Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    German authorities identify REvil and GangCrab ransomware bosses

Featured Deal: Protect up to 9 devices from ads and tracking for just $16 in this AdGuard deal

Latest Buyer's Guide:     Best VPNs in 2025

Generic User Avatar

reCaptcha and some pages not working after Windows update

Started by avatarRD , Apr 30 2021 08:39 PM

  • This topic is locked This topic is locked
38 replies to this topic

#1 avatarRD

avatarRD

  • Avatar image
  • Members
  • 20 posts
  • OFFLINE
    •  
  • Local time:08:46 PM

Posted 30 April 2021 - 08:39 PM

Hello! :bounce:  Long time i don't visit this forum. I didn't have problems with my computer in years but now ... well, i'm here for that :whistle:

 

First of all, thanks for visit my topic, i hope you can help me with this (please :smash: ) and hope this could help someone with the same problem.

 

The day before yesterday i had 2 updates. I don't remember if it was a about windows shell.. i don't remember... but it was a popup i had for weeks but i always ignored it. I restarted my computer, everything was ok.
Then at night Windows show me a pendent update to download and install (from Update & Security window) so i download it and install it. I let the computer to turn off while it install the updates.

 

Yesterday i notice when i visited bing.com, the browser showed me an alert about it is an insecure site and i can't visit it (the classic red message when a website have problems with its ssl certificate or when the site was hacked). So i tried to visit it with another browser but i had the same problem with all browsers i have.

I visited google.com, the first page was ok but if i want to search something, first i have to complete a captcha to display the results of my search. That's normal because i use a VPN and sometimes Google show me a captcha to proceed, BUT this time the captcha was not working, it showed me it had problems to connect and it had to reload again or check my connection.

 

I tried with all the browsers i have or with the VPN turned off but the problem is the same, i can't visit bing.com or use captchas (at least google captcha, i don't know about other captchas). I don't know if i have other problems with the computer or just those 2 problems.
 

I have Avast and Malwarebytes installed. Avast found 2 false positive files with adware and malwarebytes didn't found problems. I downloaded Kaspersky and it found more files with possible adware in Mipony (is a software similar to JDownloader) but it didn't found virus or malware.

This is the FRST.txt file

 

==== FRST.txt ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by YPC3 (administrator) on DESKTOP-D3T0P4H (01-05-2021 09:52:15)
Running from C:\Users\LAPC\Desktop\# UNO
Loaded Profiles: YPC3
Platform: Windows 10 Pro Version 20H2 19042.964 (X64) Language: Español (España, internacional)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.42\atkexComSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\lightway.exe
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Flexera Software LLC -> InstallShield Software Corporation) [File not signed] C:\Program Files (x86)\Common Files\InstallShield\engine\8\intel 32\iKernel.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avpui.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mega Limited -> Mega Limited) C:\Users\LAPC\AppData\Local\MEGAsync\MEGAsync.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_db8f2c8fbddb2235\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc. -> VMware, Inc.) E:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [118496 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-05-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13059536 2019-10-17] (Comodo Security Solutions -> COMODO)
HKLM\...\Run: [ctfmon] => C:\Windows\system32\CTFMON.EXE [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [455872 2020-02-09] (Power Software Limited -> Power Software Ltd)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779440 2021-04-17] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [3085336 2020-09-29] (Opera Software AS -> Opera Software)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-03-23] (Adobe Inc. -> )
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [370032 2021-04-07] (EXPRSVPN LLC -> ExpressVPN)
HKU\S-1-5-21-2978707418-1059251124-2781032210-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33169992 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2978707418-1059251124-2781032210-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [680720 2021-04-17] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2978707418-1059251124-2781032210-1001\...\Run: [GUDelayStartup] => E:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44360 2021-03-12] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-2978707418-1059251124-2781032210-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [850288 2021-04-07] (EXPRSVPN LLC -> ExpressVPN)
HKLM\Software\...\AppCompatFlags\Custom\Audition.exe: [{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb] -> Adobe Audition 3.0 Vista Compatibility
HKLM\Software\...\AppCompatFlags\InstalledSDB\{75d2897c-87aa-4a06-8710-3ebda9f02de0}: [DatabasePath] -> C:\Windows\AppPatch\CustomSDB\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb [2007-10-10]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-26] (Google LLC -> Google LLC)
Startup: C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2020-04-09]
ShortcutTarget: MEGAsync.lnk -> C:\Users\LAPC\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
GroupPolicy: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2092D4C2-6213-4011-B598-A0F186F4A712} - System32\Tasks\Optimize Thumbnail Cache => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\isupdate.exe [61104 2020-09-26] (Flexera Software LLC -> InstallShield®) [File not signed]
Task: {45C32605-B554-4DC3-BC04-D41C7072DF55} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {47FE1823-EB10-479F-825B-D15EF75B22EB} - System32\Tasks\Opera scheduled Autoupdate 1585530584 => C:\Program Files\Opera\launcher.exe [1886872 2021-04-26] (Opera Software AS -> Opera Software)
Task: {92285476-3B36-4D5B-A3FC-7CF0531F8F0E} - System32\Tasks\InstallShield® Setup Engine Kernel => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\iKernel.exe [72880 2020-10-16] (Flexera Software LLC -> InstallShield Software Corporation) [File not signed]
Task: {A0321AE8-E2E6-48F3-B64A-C1144C31C342} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-04-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {EEF5FE25-996A-43A4-912F-EDEDAD565360} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
Task: {F7CC6730-B700-40AC-8FFF-A18A6C48723F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4699872 2021-04-29] (Avast Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/
AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:86/
AutoConfigURL: [{1C5A8DD3-4F41-4B45-910B-D3D379B045D4}] => hxxp://127.0.0.1:86/
Tcpip\..\Interfaces\{6969822e-f1cb-4d67-838f-1a1c977fb48a}: [NameServer] 10.191.0.1
Tcpip\..\Interfaces\{a339757e-bd6d-4978-b38c-8e58120c62b5}: [DhcpNameServer] 192.168.1.1 0.0.0.0
ManualProxies: 0hxxp://127.0.0.1:86/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
DownloadDir: C:\Users\LAPC\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\LAPC\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-30]
Edge DownloadDir: C:\Users\LAPC\Desktop
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\LAPC\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-04-16]
Edge HKU\S-1-5-21-2978707418-1059251124-2781032210-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Edge HKLM-x32\...\Edge\Extension: [kajikgogckeajjplomldcempamhidmcc]

