[SOLVED] MITM attack.

Solitario

Solitario

Well-known member
Joined
Jun 23, 2015
Posts
403
Location
Argentina.
Hi, I need help to eliminate infections in my pc. Enclosed are the required reports. Thank you very much in advance. Best regards.

32f433314eefb35f8d520482ad975094a771d812.jpeg

Edit by Corrine to post logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05.2019
Ran by User (administrator) on DESKTOP-QGCBUE3 (30-05-2019 07:19:34)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Pro Version 1903 18362.116 (X64) Language: Español (México)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19051.545.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBclk.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe
(ASUSTeK Computer Inc. -> TODO: <Company name>) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.6700\Agent.exe
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) D:\Battle.net\Battle.net.exe
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) D:\Battle.net\Battle.net.exe
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) D:\Battle.net\Battle.net.exe
(Electronic Arts, Inc. -> Electronic Arts) D:\Origin\OriginWebHelperService.exe
(FNet Co., Ltd. -> ASUSTeKcomputer Inc) C:\Program Files (x86)\RamCache II\RamCache.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Janos Mathe -> H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11904.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> ) C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera_crashreporter.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) D:\JUEGOS\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) D:\JUEGOS\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) D:\JUEGOS\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) D:\JUEGOS\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) D:\JUEGOS\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) D:\JUEGOS\Steam.exe
(YANDEX LLC -> YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\19.4.2.702\service_update.exe
(YANDEX LLC -> YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\19.4.2.702\service_update.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-11-09] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [5631720 2019-04-21] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9268680 2018-02-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2018-02-22] (ASUSTeK COMPUTER INC.) [File not signed]
HKLM\...\Run: [Shadow Defender Daemon] => "C:\Program Files\Shadow Defender\DefenderDaemon.exe" /Auto
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
HKLM-x32\...\Run: [YouCam Service8] => C:\Program Files (x86)\CyberLink\YouCam8\YouCamService8.exe [405176 2019-02-18] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [555832 2014-03-05] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RamCache II ] => C:\Program Files (x86)\RamCache II\RamCache.exe [4351080 2019-05-26] (FNet Co., Ltd. -> ASUSTeKcomputer Inc)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\Run: [Steam] => D:\JUEGOS\steam.exe [3152160 2019-04-29] (Valve -> Valve Corporation)
HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\Run: [Battle.net] => D:\Battle.net\Battle.net.exe [1098728 2019-05-23] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [45056 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\Run: [EADM] => D:\Origin\Origin.exe [3114256 2019-05-25] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\Run: [Vivaldi Update Notifier] => C:\Users\User\AppData\Local\Vivaldi\Application\update_notifier.exe [1623624 2019-05-07] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [735088 2019-05-26] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{401C381F-E0DE-4B85-8BD8-4F3F14FBDA57}] -> C:\Program Files (x86)\Microsoft\Edge Dev\Application\76.0.167.1\Installer\chrmstp.exe [2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{43F137B0-8F4D-463B-AB83-ADEAD4F15096}] -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\75.0.139.20\Installer\chrmstp.exe [2019-05-23] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-21] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{765458F5-7207-46a2-ABD6-A5F11C0D141B}] -> C:\Program Files (x86)\CyberLink\YouCam8\CLCredProv\x64\CLCredProv.dll [2019-02-18] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Provider Filters: [{765458F5-7207-46a2-ABD6-A5F11C0D141B}] -> C:\Program Files (x86)\CyberLink\YouCam8\CLCredProv\x64\CLCredProv.dll [2019-02-18] (CyberLink Corp. -> CyberLink)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {083F3813-82BC-4622-A1B0-070C619B7D11} - System32\Tasks\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner => C:\WINDOWS\system32\mitigationscanner.exe [58880 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {10C47C98-2D8D-44BB-9B0E-2C37624E7637} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {17DE85EE-CD1C-487D-B91B-54936CFA6034} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {1FE9251D-703F-41A5-BC95-D1C82853C88C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197064 