Comenzado en : Modo Normal
Usuario : Santi [Administrador]
Iniciado desde : C:\Users\CARLOS\Downloads\RogueKiller_portable64.exe
Modo : Borrar -- Fecha : 04/11/2018 22:36:39 (Duración : 01:13:39)
 
¤¤¤ Procesos : 0 ¤¤¤
 
¤¤¤ Registro : 5 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1380135985-2673685752-3878894861-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1380135985-2673685752-3878894861-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1380135985-2673685752-3878894861-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Reemplazado (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1380135985-2673685752-3878894861-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Reemplazado (1)
 
¤¤¤ Tareas : 2 ¤¤¤
[Hj.Shortcut] \{472863B6-13DE-44A4-BAB8-312D127139BD} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/6.2.0.106/es/abandoninstall?source=lightinstaller&page=tsInstall) -> Borrado
[Hj.Shortcut] \{6A1E1343-D44A-4551-A6F9-FDB80F295D9F} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://ui.skype.com/ui/0/6.9.59.106/es/abandoninstall?page=tsProgressBar) -> Borrado
 
¤¤¤ Archivos : 19 ¤¤¤
[Tr.DaService][Carpeta] C:\ProgramData\dahjService -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Borrado
[PUP.uTorrentAds][Archivo] C:\Users\CARLOS\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Borrado
[Tr.DaService][Carpeta] C:\ProgramData\dahjService -> ERROR [3]
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Archivo Hosts : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Cargado) ¤¤¤
 
¤¤¤ Exploradores Web : 0 ¤¤¤
 
¤¤¤ Comprobacion MBR : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - Basic data partition | Offset (sectors): 923648 | Size: 260 MB
2 - Basic data partition | Offset (sectors): 1456128 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1718272 | Size: 703802 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1443106816 | Size: 925 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1445003264 | Size: 9836 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] dadd64aa9be005d6cef701909ab109ea
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 7437 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Solicitud no compatible. )


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:15 PM

Posted 11 April 2018 - 10:24 PM

How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Santibuduba

Santibuduba
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 12 April 2018 - 08:37 PM

Pretty good actually, thank you! The only thing that concerns me, is that with google chrome only opened, the task manager, shows that 70% of the memory is being used...



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:15 PM

Posted 13 April 2018 - 12:15 AM

That may be due to applications running in the background. Run Msconfig, (For information click here.)

  1. From the taskbar, search System Configuration.
  2. Select the top result, System Configuration desktop app.
  3. Select the startup tab
  4. Deselect the programs you need not to run in the background

Most entries in the startup tab are also available throughout the Start Menu. That will be helpful as you will only activate the program only if needed. Antimalware protection should always be active.

 

In addition of the programs in the configuration system, there are task that also run in the background. These are mostly programs that look for software updates automatically. Among these are:

 

C:\WINDOWS\System32\Tasks\CCleaner Update
C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
C:\WINDOWS\System32\Tasks\{E99BF826-2C93-FBAE-3C64-CCBA227B8812}
C:\WINDOWS\System32\Tasks\{D84182F4-150B-0854-A78D-74B1D3AF2653}
Task: {19022932-6CBC-45F2-A0B1-0E658EA8AA00} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {62EA05AA-4B0B-4732-BD52-56EF8523A835} - System32\Tasks\EPSON XP-211 214 216 Series Update {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {90C3B907-419D-4455-85CF-5EDAB406461D} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {A3EF8C08-574E-4446-A31D-0A9D0F9BE4FC} - System32\Tasks\EPSON XP-211 214 216 Series Update {F126981A-2314-4E2A-93CA-53BF623BD006} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {CA04F4D2-FF61-457D-B04B-477BDA886DF2} - System32\Tasks\EPSON XP-211 214 216 Series Update {CCD030A0-F6A7-41FE-A3EE-5F351C414A00} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {EBF938FA-D723-4B4A-B1D2-B25EE3B9E600} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {F126981A-2314-4E2A-93CA-53BF623BD006} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {FFA3EAED-1BB4-4BB1-86FF-28A1AA4F3C04} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {CCD030A0-F6A7-41FE-A3EE-5F351C414A00} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {2039F255-AD1A-4AB3-9C4B-904CBEF6089E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-15] (Adobe Systems Incorporated)
Task: {21B3EDAD-FC12-4970-B7C7-3511390E9BD8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {73260907-06DD-4A3C-9DDB-468F7B709AA9} - System32\Tasks\AdobeAAMUpdater-1.0-SANTI-Santi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {E0AC1880-727B-4534-826D-F3EA85FB7372} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-15] (Adobe Systems Incorporated)
Task: {EA866BD1-994A-4FA8-91C6-F985C42EE347} - System32\Tasks\AdobeGCInvoker-1.0-SANTI-Santi => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {5E00DB4E-1AA1-48B8-B6F6-0ED330447B4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-06] (Google Inc.)
Task: {F4B37F58-089A-4DB2-BCEB-BFF08E07FB2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-06] (Google Inc.)