FireFox:
========
FF DefaultProfile: 2n0229u0.default
FF ProfilePath: C:\Users\LAPC\AppData\Roaming\Mozilla\Firefox\Profiles\2jrogmyn.dev-edition-default [2021-04-30]
FF DownloadDir: C:\Users\LAPC\Desktop
FF Homepage: Mozilla\Firefox\Profiles\2jrogmyn.dev-edition-default -> hxxps://www.google.com/
FF Extension: (Wappalyzer) - C:\Users\LAPC\AppData\Roaming\Mozilla\Firefox\Profiles\2jrogmyn.dev-edition-default\Extensions\wappalyzer@crunchlabz.com.xpi [2021-04-29]
FF ProfilePath: C:\Users\LAPC\AppData\Roaming\Mozilla\Firefox\Profiles\2n0229u0.default [2020-05-14]
FF ProfilePath: C:\Users\LAPC\AppData\Roaming\Mozilla\Firefox\Profiles\kygu7gmx.default-release [2021-05-01]
FF Homepage: Mozilla\Firefox\Profiles\kygu7gmx.default-release -> hxxps://www.google.com/
FF Extension: (Canvas Defender) - C:\Users\LAPC\AppData\Roaming\Mozilla\Firefox\Profiles\kygu7gmx.default-release\Extensions\@canvas-shadow.xpi [2020-05-14]
FF Extension: (Facebook Container) - C:\Users\LAPC\AppData\Roaming\Mozilla\Firefox\Profiles\kygu7gmx.default-release\Extensions\@contain-facebook.xpi [2020-09-29]
FF Extension: (English United States Dictionary) - C:\Users\LAPC\AppData\Roaming\Mozilla\Firefox\Profiles\kygu7gmx.default-release\Extensions\@unitedstatesenglishdictionary.xpi [2020-10-11]
FF Extension: (AdNauseam) - C:\Users\LAPC\AppData\Roaming\Mozilla\Firefox\Profiles\kygu7gmx.default-release\Extensions\adnauseam@rednoise.org.xpi [2020-05-31]
FF Extension: (Ghostery – Bloqueador de anuncios para privacidad) - C:\Users\LAPC\AppData\Roaming\Mozilla\Firefox\Profiles\kygu7gmx.default-release\Extensions\firefox@ghostery.com.xpi [2021-03-02]
FF Extension: (English (US) Language Pack) - C:\Users\LAPC\AppData\Roaming\Mozilla\Firefox\Profiles\kygu7gmx.default-release\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2021-04-21]
FF Extension: (Japanese Language Pack) - C:\Users\LAPC\AppData\Roaming\Mozilla\Firefox\Profiles\kygu7gmx.default-release\Extensions\langpack-ja@firefox.mozilla.org.xpi [2021-04-21]
FF Extension: (Firefox Relay) - C:\Users\LAPC\AppData\Roaming\Mozilla\Firefox\Profiles\kygu7gmx.default-release\Extensions\private-relay@firefox.com.xpi [2021-02-04]
FF Extension: (TrackMeNot) - C:\Users\LAPC\AppData\Roaming\Mozilla\Firefox\Profiles\kygu7gmx.default-release\Extensions\trackmenot@mrl.nyu.edu.xpi [2020-05-31]
FF Extension: (Wappalyzer) - C:\Users\LAPC\AppData\Roaming\Mozilla\Firefox\Profiles\kygu7gmx.default-release\Extensions\wappalyzer@crunchlabz.com.xpi [2021-04-29]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\LAPC\AppData\Roaming\Mozilla\Firefox\Profiles\kygu7gmx.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-04-16]
FF Extension: (No Name) - C:\Users\LAPC\AppData\Roaming\Mozilla\Firefox\Profiles\kygu7gmx.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-01-29]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_433.dll [2020-09-15] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-04-17] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-09-15] (Adobe Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-04-17] (Adobe Inc. -> Adobe Systems)
StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2021-04-30] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2021-04-30] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\LAPC\AppData\Local\Google\Chrome\User Data\Default [2021-04-30]
CHR DownloadDir: C:\Users\LAPC\Desktop
CHR Extension: (Presentaciones) - C:\Users\LAPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-27]
CHR Extension: (Documentos) - C:\Users\LAPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-27]
CHR Extension: (Google Drive) - C:\Users\LAPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\LAPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-27]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\LAPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-28]
CHR Extension: (Hojas de cálculo) - C:\Users\LAPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-27]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\LAPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-15]
CHR Extension: (Wappalyzer) - C:\Users\LAPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2021-04-29]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\LAPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-04-16]
CHR Extension: (Ghostery – Bloqueador de anuncios para privacidad) - C:\Users\LAPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2021-03-02]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\LAPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\LAPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\LAPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-26]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\LAPC\AppData\Roaming\Opera Software\Opera Stable [2021-04-30]
OPR DownloadDir: C:\Users\LAPC\Desktop
OPR StartupUrls: Opera Stable -> "hxxps://www.google.com/"
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\LAPC\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-04-29]
OPR Extension: (Bookmarks Import & Export) - C:\Users\LAPC\AppData\Roaming\Opera Software\Opera Stable\Extensions\omhcddilnfoiiplehpjihipcocdplljn [2020-04-09]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2020-03-27] (Adobe Systems) [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842416 2021-04-17] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.42\atkexComSvc.exe [442416 2019-09-03] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7894040 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [606944 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [356064 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56920 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avp.exe [384280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437104 2021-04-07] (EXPRSVPN LLC -> ExpressVPN)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-12-11] (NVIDIA Corporation -> NVIDIA)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-16] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 VMAuthdService; E:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [99376 2020-11-17] (VMware, Inc. -> VMware, Inc.)
S3 wampapache64; c:\wamp64\bin\apache\apache2.4.41\bin\httpd.exe [29696 2019-08-09] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp64\bin\mysql\mysql8.0.18\bin\mysqld.exe [48781920 2019-09-20] (Oracle America, Inc. -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_db8f2c8fbddb2235\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_db8f2c8fbddb2235\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33832 2019-04-09] (ASUSTeK Computer Inc. -> )
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35664 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [212192 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [365024 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250336 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99288 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17352 2021-04-29] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41296 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [180448 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522384 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107792 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82872 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850632 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467720 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215352 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326992 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [34744 2019-02-18] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2019-04-12] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows ® Codename Longhorn DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-03-30] (Malwarebytes Inc -> Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2021-04-07] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpnwintun; C:\WINDOWS\System32\drivers\expressvpn-wintun.sys [38224 2020-11-27] (Express VPN International Ltd. -> ExpressVPN)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [30720 2021-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Glarysoft Ltd)
R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [657696 2021-03-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1400600 2021-03-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [245304 2021-04-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [96008 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [263888 2021-04-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [309104 2021-04-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [115744 2021-04-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [224880 2021-04-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-04-29] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-04-30] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-04-30] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-04-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-04-30] (Malwarebytes Inc -> Malwarebytes)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [44304 2020-03-23] (ExprsVPN LLC -> The OpenVPN Project)
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [60344 2020-11-17] (VMware, Inc. -> VMware, Inc.)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [68544 2020-11-17] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [105912 2020-08-11] (VMware, Inc. -> VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-30 19:15 - 2021-05-01 09:52 - 000000000 ____D C:\FRST
2021-04-30 19:14 - 2021-05-01 09:52 - 000000000 ____D C:\Users\LAPC\Desktop\# UNO
2021-04-30 18:49 - 2021-04-30 18:49 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-04-30 18:49 - 2021-04-30 18:49 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-04-30 18:49 - 2021-04-30 18:49 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-04-30 18:48 - 2021-04-30 18:51 - 000000000 ____D C:\AdwCleaner
2021-04-30 18:33 - 2021-04-30 18:33 - 008534696 _____ (Malwarebytes) C:\Users\LAPC\Desktop\adwcleaner_8.2.exe
2021-04-30 18:31 - 2021-04-30 18:31 - 000002884 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-04-30 18:21 - 2021-04-30 18:21 - 000089457 _____ C:\Users\LAPC\Desktop\hosts.zip
2021-04-30 14:51 - 2021-04-30 14:51 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-04-30 14:50 - 2021-04-30 14:50 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-04-30 14:50 - 2021-04-30 14:50 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-04-30 14:50 - 2021-04-30 14:50 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-04-30 14:50 - 2021-04-30 14:50 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-04-30 14:50 - 2021-04-30 14:50 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-04-30 14:50 - 2021-04-30 14:50 - 000153600 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-04-30 14:50 - 2021-04-30 14:50 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-30 14:49 - 2021-04-30 14:49 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-30 14:49 - 2021-04-30 14:49 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-04-30 14:49 - 2021-04-30 14:49 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-04-30 14:49 - 2021-04-30 14:49 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-04-30 14:48 - 2021-04-30 14:48 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-04-30 14:48 - 2021-04-30 14:48 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-04-29 23:56 - 2021-04-29 23:56 - 000309104 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2021-04-29 23:53 - 2021-04-29 23:53 - 000000000 ____D C:\Program Files\Common Files\AV
2021-04-29 23:52 - 2021-04-30 18:43 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-04-29 23:52 - 2021-04-30 18:43 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2021-04-29 23:52 - 2021-04-29 23:52 - 000263888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2021-04-29 23:52 - 2021-04-29 23:52 - 000224880 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2021-04-29 23:52 - 2021-04-29 23:52 - 000115744 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2021-04-29 23:52 - 2021-04-29 23:52 - 000002150 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2021-04-29 23:52 - 2021-04-29 23:52 - 000002150 _____ C:\ProgramData\Desktop\Kaspersky Anti-Virus.lnk
2021-04-29 23:52 - 2021-04-29 23:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2021-04-29 23:52 - 2021-02-19 21:09 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2021-04-29 23:52 - 2021-02-19 21:08 - 001042712 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2021-04-29 23:52 - 2021-02-19 21:08 - 000514840 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2021-04-29 23:30 - 2021-04-29 23:30 - 002765200 _____ (Kaspersky) C:\Users\LAPC\Desktop\kav21.3.10.391es_25611.exe
2021-04-29 17:13 - 2021-04-29 17:13 - 000008660 _____ C:\Users\LAPC\.bash_history
2021-04-29 16:43 - 2021-04-29 16:43 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignec5c7d73d2ebf726
2021-04-29 16:43 - 2021-04-29 16:43 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign5599c53cdbc089d4
2021-04-29 16:35 - 2021-04-29 16:35 - 000000000 ___DL C:\Program Files\nodejs
2021-04-29 11:18 - 2021-04-30 07:19 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-04-29 11:18 - 2021-04-29 11:18 - 000339680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-04-29 11:18 - 2021-04-29 11:18 - 000215352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-04-29 08:50 - 2021-04-29 23:49 - 000003300 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1585530584
2021-04-28 18:00 - 2021-04-29 23:49 - 000003580 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-28 18:00 - 2021-04-29 23:49 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d735978ec61870
2021-04-28 17:55 - 2021-04-29 23:49 - 000002560 _____ C:\WINDOWS\system32\Tasks\InstallShield® Setup Engine Kernel
2021-04-27 16:09 - 2021-04-27 16:09 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignee557e8a0eea052d
2021-04-27 14:10 - 2021-04-27 14:10 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignb5668fac1289089f
2021-04-27 10:15 - 2021-04-27 10:15 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign149160c4e5bb8830
2021-04-27 10:12 - 2021-04-27 10:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignc2cc468ae48cd25a
2021-04-27 10:12 - 2021-04-27 10:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignab7453ee49a5a17a
2021-04-27 10:12 - 2021-04-27 10:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign7088d5d792253d59
2021-04-27 10:12 - 2021-04-27 10:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign6028a02c729ca397
2021-04-27 10:11 - 2021-04-27 10:11 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigna7476cf2898d7e7e
2021-04-27 10:11 - 2021-04-27 10:11 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign4afade2e2a026653
2021-04-27 10:05 - 2021-04-27 10:05 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign650de012317aa68a
2021-04-27 10:05 - 2021-04-27 10:05 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign4fe19451f31c6989
2021-04-27 10:05 - 2021-04-27 10:05 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign0bf3864f0bd81058
2021-04-27 09:30 - 2021-04-27 09:30 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign99a4a4460c6dec4c
2021-04-27 09:04 - 2021-04-27 09:04 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigneb663db6a8bb032c
2021-04-27 09:04 - 2021-04-27 09:04 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign4b30c9cd2914cc69
2021-04-27 09:04 - 2021-04-27 09:04 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign2be9fa5cb1515f10
2021-04-26 13:37 - 2021-04-26 13:37 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign93eb77bf46d2db4b
2021-04-26 13:36 - 2021-04-26 13:36 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign939541647a99d3c1
2021-04-26 13:32 - 2021-04-26 13:32 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign5ebc04d8ed828660
2021-04-26 13:02 - 2021-04-26 13:02 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignd034d3186591396d
2021-04-26 11:12 - 2021-04-26 11:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignac92544101bff369
2021-04-26 10:50 - 2021-04-26 10:50 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign35065bbc7661428e
2021-04-26 10:01 - 2021-04-26 10:01 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign10cfac3665ca3970
2021-04-26 10:00 - 2021-04-26 10:00 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigned6c8413599ecba7
2021-04-26 10:00 - 2021-04-26 10:00 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignc6037b3ea15a5678
2021-04-26 10:00 - 2021-04-26 10:00 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign40e5c76a447fa5bb
2021-04-26 08:41 - 2021-04-26 08:41 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigna209d15090dbf41e
2021-04-26 08:39 - 2021-04-26 08:39 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigne4e3136ed8414eae
2021-04-26 08:39 - 2021-04-26 08:39 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign0ceabe6ffb1c7d50
2021-04-25 15:49 - 2021-04-25 16:08 - 000000138 _____ C:\Users\LAPC\Desktop\dd.txt
2021-04-25 14:23 - 2019-10-15 13:50 - 000002060 _____ C:\WINDOWS\system32\noise.jpn
2021-04-23 16:47 - 2021-04-23 16:47 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignbedcc3bfcfc2ebf6
2021-04-23 16:35 - 2021-04-23 16:35 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign2cc7c0ec98fa50d2
2021-04-23 16:10 - 2021-04-23 16:10 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign6b59151372c0dd87
2021-04-23 15:52 - 2021-04-23 15:52 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignba024dfb83c4d041
2021-04-23 14:31 - 2021-04-23 14:31 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign156e221dd1b69bf5
2021-04-23 13:42 - 2021-04-23 13:42 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign0b492efb9c674698
2021-04-23 11:47 - 2021-04-23 11:47 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign6f381d7677afa754
2021-04-23 10:48 - 2021-04-23 10:48 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign24e0ddc7860ad33d
2021-04-23 09:44 - 2021-04-23 09:44 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign681d42a02cdd850d
2021-04-23 09:11 - 2021-04-23 09:11 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign43b8f4e6a954b9f2
2021-04-23 08:26 - 2021-04-23 08:26 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignfd3d7fbf1fdb3c5c
2021-04-23 08:26 - 2021-04-23 08:26 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigne0906b1e79c2fdf6
2021-04-22 13:10 - 2021-04-22 13:10 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignc1a00617028665f5
2021-04-22 13:10 - 2021-04-22 13:10 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign54acb7a6d381c0c4
2021-04-22 09:19 - 2021-04-22 09:19 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignb5b636b84b31b676
2021-04-22 09:19 - 2021-04-22 09:19 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign31cc986dccc898e2
2021-04-22 09:15 - 2021-04-22 09:15 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignf2d3c7fb8d9c7423
2021-04-22 09:15 - 2021-04-22 09:15 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign522696e2823edab9
2021-04-21 11:24 - 2021-04-21 11:24 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign1abcab488822c5a9
2021-04-21 11:24 - 2021-04-21 11:24 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign0ed1a5251172f241
2021-04-21 11:22 - 2021-04-21 11:22 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign8bdf4a703dc2755f
2021-04-21 11:22 - 2021-04-21 11:22 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign76879028606cbbe2
2021-04-20 13:13 - 2021-04-20 13:13 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignc835afa9bfd0389a
2021-04-20 13:13 - 2021-04-20 13:13 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign7124c54b4867f52d
2021-04-20 13:12 - 2021-04-20 13:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignc6fb065df5f61019
2021-04-20 13:12 - 2021-04-20 13:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign156805f5723450be
2021-04-20 13:06 - 2021-04-20 13:06 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignc56f8a978dd0bc6d
2021-04-20 13:06 - 2021-04-20 13:06 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign9ea2535fb6dad804
2021-04-20 12:46 - 2021-04-20 12:46 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigne73738a9d2409d33
2021-04-20 12:46 - 2021-04-20 12:46 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign342ffd92014fe629
2021-04-20 12:16 - 2021-04-20 12:16 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignc824ad3b4c50b35a
2021-04-20 12:16 - 2021-04-20 12:16 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign8a90141ceb7cb5da
2021-04-19 22:53 - 2021-04-19 22:53 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-04-19 22:51 - 2021-04-30 18:56 - 001771342 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-19 22:51 - 2021-04-19 22:51 - 000000020 ___SH C:\Users\LAPC\ntuser.ini
2021-04-19 22:48 - 2021-04-30 18:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-19 22:48 - 2021-04-29 23:49 - 000002920 _____ C:\WINDOWS\system32\Tasks\Optimize Thumbnail Cache
2021-04-19 22:48 - 2021-04-29 23:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-04-19 22:48 - 2021-04-21 22:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-19 22:48 - 2021-04-19 22:48 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2021-04-19 22:48 - 2021-04-19 22:48 - 000007623 _____ C:\WINDOWS\diagerr.xml
2021-04-19 22:48 - 2021-04-19 22:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\MEGA
2021-04-19 22:48 - 2021-04-19 22:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\COMODO
2021-04-19 22:40 - 2021-04-30 22:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-19 22:40 - 2021-04-30 18:49 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-19 22:40 - 2021-04-28 17:58 - 005699816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-19 22:40 - 2021-04-19 22:48 - 000000000 ____D C:\Windows.old
2021-04-19 12:42 - 2021-04-19 22:40 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-04-19 12:41 - 2021-04-29 17:13 - 000000000 ____D C:\Users\LAPC
2021-04-19 12:41 - 2021-04-19 12:41 - 000000000 _SHDL C:\Users\LAPC\Reciente
2021-04-19 12:41 - 2021-04-19 12:41 - 000000000 _SHDL C:\Users\LAPC\Plantillas
2021-04-19 12:41 - 2021-04-19 12:41 - 000000000 _SHDL C:\Users\LAPC\Mis documentos
2021-04-19 12:41 - 2021-04-19 12:41 - 000000000 _SHDL C:\Users\LAPC\Menú Inicio
2021-04-19 12:41 - 2021-04-19 12:41 - 000000000 _SHDL C:\Users\LAPC\Impresoras
2021-04-19 12:41 - 2021-04-19 12:41 - 000000000 _SHDL C:\Users\LAPC\Entorno de red
2021-04-19 12:41 - 2021-04-19 12:41 - 000000000 _SHDL C:\Users\LAPC\Documents\Mis vídeos
2021-04-19 12:41 - 2021-04-19 12:41 - 000000000 _SHDL C:\Users\LAPC\Documents\Mis imágenes
2021-04-19 12:41 - 2021-04-19 12:41 - 000000000 _SHDL C:\Users\LAPC\Documents\Mi música
2021-04-19 12:41 - 2021-04-19 12:41 - 000000000 _SHDL C:\Users\LAPC\Datos de programa
2021-04-19 12:41 - 2021-04-19 12:41 - 000000000 _SHDL C:\Users\LAPC\Configuración local
2021-04-19 12:41 - 2021-04-19 12:41 - 000000000 _SHDL C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2021-04-19 12:41 - 2021-04-19 12:41 - 000000000 _SHDL C:\Users\LAPC\AppData\Local\Historial
2021-04-19 12:41 - 2021-04-19 12:41 - 000000000 _SHDL C:\Users\LAPC\AppData\Local\Datos de programa
2021-04-19 12:41 - 2021-04-19 12:41 - 000000000 _SHDL C:\Users\LAPC\AppData\Local\Archivos temporales de Internet
2021-04-19 12:41 - 2019-12-07 04:10 - 000001105 _____ C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-19 12:39 - 2021-04-19 12:42 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-04-19 12:36 - 2021-04-19 12:36 - 000000000 ____D C:\ProgramData\ssh