 

I can help you remove those if you wish.

 

Let me know.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:15 PM

Posted 15 April 2018 - 02:37 PM

How is it doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 Santibuduba

Santibuduba
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 17 April 2018 - 03:15 PM

Hey thank you for all the help, and sorry for the late response! Yeah, i think that we could disable some of the non needed proceses, only if those are not needed for the good and correct working of my pc hehe.

 

So guide me, on what to do please! 

 

And huge thank you for everything so far!!



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:15 PM

Posted 17 April 2018 - 03:40 PM

  • Highlight the entire content of the quote box below.

Start::
C:\WINDOWS\System32\Tasks\CCleaner Update
C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
C:\WINDOWS\System32\Tasks\{E99BF826-2C93-FBAE-3C64-CCBA227B8812}
C:\WINDOWS\System32\Tasks\{D84182F4-150B-0854-A78D-74B1D3AF2653}
Task: {19022932-6CBC-45F2-A0B1-0E658EA8AA00} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {62EA05AA-4B0B-4732-BD52-56EF8523A835} - System32\Tasks\EPSON XP-211 214 216 Series Update {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {90C3B907-419D-4455-85CF-5EDAB406461D} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {FFF8FA78-183E-4CB9-893E-85AFA5D2E6DE} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {A3EF8C08-574E-4446-A31D-0A9D0F9BE4FC} - System32\Tasks\EPSON XP-211 214 216 Series Update {F126981A-2314-4E2A-93CA-53BF623BD006} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {CA04F4D2-FF61-457D-B04B-477BDA886DF2} - System32\Tasks\EPSON XP-211 214 216 Series Update {CCD030A0-F6A7-41FE-A3EE-5F351C414A00} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {EBF938FA-D723-4B4A-B1D2-B25EE3B9E600} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {F126981A-2314-4E2A-93CA-53BF623BD006} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {FFA3EAED-1BB4-4BB1-86FF-28A1AA4F3C04} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {CCD030A0-F6A7-41FE-A3EE-5F351C414A00} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {2039F255-AD1A-4AB3-9C4B-904CBEF6089E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-15] (Adobe Systems Incorporated)
Task: {21B3EDAD-FC12-4970-B7C7-3511390E9BD8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {73260907-06DD-4A3C-9DDB-468F7B709AA9} - System32\Tasks\AdobeAAMUpdater-1.0-SANTI-Santi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {E0AC1880-727B-4534-826D-F3EA85FB7372} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-15] (Adobe Systems Incorporated)
Task: {EA866BD1-994A-4FA8-91C6-F985C42EE347} - System32\Tasks\AdobeGCInvoker-1.0-SANTI-Santi => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {5E00DB4E-1AA1-48B8-B6F6-0ED330447B4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-06] (Google Inc.)
Task: {F4B37F58-089A-4DB2-BCEB-BFF08E07FB2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-06] (Google Inc.)
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Restart and test.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users