2021-04-19 12:31 - 2021-04-19 12:31 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-04-19 12:31 - 2021-04-19 12:31 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-04-19 12:31 - 2021-04-19 12:31 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-04-19 12:31 - 2021-04-19 12:31 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-04-19 12:31 - 2021-04-19 12:31 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-04-19 12:31 - 2021-04-19 12:31 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-04-19 12:31 - 2021-04-19 12:31 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-04-19 12:31 - 2021-04-19 12:31 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-04-19 12:31 - 2021-04-19 12:31 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-04-19 12:30 - 2021-04-19 12:30 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-04-19 12:30 - 2021-04-19 12:30 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-04-19 12:30 - 2021-04-19 12:30 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-04-19 12:30 - 2021-04-19 12:30 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-04-19 12:30 - 2021-04-19 12:30 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-04-19 12:30 - 2021-04-19 12:30 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-04-19 12:30 - 2021-04-19 12:30 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-04-19 12:30 - 2021-04-19 12:30 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-04-19 12:30 - 2021-04-19 12:30 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-04-19 12:30 - 2021-04-19 12:30 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-04-19 12:29 - 2021-04-19 12:29 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-04-19 12:29 - 2021-04-19 12:29 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-04-19 12:29 - 2021-04-19 12:29 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-04-19 12:29 - 2021-04-19 12:29 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-04-19 12:29 - 2021-04-19 12:29 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-04-19 12:29 - 2021-04-19 12:29 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-04-19 12:29 - 2021-04-19 12:29 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-04-19 12:29 - 2021-04-19 12:29 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-04-19 12:29 - 2021-04-19 12:29 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-04-19 12:29 - 2021-04-19 12:29 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-04-19 12:29 - 2021-04-19 12:29 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-04-19 12:29 - 2021-04-19 12:29 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-04-19 12:28 - 2021-04-19 12:28 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-04-19 12:28 - 2021-04-19 12:28 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-04-19 12:28 - 2021-04-19 12:28 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-04-19 12:28 - 2021-04-19 12:28 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-04-19 12:28 - 2021-04-19 12:28 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-04-19 12:28 - 2021-04-19 12:28 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-04-19 12:28 - 2021-04-19 12:28 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-04-19 12:28 - 2021-04-19 12:28 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-04-19 12:28 - 2021-04-19 12:28 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-04-19 12:28 - 2021-04-19 12:28 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-04-19 12:28 - 2021-04-19 12:28 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-19 12:28 - 2021-04-19 12:28 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-04-19 12:28 - 2021-04-19 12:28 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-04-19 12:28 - 2021-04-19 12:28 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-04-19 12:28 - 2021-04-19 12:28 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-04-19 12:28 - 2021-04-19 12:28 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-04-19 12:28 - 2021-04-19 12:28 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-04-19 12:28 - 2021-04-19 12:28 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-04-19 12:28 - 2021-04-19 12:28 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-04-19 12:28 - 2021-04-19 12:28 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-04-19 12:28 - 2021-04-19 12:28 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-04-19 12:28 - 2021-04-19 12:28 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-04-19 12:28 - 2021-04-19 12:28 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-04-19 12:27 - 2021-04-19 12:27 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-04-19 12:27 - 2021-04-19 12:27 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-04-19 12:27 - 2021-04-19 12:27 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-04-19 12:27 - 2021-04-19 12:27 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-04-19 12:27 - 2021-04-19 12:27 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-04-19 12:27 - 2021-04-19 12:27 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-04-19 12:27 - 2021-04-19 12:27 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-04-19 12:27 - 2021-04-19 12:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-04-19 12:27 - 2021-04-19 12:27 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-19 12:27 - 2021-04-19 12:27 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-04-19 12:27 - 2021-04-19 12:27 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-04-19 12:27 - 2021-04-19 12:27 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-04-19 12:27 - 2021-04-19 12:27 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-04-19 12:27 - 2021-04-19 12:27 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-04-19 12:27 - 2021-04-19 12:27 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-04-19 12:27 - 2021-04-19 12:27 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-04-19 12:26 - 2021-04-19 12:26 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-04-19 12:26 - 2021-04-19 12:26 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-04-19 12:26 - 2021-04-19 12:26 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-04-19 12:26 - 2021-04-19 12:26 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-19 12:26 - 2021-04-19 12:26 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-04-19 12:26 - 2021-04-19 12:26 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-04-19 12:26 - 2021-04-19 12:26 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-04-19 12:26 - 2021-04-19 12:26 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-04-19 12:26 - 2021-04-19 12:26 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-04-19 12:26 - 2021-04-19 12:26 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-04-19 12:26 - 2021-04-19 12:26 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-04-19 12:26 - 2021-04-19 12:26 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-04-19 11:59 - 2021-04-24 00:49 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-04-19 11:59 - 2021-04-19 11:59 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-04-19 11:59 - 2021-04-19 11:59 - 000000000 ____D C:\Program Files\MSBuild
2021-04-19 11:59 - 2021-04-19 11:59 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-04-19 11:59 - 2021-04-19 11:59 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-04-19 11:52 - 2021-04-19 11:52 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-04-19 11:38 - 2021-04-30 18:46 - 000000000 ___DC C:\WINDOWS\Panther
2021-04-19 08:22 - 2021-04-19 08:22 - 000002330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk
2021-04-19 08:22 - 2021-04-19 08:22 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2021-04-19 08:15 - 2021-04-19 08:15 - 038628592 _____ (ExpressVPN) C:\Users\LAPC\Desktop\expressvpn_windows_10.2.2.29_release.exe
2021-04-17 23:38 - 2021-04-17 23:47 - 000000000 ____D C:\ESD
2021-04-17 23:36 - 2021-04-17 23:36 - 000000000 ___HD C:\$Windows.~WS
2021-04-17 22:21 - 2021-04-17 22:21 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign797af77be8b8cde0
2021-04-17 22:21 - 2021-04-17 22:21 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign57ce748b2426268c
2021-04-17 22:19 - 2021-04-17 22:19 - 000001386 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2021-04-17 21:57 - 2021-04-19 22:40 - 000000000 ____D C:\ProgramData\regid.2010-06.org.imageglass
2021-04-17 21:57 - 2021-04-19 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageGlass
2021-04-17 21:57 - 2021-04-17 21:57 - 000000000 ____D C:\Program Files\ImageGlass
2021-04-16 22:40 - 2021-04-16 22:40 - 000000000 ___HD C:\$WinREAgent
2021-04-16 10:19 - 2021-04-29 09:36 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-04-16 10:19 - 2021-04-29 09:36 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-13 23:40 - 2021-04-13 23:40 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\KMS
2021-04-09 09:49 - 2021-04-09 09:49 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2021.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-01 09:42 - 2020-06-25 08:33 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-01 09:42 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-01 09:42 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-01 09:41 - 2020-03-27 02:54 - 000000000 ____D C:\ProgramData\NVIDIA
2021-05-01 09:41 - 2020-03-27 02:16 - 000000000 ____D C:\Users\LAPC\AppData\LocalLow\Mozilla
2021-05-01 09:41 - 2020-03-27 02:16 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-01 00:40 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-30 18:56 - 2019-12-07 09:55 - 000785200 _____ C:\WINDOWS\system32\perfh00A.dat
2021-04-30 18:56 - 2019-12-07 09:55 - 000153224 _____ C:\WINDOWS\system32\perfc00A.dat
2021-04-30 18:56 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-30 18:49 - 2021-01-30 22:23 - 000000000 ____D C:\ProgramData\VMware
2021-04-30 18:49 - 2020-03-27 02:38 - 000000000 ____D C:\ProgramData\AVAST Software
2021-04-30 18:49 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-30 18:46 - 2020-03-29 04:39 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\MPC-HC
2021-04-30 18:42 - 2021-02-07 23:10 - 000000000 ____D C:\Users\YPC3
2021-04-30 18:42 - 2020-06-30 13:18 - 000000000 ____D C:\Users\laPC
2021-04-30 18:31 - 2020-03-29 03:33 - 000000000 ____D C:\Program Files\CCleaner
2021-04-30 15:52 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-30 15:40 - 2019-12-07 09:58 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-30 15:40 - 2019-12-07 09:56 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-04-30 15:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-30 15:36 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-30 14:53 - 2019-12-07 09:58 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-04-30 14:16 - 2020-03-27 09:58 - 000000000 ____D C:\Users\LAPC\.atom
2021-04-30 00:42 - 2021-03-08 09:36 - 000000000 ____D C:\Program Files\Firefox Developer Edition
2021-04-30 00:41 - 2021-03-23 23:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-30 00:10 - 2020-03-29 19:51 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-04-30 00:10 - 2020-03-29 19:51 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-04-29 23:52 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-29 23:52 - 2019-12-07 04:03 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2021-04-29 16:49 - 2020-03-28 01:26 - 000001456 _____ C:\Users\LAPC\AppData\Local\Adobe Guardar para Web 12.0 Prefs
2021-04-29 16:42 - 2020-03-28 00:29 - 000000033 _____ C:\Users\LAPC\AppData\Roaming\AdobeWLCMCache.dat
2021-04-29 16:38 - 2020-03-27 10:38 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\npm-cache
2021-04-29 11:18 - 2020-10-28 21:20 - 000180448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-04-29 11:18 - 2020-04-01 10:57 - 000522384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-04-29 11:18 - 2020-03-27 02:39 - 000850632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-04-29 11:18 - 2020-03-27 02:39 - 000467720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-04-29 11:18 - 2020-03-27 02:39 - 000365024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-04-29 11:18 - 2020-03-27 02:39 - 000326992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-04-29 11:18 - 2020-03-27 02:39 - 000250336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-04-29 11:18 - 2020-03-27 02:39 - 000212192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-04-29 11:18 - 2020-03-27 02:39 - 000107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-04-29 11:18 - 2020-03-27 02:39 - 000099288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-04-29 11:18 - 2020-03-27 02:39 - 000082872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-04-29 11:18 - 2020-03-27 02:39 - 000041296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-04-29 11:18 - 2020-03-27 02:39 - 000035664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-04-29 11:18 - 2020-03-27 02:39 - 000017352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-04-29 11:17 - 2020-03-29 20:09 - 000000000 ____D C:\Program Files\Opera
2021-04-29 08:50 - 2020-03-29 20:09 - 000001195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2021-04-28 17:58 - 2020-03-27 02:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-28 15:28 - 2020-03-30 23:47 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk
2021-04-28 14:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-27 22:28 - 2020-03-27 02:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-04-27 16:13 - 2020-03-31 13:26 - 000001456 _____ C:\Users\LAPC\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2021-04-27 09:41 - 2020-03-27 02:05 - 000000000 ____D C:\Users\LAPC\AppData\Local\Packages
2021-04-26 22:21 - 2020-03-27 09:43 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-26 13:24 - 2020-04-02 16:16 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\MiPony
2021-04-25 23:47 - 2020-03-27 13:43 - 000000000 ____D C:\Users\LAPC\AppData\Local\CrashDumps
2021-04-25 14:23 - 2019-12-07 09:57 - 000000000 ____D C:\WINDOWS\OCR
2021-04-25 14:11 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-25 14:09 - 2020-04-17 21:29 - 000000000 ____D C:\Users\LAPC\Documents\FormatFactory
2021-04-25 14:09 - 2020-03-31 23:32 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\vlc
2021-04-25 14:08 - 2020-09-20 13:41 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-24 00:49 - 2019-12-07 09:58 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-04-24 00:49 - 2019-12-07 09:58 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-04-24 00:49 - 2019-12-07 09:55 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-04-24 00:49 - 2019-12-07 09:55 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-04-24 00:49 - 2019-12-07 09:55 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-04-24 00:49 - 2019-12-07 09:55 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-04-24 00:49 - 2019-12-07 09:55 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-04-24 00:49 - 2019-12-07 09:55 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-04-24 00:49 - 2019-12-07 09:55 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-04-24 00:49 - 2019-12-07 09:55 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\IME
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-04-24 00:49 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-04-23 09:53 - 2020-03-27 02:56 - 000000000 ____D C:\Users\LAPC\AppData\Local\D3DSCache
2021-04-21 22:53 - 2020-05-14 22:00 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-21 10:07 - 2020-03-30 09:43 - 000000000 ___RD C:\Users\LAPC\Creative Cloud Files
2021-04-20 16:33 - 2021-02-05 10:18 - 000000000 ____D C:\Program Files\Recuva
2021-04-20 12:12 - 2020-12-10 11:56 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-04-20 08:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-04-19 22:51 - 2020-03-29 19:57 - 000000572 __RSH C:\ProgramData\ntuser.pol
2021-04-19 22:51 - 2020-03-27 02:05 - 000000000 ___RD C:\Users\LAPC\3D Objects
2021-04-19 22:51 - 2020-03-27 02:05 - 000000000 ____D C:\ProgramData\Packages
2021-04-19 22:49 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-04-19 22:46 - 2019-12-07 04:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-04-19 22:41 - 2020-03-27 02:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-04-19 22:41 - 2019-12-07 04:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-04-19 22:40 - 2021-03-30 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2021-04-19 22:40 - 2021-03-24 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Screen Recorder
2021-04-19 22:40 - 2021-03-01 01:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVM for Windows
2021-04-19 22:40 - 2021-02-20 01:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Screen To Video
2021-04-19 22:40 - 2021-02-12 00:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resident Evil 7 Biohazard
2021-04-19 22:40 - 2021-02-05 10:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2021-04-19 22:40 - 2021-01-30 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2021-04-19 22:40 - 2020-12-10 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2021-04-19 22:40 - 2020-10-08 22:22 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Koala
2021-04-19 22:40 - 2020-08-27 10:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American Truck Simulator
2021-04-19 22:40 - 2020-05-30 22:45 - 000000000 ____D C:\Program Files\UNP
2021-04-19 22:40 - 2020-04-17 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVCleaver 64 bit
2021-04-19 22:40 - 2020-04-17 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2021-04-19 22:40 - 2020-04-17 22:09 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder
2021-04-19 22:40 - 2020-04-17 22:00 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2021-04-19 22:40 - 2020-04-17 21:27 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2021-04-19 22:40 - 2020-04-17 15:53 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2021-04-19 22:40 - 2020-04-17 14:32 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2021-04-19 22:40 - 2020-04-14 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2021-04-19 22:40 - 2020-04-13 21:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP
2021-04-19 22:40 - 2020-04-09 20:53 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2021-04-19 22:40 - 2020-04-02 18:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2021-04-19 22:40 - 2020-04-02 16:16 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
2021-04-19 22:40 - 2020-04-02 00:50 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-19 22:40 - 2020-04-02 00:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-19 22:40 - 2020-03-31 23:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-19 22:40 - 2020-03-29 04:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2021-04-19 22:40 - 2020-03-29 03:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-04-19 22:40 - 2020-03-28 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2021-04-19 22:40 - 2020-03-28 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 13.5
2021-04-19 22:40 - 2020-03-28 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
2021-04-19 22:40 - 2020-03-28 13:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2021-04-19 22:40 - 2020-03-27 20:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-04-19 22:40 - 2020-03-27 15:39 - 000000000 ____D C:\WINDOWS\SHELLNEW
2021-04-19 22:40 - 2020-03-27 15:12 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-04-19 22:40 - 2020-03-27 14:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
2021-04-19 22:40 - 2020-03-27 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2021-04-19 22:40 - 2020-03-27 09:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wampserver64
2021-04-19 22:40 - 2020-03-27 02:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2021-04-19 22:40 - 2020-03-27 02:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-04-19 22:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-04-19 22:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-04-19 22:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-04-19 22:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-04-19 22:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-19 22:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-04-19 22:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-04-19 22:40 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-04-19 22:40 - 2019-03-18 23:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-04-19 22:40 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-04-19 22:40 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-04-19 22:39 - 2019-12-07 04:18 - 000000000 ____D C:\WINDOWS\Setup
2021-04-19 12:43 - 2021-03-24 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2021-04-19 12:43 - 2020-06-24 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
2021-04-19 12:43 - 2020-05-01 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2021-04-19 12:43 - 2020-04-17 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2021-04-19 12:43 - 2020-04-05 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
2021-04-19 12:42 - 2020-12-18 13:13 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SnoreToast
2021-04-19 12:36 - 2019-12-07 09:58 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-04-19 12:36 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-04-19 12:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-04-19 12:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-04-19 12:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-04-19 12:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-04-19 12:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-04-19 12:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-19 12:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-04-19 12:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-19 12:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-04-19 12:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-04-19 12:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-04-19 12:36 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-04-19 12:35 - 2019-12-07 09:58 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-04-19 08:22 - 2020-03-27 02:54 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-17 22:25 - 2020-03-27 14:48 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-04-17 22:25 - 2020-03-27 14:48 - 000000000 ____D C:\Program Files\Adobe
2021-04-17 22:25 - 2020-03-27 02:05 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\Adobe
2021-04-17 22:19 - 2020-03-27 14:47 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-04-17 22:19 - 2020-03-27 14:42 - 000000000 ____D C:\Users\LAPC\AppData\Local\Adobe
2021-04-17 21:54 - 2020-03-27 14:42 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\Macromedia
2021-04-17 21:50 - 2020-03-27 14:47 - 000000000 ____D C:\ProgramData\Adobe
2021-04-16 00:02 - 2020-03-27 09:58 - 000000000 ____D C:\Users\LAPC\AppData\Local\atom
2021-04-15 08:36 - 2020-03-27 09:58 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\Atom
2021-04-14 08:51 - 2020-03-27 12:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 08:48 - 2020-03-27 12:55 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-14 08:46 - 2019-03-18 23:49 - 000000167 _____ C:\WINDOWS\win.ini
2021-04-14 08:42 - 2020-03-27 09:58 - 000000000 ____D C:\Users\LAPC\AppData\Local\SquirrelTemp
2021-04-02 23:48 - 2020-04-13 21:02 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\AIMP

==================== Files in the root of some directories ========

2016-04-14 04:52 - 2016-04-14 04:52 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2020-04-30 21:55 - 2021-01-26 17:33 - 000000132 _____ () C:\Users\LAPC\AppData\Roaming\Adobe PNG Format CS5 Prefs
2020-03-28 00:29 - 2021-04-29 16:42 - 000000033 _____ () C:\Users\LAPC\AppData\Roaming\AdobeWLCMCache.dat
2020-03-28 01:26 - 2021-04-29 16:49 - 000001456 _____ () C:\Users\LAPC\AppData\Local\Adobe Guardar para Web 12.0 Prefs
2020-03-31 13:26 - 2021-04-27 16:13 - 000001456 _____ () C:\Users\LAPC\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2020-03-30 08:22 - 2020-03-30 08:22 - 000000000 _____ () C:\Users\LAPC\AppData\Local\oobelibMkey.log
2020-05-09 18:19 - 2020-05-09 18:19 - 000007605 _____ () C:\Users\LAPC\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

And the Addition.txt file

==== Addition.txt ====

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by YPC3 (30-04-2021 22:21:54)
Running from C:\Users\LAPC\Desktop\# UNO
Windows 10 Pro Version 20H2 19042.964 (X64) (2021-04-20 03:48:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2978707418-1059251124-2781032210-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2978707418-1059251124-2781032210-503 - Limited - Disabled)
Invitado (S-1-5-21-2978707418-1059251124-2781032210-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2978707418-1059251124-2781032210-504 - Limited - Disabled)
YPC3 (S-1-5-21-2978707418-1059251124-2781032210-1001 - Administrator - Enabled) => C:\Users\LAPC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: COMODO Firewall (Disabled) {3D9428CB-50D2-A37E-F90F-1D238F042427}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Stogram (HKLM\...\{CD4286AD-7B88-4506-8408-9C64F6923B77}) (Version: 3.3.0.3460 - Open Media LLC) Hidden
4K Stogram (HKLM-x32\...\{9f5d7de9-e5c1-446f-9361-f22433707d40}) (Version: 3.3.0.3460 - Open Media LLC)
4K Video Downloader (HKLM\...\{50F633D3-DE52-4709-AD1B-A09B5B0D86C1}) (Version: 4.14.1.4020 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{33a1766b-73d6-42ce-b3ff-317e5db3e9a7}) (Version: 4.14.1.4020 - Open Media LLC)
4K YouTube to MP3 (HKLM\...\{A3B285CD-0E33-44E5-B2CE-0EC38BD1BA45}) (Version: 3.14.1.4020 - Open Media LLC) Hidden
4K YouTube to MP3 (HKLM-x32\...\{20377577-dfad-4f5a-89a9-a3d5367f1c08}) (Version: 3.14.1.4020 - Open Media LLC)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.125 - Adobe)
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.4.3.544 - Adobe Inc.)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.433 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.433 - Adobe)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_0) (Version: 25.0 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_3) (Version: 22.3.0.49 - Adobe Inc.)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
AIMP (HKLM-x32\...\AIMP) (Version: v4.60.2180, 25.03.2020 - AIMP DevTeam)
American Truck Simulator MULTi23 - ElAmigos versión 1.38.1.20 (HKLM-x32\...\{1E1A283E-DA44-4DCB-BC57-295E54DF18CA}_is1) (Version: 1.38.1.20 - SCS Software)
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.1.7.1 - ASUSTek COMPUTER INC.)
Atom (HKU\S-1-5-21-2978707418-1059251124-2781032210-1001\...\atom) (Version: 1.56.0 - GitHub Inc.)
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.3.2459 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.78 - Piriform)
Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version:  - getcomposer.org)
CPUID HWMonitor 1.41 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.41 - CPUID, Inc.)
EaseUS Partition Master 13.5 (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
ExpressVPN (HKLM-x32\...\{dfa3c815-2d05-4891-86c7-c97f34b245d0}) (Version: 10.2.2.29 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B876ED984E}) (Version: 10.2.2.29 - ExpressVPN) Hidden
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
FileZilla Client 3.48.0 (HKU\S-1-5-21-2978707418-1059251124-2781032210-1001\...\FileZilla Client) (Version: 3.48.0 - Tim Kosse)
Firefox Developer Edition 89.0 (x64 es-ES) (HKLM\...\Firefox Developer Edition 89.0 (x64 es-ES)) (Version: 89.0 - Mozilla)
FormatFactory 5.1.0.0 (HKLM-x32\...\FormatFactory) (Version: 5.1.0.0 - Free Time)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.7.2.29539 - Foxit Software Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Glary Utilities 5.162 (HKLM-x32\...\Glary Utilities 5) (Version: 5.162.0.188 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
Icecream Screen Recorder versión 6.23 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 6.23 - Icecream Apps)
ImageGlass (HKLM\...\{F740CB1A-1DD0-45BF-9539-8AEB1596FB23}) (Version: 8.1.4.18 - Duong Dieu Phap)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kaspersky Anti-Virus (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky)
K-Lite Mega Codec Pack 15.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.9.5 - KLCP)
KMS (HKLM-x32\...\{F6113AAC-E987-4435-BAA9-C19D3479E1FB}) (Version: 1.2.9 - KMSKEY)
Koala -- A cool tool for web developers (HKLM-x32\...\Koala) (Version: 2.3.0 - koala-app.com)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
MediaCoder 0.8.61 (HKLM\...\MediaCoder) (Version: 0.8.61 - Mediatronic)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.49 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiPony 3.1.1 (HKLM-x32\...\MiPony) (Version: 3.1.1 - )
MKVCleaver 64 bit (HKLM\...\{32886311-ABB4-45BE-8274-1F53641B2AC7}_is1) (Version: 0.8.0.0 - Ilia Bakhmoutski)
MKVToolNix 45.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 45.0.0 - Moritz Bunkus)
Mozilla Firefox 88.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 88.0 (x64 es-ES)) (Version: 88.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 76.0.1 - Mozilla)
MultiPar versión 1.3.0.2 (HKU\S-1-5-21-2978707418-1059251124-2781032210-1001\...\{AAFC96BF-C615-4D77-9A55-C692A7B26FC5}_is1) (Version: 1.3.0.2 - Yutaka Sawada)
NVIDIA Controlador de audio HD 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 460.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 460.89 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVM for Windows 1.1.7 (HKLM\...\40078385-F676-4C61-9A9C-F9028599D6D3_is1) (Version: 1.1.7 - Ecor Ventures LLC)
Opera Stable 75.0.3969.243 (HKLM-x32\...\Opera 75.0.3969.243) (Version: 75.0.3969.243 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.6 - Power Software Ltd)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8703.1 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Resident Evil 7 Biohazard (HKLM-x32\...\{1ECBF8F3-7079-44CA-AD32-B2AECBCF636F}_is1) (Version:  - Capcom)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Revo Uninstaller Pro 4.2.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.2.3 - VS Revo Group, Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Sid Meier's Railroads! (HKLM-x32\...\{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}) (Version: 1.10 - Firaxis Games)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Sublime Text 3 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Transmission 3.00 (bb6b5a062e) (x64) (HKLM\...\{B206C51C-27D2-4251-95E2-B4B28DE80633}) (Version: 3.00.0 - Transmission Project)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Wampserver64 3.2.0 (HKLM\...\{wampserver64}_is1) (Version: 3.2.0 - Dominique Ottello aka Otomatic)
WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.2 - WebM Project)
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Xilisoft Video Convertidor Ultimate (HKLM-x32\...\Xilisoft Video Convertidor Ultimate) (Version: 7.8.17.20160613 - Xilisoft)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-04-17] (Adobe Systems Incorporated)
Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_39.0.12.12_x64__adky2gkssdxte [2021-04-17] (Adobe Systems Incorporated)
Complemento de motor del medio de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-29] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-04-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-19] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-04-19] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.180.0_x64__dt26b99r8h8gj [2020-03-28] (Realtek Semiconductor Corp)
Windows Terminal -> C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.7.1033.0_x64__8wekyb3d8bbwe [2021-04-21] (Microsoft Corporation) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2978707418-1059251124-2781032210-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-D64D0CFBBBDD} -> [Creative Cloud Files] => C:\Users\LAPC\Creative Cloud Files [2020-03-30 09:43]
CustomCLSID: HKU\S-1-5-21-2978707418-1059251124-2781032210-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-2978707418-1059251124-2781032210-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-2978707418-1059251124-2781032210-1001_Classes\CLSID\{eb1fdd5b-8f70-4b5a-b230-998a2dc19303}\localserver32 -> C:\wamp64\www\aviators\node_modules\node-notifier\vendor\snoreToast\snoretoast-x64.exe (K Desktop Environment e.V. -> )
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\LAPC\AppData\Local\MEGAsync\ShellExtX64.dll [2021-02-27] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\LAPC\AppData\Local\MEGAsync\ShellExtX64.dll [2021-02-27] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\LAPC\AppData\Local\MEGAsync\ShellExtX64.dll [2021-02-27] (Mega Limited -> )
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-04-17] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-04-17] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-04-17] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-29] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\LAPC\AppData\Local\MEGAsync\ShellExtX64.dll [2021-02-27] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\LAPC\AppData\Local\MEGAsync\ShellExtX64.dll [2021-02-27] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\LAPC\AppData\Local\MEGAsync\ShellExtX64.dll [2021-02-27] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-04-17] (Adobe Inc. -> )
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => E:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2020-04-13] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_108.dll [2020-03-19] (Free Time) [File not signed]
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2020-04-10] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => E:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-04-10] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\shellex.dll [2021-04-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\LAPC\AppData\Local\MEGAsync\ShellExtX64.dll [2021-02-27] (Mega Limited -> )
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2020-02-09] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => E:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-04-10] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\shellex.dll [2021-04-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\LAPC\AppData\Local\MEGAsync\ShellExtX64.dll [2021-02-27] (Mega Limited -> )
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => E:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2020-11-17] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => E:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2020-11-17] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-03-27] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\LAPC\AppData\Local\MEGAsync\ShellExtX64.dll [2021-02-27] (Mega Limited -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => E:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2020-04-13] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_108.dll [2020-03-19] (Free Time) [File not signed]
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\shellex.dll [2021-04-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\LAPC\AppData\Local\MEGAsync\ShellExtX64.dll [2021-02-27] (Mega Limited -> )
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2020-02-09] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_db8f2c8fbddb2235\nvshext.dll [2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-04-17] (Adobe Inc. -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2020-04-10] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => E:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-04-10] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\shellex.dll [2021-04-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-03-27] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2020-02-09] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2019-03-29] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [310784 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\LAPC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)

==================== Loaded Modules (Whitelisted) =============

2020-10-10 22:48 - 2020-10-10 22:48 - 013053440 _____ () [File not signed] C:\Users\LAPC\AppData\Local\MEGAsync\avcodec-58.dll
2020-10-10 22:48 - 2020-10-10 22:48 - 002290176 _____ () [File not signed] C:\Users\LAPC\AppData\Local\MEGAsync\avformat-58.dll
2020-10-10 22:48 - 2020-10-10 22:48 - 000521728 _____ () [File not signed] C:\Users\LAPC\AppData\Local\MEGAsync\avutil-56.dll
2019-05-13 19:06 - 2020-10-10 22:48 - 000065024 _____ () [File not signed] C:\Users\LAPC\AppData\Local\MEGAsync\cares.dll
2020-10-10 22:48 - 2020-10-10 22:48 - 000145408 _____ () [File not signed] C:\Users\LAPC\AppData\Local\MEGAsync\swresample-3.dll
2020-10-10 22:48 - 2020-10-10 22:48 - 000570880 _____ () [File not signed] C:\Users\LAPC\AppData\Local\MEGAsync\swscale-5.dll
2013-04-10 15:59 - 2013-04-10 15:59 - 000219136 _____ (Google Inc) [File not signed] C:\Program Files\WebP Codec\WebpWICCodec.dll
2020-03-27 02:20 - 2019-02-21 11:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-05-13 19:06 - 2020-10-10 22:48 - 000295936 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Users\LAPC\AppData\Local\MEGAsync\libcurl.dll
2020-10-10 22:48 - 2020-10-10 22:48 - 002444288 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Users\LAPC\AppData\Local\MEGAsync\libcrypto-1_1.dll
2020-10-10 22:48 - 2020-10-10 22:48 - 000504320 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Users\LAPC\AppData\Local\MEGAsync\libssl-1_1.dll
2019-05-13 19:06 - 2020-10-10 22:48 - 005118072 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:\Users\LAPC\AppData\Local\MEGAsync\Qt5Core.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 23:49 - 2020-03-27 10:00 - 000000039 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> E:\Program Files (x86)\VMware\VMware Player\bin\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\wamp64\bin\php\php7.3.12;C:\ProgramData\ComposerSetup\bin;E:\Program
HKU\S-1-5-21-2978707418-1059251124-2781032210-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

Network Binding:
=============
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled)
Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled)
Conexión de área local: VMware Bridge Protocol -> vmware_bridge (enabled)
Ethernet 2: VMware Bridge Protocol -> vmware_bridge (enabled)
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-2978707418-1059251124-2781032210-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2978707418-1059251124-2781032210-1001\...\StartupApproved\Run: => "GUDelayStartup"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7B66847C-5466-402E-9F4B-31788A9E1FD3}] => (Allow) LPort=1688
FirewallRules: [{A3ED11AA-E1A6-4AF6-A435-56E9B204E190}] => (Allow) E:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{4600DE6D-0616-4C3F-A6EE-F325CB6BC483}] => (Allow) E:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{FCCDCB57-E530-4FF8-B2A9-513A65D36637}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9E571954-85E6-46A8-A6D1-1B1FD59CDC90}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2EE9BC4D-E761-4685-8FCE-7F7C11420328}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{916BD587-98F9-41BA-8CFD-12E661CFB9BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{D7928DAC-FD6C-4CCB-BA74-5806B12F68C0}D:\program files\transmission\transmission-qt.exe] => (Allow) D:\program files\transmission\transmission-qt.exe (SignPath Foundation -> Transmission Project)
FirewallRules: [TCP Query User{B14384F1-4A84-48C9-A88D-8E58A5127213}D:\program files\transmission\transmission-qt.exe] => (Allow) D:\program files\transmission\transmission-qt.exe (SignPath Foundation -> Transmission Project)
FirewallRules: [UDP Query User{5B0F3AAF-0ABA-4739-8666-3694A1503685}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{0A470997-ACC3-468F-952D-30F16E388842}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{82C5E8EC-4785-44CC-982C-2572D06AFFA9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{07F660EC-6853-4815-A22C-AD3649ABF1DB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{8C6600AB-2CF4-48C1-97C9-96835917E9AF}E:\program files (x86)\fahclient\fahclient.exe] => (Allow) E:\program files (x86)\fahclient\fahclient.exe () [File not signed]
FirewallRules: [TCP Query User{E1B4F2C0-1652-4056-840F-90564F038A41}E:\program files (x86)\fahclient\fahclient.exe] => (Allow) E:\program files (x86)\fahclient\fahclient.exe () [File not signed]
FirewallRules: [{72D32FC6-7317-4036-AB0A-589B9B4295A9}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (暇光软件科技上海有限公司 -> Free Time Co., Ltd.)
FirewallRules: [TCP Query User{2D3DD4FD-A422-41B9-B825-F82A5DD4FDCE}C:\program files (x86)\mipony\mipony.exe] => (Block) C:\program files (x86)\mipony\mipony.exe (www.mipony.net -> ) [File not signed]
FirewallRules: [{78161D09-420A-410C-8C76-56DFD10330FD}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporatdion -> Mozilla Corporation)
FirewallRules: [{B94E975D-8EE1-4858-85C2-FB0C6A1F6AD6}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4572F967-409D-4B1A-B626-1DAD4C90FCE4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C6EFF26E-E8D1-48CB-9B82-0497A00B4994}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{64C0A19E-4D46-4C2F-A3F6-C944BDAF8675}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C7FB6883-7EE3-42BF-AF9B-9BF4DF361AEC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1844340A-F887-4651-8399-610E693B19F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{576D2DEC-B1D7-494E-B3CB-8E55F7AC23EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E3C806B8-B5C2-4310-87F4-641E49964524}] => (Allow) C:\Program Files\Opera\75.0.3969.218\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{532F9758-0C84-40EA-835A-C7D301813A03}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{7FBFC861-F869-4DF5-B0A5-DCB912DFA3A2}] => (Allow) C:\Program Files\Opera\75.0.3969.243\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================

30-04-2021 14:35:36 Instalador de Módulos de Windows
30-04-2021 14:41:12 Instalador de Módulos de Windows

==================== Faulty Device Manager Devices ============

Name: ExpressVPN TAP Adapter
Description: ExpressVPN TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/30/2021 08:49:05 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: No se pudo programar el servicio de protección de software para reiniciarse a las 2021-05-01T03:07:05Z. Código de error: 0x80070002.

Error: (04/30/2021 08:48:35 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: No se pudo programar el servicio de protección de software para reiniciarse a las 2021-05-01T03:07:35Z. Código de error: 0x80070002.

Error: (04/30/2021 08:48:05 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: No se pudo programar el servicio de protección de software para reiniciarse a las 2021-05-01T03:07:05Z. Código de error: 0x80070002.

Error: (04/30/2021 08:47:35 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: No se pudo programar el servicio de protección de software para reiniciarse a las 2021-05-01T03:07:35Z. Código de error: 0x80070002.

Error: (04/30/2021 08:47:05 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: No se pudo programar el servicio de protección de software para reiniciarse a las 2021-05-01T03:07:05Z. Código de error: 0x80070002.

Error: (04/30/2021 08:46:35 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: No se pudo programar el servicio de protección de software para reiniciarse a las 2021-05-01T03:07:35Z. Código de error: 0x80070002.

Error: (04/30/2021 08:46:05 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: No se pudo programar el servicio de protección de software para reiniciarse a las 2021-05-01T03:07:05Z. Código de error: 0x80070002.

Error: (04/30/2021 08:45:35 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: No se pudo programar el servicio de protección de software para reiniciarse a las 2021-05-01T03:07:35Z. Código de error: 0x80070002.


System errors:
=============
Error: (04/30/2021 06:46:15 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-D3T0P4H)
Description: No se puede iniciar un servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Error
"2147942767"
al iniciar este comando:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (04/30/2021 04:39:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-D3T0P4H)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (04/30/2021 04:39:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-D3T0P4H)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (04/30/2021 04:39:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-D3T0P4H)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (04/30/2021 04:39:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-D3T0P4H)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (04/30/2021 04:39:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-D3T0P4H)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (04/30/2021 04:39:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-D3T0P4H)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (04/30/2021 04:39:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-D3T0P4H)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.


CodeIntegrity:
===============
Date: 2021-04-30 19:36:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-04-30 19:09:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\x86\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-04-30 18:51:38
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-04-30 18:51:38
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.

Date: 2021-04-30 18:50:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F5 03/15/2016
Motherboard: Gigabyte Technology Co., Ltd. G1.SNIPER B7-CF
Processor: Intel® Core™ i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 30%
Total physical RAM: 24527.91 MB
Available physical RAM: 17026.67 MB
Total Virtual: 37327.91 MB
Available Virtual: 27358.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.56 GB) (Free:69.05 GB) NTFS
Drive d: (Disco local) (Fixed) (Total:931.51 GB) (Free:224.98 GB) NTFS
Drive e: (Disco local) (Fixed) (Total:223.57 GB) (Free:55.74 GB) NTFS

\\?\Volume{74546fc6-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.57 GB) (Free:0.11 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 74546FC6)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 55C43C56)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (Size: 223.6 GB) (Disk ID: 1DE2B426)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


Edited by avatarRD, 01 May 2021 - 10:32 AM.

BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,346 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:46 PM

Posted 30 April 2021 - 08:51 PM

Greetings avatarRD and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

I would like to get the FRST reports in English so that it is easier for me to review. Please right click on the FRST64 icon, select Rename, and rename it to FRST64english. Following that run another scan. Be sure to copy and paste both documents in your reply.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#3 avatarRD

avatarRD
  • Topic Starter

  • Avatar image
  • Members
  • 20 posts
  • OFFLINE
    •  
  • Local time:08:46 PM

Posted 01 May 2021 - 12:03 AM

Hi Gary! Thanks for visit my topic and thanks for your help! :thumbsup2:

 

I updated the FRST.txt and Addition.txt files in the first post of this topic.


Edited by avatarRD, 01 May 2021 - 12:04 AM.

#4 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,346 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:46 PM

Posted 01 May 2021 - 07:49 AM

In addition to wanting it in English your FRST.txt report in your initial post is incomplete. It should start with something like this:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2021

 


Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#5 avatarRD

avatarRD
  • Topic Starter

  • Avatar image
  • Members
  • 20 posts
  • OFFLINE
    •  
  • Local time:08:46 PM

Posted 01 May 2021 - 10:34 AM

I updated again :)

I don't know why it was incomplete ...


#6 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,346 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:46 PM

Posted 01 May 2021 - 06:58 PM

Greetings.

Unfortunately there is evidence of potentially illegal software on your computer. I am going to request you completely uninstall all products for which you do not have a valid Product Key, including all "cracked" software.

If you are willing to do that please rerun a FRST scan after removal and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#7 avatarRD

avatarRD
  • Topic Starter

  • Avatar image
  • Members
  • 20 posts
  • OFFLINE
    •  
  • Local time:08:46 PM

Posted 01 May 2021 - 11:24 PM

Hmmm, i think that's gonna be a little difficult because I'm not sure what could be "illegal" or "legal", it's not exactly my computer, it's the given computer in my job, wait me until monday to ask them ... but could you tell me what software is cracked? I think Adobe could be one of them (it was used only by graphic designers before) but not sure about the others.


Edited by avatarRD, 01 May 2021 - 11:24 PM.

#8 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,346 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:46 PM

Posted 02 May 2021 - 08:16 AM

Although Adobe may indeed be cracked, the specific evidence points either to the operating system itself or more likely Microsoft Office. Let's first check Windows itself. Please do this.

===================================================

Verifying Proper Windows Activation

--------------------
  • Click Start, type cmd, then select Run as administrator
  • Type slmgr.vbs /dli then hit Enter
  • Take a screen shot of the windows that will appear and attach it to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Screen shot

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#9 avatarRD

avatarRD
  • Topic Starter

  • Avatar image
  • Members
  • 20 posts
  • OFFLINE
    •  
  • Local time:08:46 PM

Posted 02 May 2021 - 05:13 PM

I suppose is fake, it says "KMS"

https://ibb.co/pWL06vD

 

(sorry, can't change it to english)


Edited by avatarRD, 02 May 2021 - 05:14 PM.

#10 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,346 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:46 PM

Posted 02 May 2021 - 08:21 PM

Unfortunately unless you have a properly licensed Windows Operating System I will be unable to assist.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#11 avatarRD

avatarRD
  • Topic Starter

  • Avatar image
  • Members
  • 20 posts
  • OFFLINE
    •  
  • Local time:08:46 PM

Posted 02 May 2021 - 10:57 PM

Ok, please wait until tomorrow. I'll ask about it.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,346 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:46 PM

Posted 03 May 2021 - 08:34 AM

No problem, just know this computer is infected.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#13 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,346 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:46 PM

Posted 03 May 2021 - 03:21 PM

Greetings.

Ironically I have the same situation on another topic and have been able to verify the Windows on that system is properly activated. Giving benefit of the doubt, let's clean your computer.

Please do this.

===================================================

Uninstalling Adobe Flash

--------------------

Note: Adobe Flash Player is no longer supported and is a security risk.
  • Download Adobe Flash Player Uninstaller and save it to your Desktop
  • Right click on the icon and select Run as administrator
  • Click Uninstall then Done to reboot your comptuer
===================================================

Uninstalling Programs Using Revo Uninstaller

--------------------

I recommend uninstalling the below listed program(s) from your computer.
  • Right click on Revo Uninstaller and select Run as administrator
  • From the list of programs highlight the listed program(s), or anything similar, then select Uninstall
Avast Free Antivirus
KMS
  • If the program's uninstaller appears work through the steps to remove the program(s)
  • Be sure the Advanced option is selected then click Scan
  • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
  • Once done click Finish
  • Reboot your computer
===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST will do it for you
Start::
CreateRestorePoint:
CloseProcesses:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_433.dll [2020-09-15] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-09-15] (Adobe Inc. -> )
2021-04-29 16:43 - 2021-04-29 16:43 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignec5c7d73d2ebf726
2021-04-29 16:43 - 2021-04-29 16:43 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign5599c53cdbc089d4
2021-04-27 16:09 - 2021-04-27 16:09 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignee557e8a0eea052d
2021-04-27 14:10 - 2021-04-27 14:10 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignb5668fac1289089f
2021-04-27 10:15 - 2021-04-27 10:15 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign149160c4e5bb8830
2021-04-27 10:12 - 2021-04-27 10:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignc2cc468ae48cd25a
2021-04-27 10:12 - 2021-04-27 10:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignab7453ee49a5a17a
2021-04-27 10:12 - 2021-04-27 10:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign7088d5d792253d59
2021-04-27 10:12 - 2021-04-27 10:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign6028a02c729ca397
2021-04-27 10:11 - 2021-04-27 10:11 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigna7476cf2898d7e7e
2021-04-27 10:11 - 2021-04-27 10:11 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign4afade2e2a026653
2021-04-27 10:05 - 2021-04-27 10:05 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign650de012317aa68a
2021-04-27 10:05 - 2021-04-27 10:05 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign4fe19451f31c6989
2021-04-27 10:05 - 2021-04-27 10:05 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign0bf3864f0bd81058
2021-04-27 09:30 - 2021-04-27 09:30 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign99a4a4460c6dec4c
2021-04-27 09:04 - 2021-04-27 09:04 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigneb663db6a8bb032c
2021-04-27 09:04 - 2021-04-27 09:04 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign4b30c9cd2914cc69
2021-04-27 09:04 - 2021-04-27 09:04 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign2be9fa5cb1515f10
2021-04-26 13:37 - 2021-04-26 13:37 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign93eb77bf46d2db4b
2021-04-26 13:36 - 2021-04-26 13:36 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign939541647a99d3c1
2021-04-26 13:32 - 2021-04-26 13:32 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign5ebc04d8ed828660
2021-04-26 13:02 - 2021-04-26 13:02 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignd034d3186591396d
2021-04-26 11:12 - 2021-04-26 11:12 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignac92544101bff369
2021-04-26 10:50 - 2021-04-26 10:50 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign35065bbc7661428e
2021-04-26 10:01 - 2021-04-26 10:01 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign10cfac3665ca3970
2021-04-26 10:00 - 2021-04-26 10:00 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigned6c8413599ecba7
2021-04-26 10:00 - 2021-04-26 10:00 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsignc6037b3ea15a5678
2021-04-26 10:00 - 2021-04-26 10:00 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign40e5c76a447fa5bb
2021-04-26 08:41 - 2021-04-26 08:41 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigna209d15090dbf41e
2021-04-26 08:39 - 2021-04-26 08:39 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsigne4e3136ed8414eae
2021-04-26 08:39 - 2021-04-26 08:39 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign0ceabe6ffb1c7d50
2021-04-17 22:21 - 2021-04-17 22:21 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign797af77be8b8cde0
2021-04-17 22:21 - 2021-04-17 22:21 - 000000000 ____D C:\Users\LAPC\AppData\Local\Tempzxpsign57ce748b2426268c
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
C:\WINDOWS\system32\Tasks\InstallShield® Setup Engine Kernel
C:\Program Files (x86)\Common Files\InstallShield
Task: {2092D4C2-6213-4011-B598-A0F186F4A712} - System32\Tasks\Optimize Thumbnail Cache => C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\isupdate.exe [61104 2020-09-26] (Flexera Software LLC -> InstallShield®) [File not signed]
2021-04-19 22:48 - 2021-04-19 22:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\MEGA
2021-04-19 22:48 - 2021-04-19 22:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\COMODO
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO
2021-04-19 22:40 - 2020-03-28 13:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2021-04-26 13:24 - 2020-04-02 16:16 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\MiPony
2021-04-19 22:40 - 2020-04-02 16:16 - 000000000 ____D C:\Users\LAPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM] => hxxp://127.0.0.1:86/
AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:86/
AutoConfigURL: [{1C5A8DD3-4F41-4B45-910B-D3D379B045D4}] => hxxp://127.0.0.1:86/
ManualProxies: 0hxxp://127.0.0.1:86/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
Powershell:  Get-Process -Id (Get-NetTCPConnection -LocalPort 86).OwningProcess
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
  • Check your Proxy settings
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Programs uninstall?
  • Fixlog
  • Proxy?

Edited by Oh My!, 04 May 2021 - 09:24 AM.

Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come

#14 avatarRD

avatarRD
  • Topic Starter

  • Avatar image
  • Members
  • 20 posts
  • OFFLINE
    •  
  • Local time:08:46 PM

Posted 03 May 2021 - 10:59 PM

Hi! Sorry, i had a busy day but i did what you said.

Looks like bing and captchas are working again

 

Before we continue,

I asked to my job about the license and it's a fake license with ksm pico and I'm not sure what to do. This is their computer and mine at same time because they sold me the computer after an electric shock roasts mine (never use a machine during thunderstorm, lol) and i still paying it. I notice inside Disk C there is a folder (Windows.old) and its size is about 23GB and during this issue with that malware or whatever it was, i lost about 30GB.

 

So, should i buy a new license first? Or continue with your steps, delete that Windows.old folder and add the license to the end?


Edited by avatarRD, 03 May 2021 - 11:00 PM.

#15 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 62,346 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:06:46 PM

Posted 04 May 2021 - 09:26 AM

Normally I don't assist users who have illegal software on their system, especially an operating system. Out of appreciation for your honesty and your not knowing of the pirated nature of your operating system, I am going to continue assisting you hoping after our time together you will obtain a proper license not only because it is the right thing to do but it will also assist in protecting your computer.

Please see here about the Windows.old folder.

For now just run the Farbar Recovery Scan Tool Fix and post the results.
Lord, to whom shall we go? You have the words of eternal life and we have believed and have come to know that you are the Holy One of God.
John 6:68-69

The Man on the Middle Cross Said I Could Come
Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·