2019-05-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {2030EA3C-F627-40C8-9B61-63726FD7CD29} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6204464 2019-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {2C11F1EC-18D1-4951-977A-1534935829F6} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728752 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2C3CF86C-1D5B-4F08-BE21-893634E5AFF4} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [122352 2019-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {2E557017-6829-479E-887E-F25E89732F8F} - System32\Tasks\SS3svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2018-02-22] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {38A1E37E-1B48-41B7-9A62-F4A90249B9F9} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1448408 2017-11-24] (ASUSTeK Computer Inc. -> )
Task: {3E9CE6F7-2E58-4E60-9E6A-29AAF165F802} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-14] (Google Inc -> Google Inc.)
Task: {3F340F9D-7988-4E40-9654-39F052B688AB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4594A338-4B58-4BE0-91AC-179C44159B29} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {48CE0A30-C198-4C58-A18B-2CDD6772D434} - System32\Tasks\Actualización del Navegador Yandex => C:\Users\User\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2916856 2019-05-07] (YANDEX LLC -> YANDEX LLC)
Task: {4E0BE97D-E8C6-487A-8631-5A2B40AD17B8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {567FB7CE-F163-4C12-9834-D65AE5EF3DF6} - System32\Tasks\Reparación del Servicio de actualización del Navegador Yandex => C:\Program Files (x86)\Yandex\YandexBrowser\19.4.2.702\service_update.exe [1681400 2019-05-07] (YANDEX LLC -> YANDEX LLC)
Task: {5C802F99-B54E-4F19-9DCD-1CDEAE49FF9E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-14] (Google Inc -> Google Inc.)
Task: {613A083C-17CD-47F4-AC35-96FC308E59CF} - System32\Tasks\Microsoft\Windows\Workplace Join\Device-Sync
Task: {675C327B-4247-4FF7-9D5B-FF00B5A4566D} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [122352 2019-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {6B6F91F0-660C-455A-834B-8A35C93BB646} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_pepper.exe [1452600 2019-05-14] (Adobe Inc. -> Adobe)
Task: {6C204F6C-F602-4673-9B33-DA71F93A09C1} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [644160 2019-05-15] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {72709C57-0C54-46BF-BD13-A0C8852B3311} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {783C61F9-AE2B-4AFC-AE60-E2FFCF66A967} - System32\Tasks\Update for Yandex Browser => C:\Users\User\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2916856 2019-05-07] (YANDEX LLC -> YANDEX LLC)
Task: {7A836507-68D7-4089-859B-F5E438BDC494} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648048 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {893435CD-DE47-4376-8E7A-2277B38B10A4} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [644160 2019-05-15] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {90C28B5C-2A50-48E1-9579-EEE75F1B1F2E} - System32\Tasks\Microsoft\Windows\StateRepository\MaintenanceTasks => %windir%\system32\rundll32.exe %windir%\system32\Windows.StateRepositoryClient.dll,StateRepositoryDoMaintenanceTasks
Task: {931C6062-C99D-4496-AF4C-6B521CF9371F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149440 2019-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {93CD9609-CC58-40A4-84B5-1E4C8DB13195} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2096088 2018-01-04] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {981A08AB-A28D-4561-8512-A515C0B09F16} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9B25CC8B-00FC-47D3-B834-F3E12ABCF9F1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {A2D35E37-FAE9-4E81-902F-755F31C7FF99} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A87D726D-E549-4522-B069-3CF218A914C1} - System32\Tasks\Opera scheduled Autoupdate 1553294838 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [1493592 2019-05-23] (Opera Software AS -> Opera Software)
Task: {A8E7B5C6-8C94-4527-9F70-FE38E2EB26F6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {ABB73255-C538-4C73-96F3-497B2B69CDD6} - System32\Tasks\ASUS\RC TweakIt Server Execute => C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe [7263160 2016-05-03] (ASUSTeK Computer Inc. -> )
Task: {ABBC5C5D-3A2B-47D6-B03B-01F1015D3168} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BFEA257D-B26F-42F7-823D-9A9895889AAC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {C0482ED2-E459-4C12-9D86-E7083F596236} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149440 2019-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {C46F767E-4A8F-4BE9-875F-DE6C0B4D09B4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C8D2B6F5-6C0D-4C28-AF40-D5B115F68FDC} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C941A98D-1974-440B-9279-B3264C7847E4} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194552 2019-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {CD8FEBA4-FB4E-42D9-B099-83BFFA575CDD} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CF047B2B-2610-47F5-984D-D563AE714C43} - System32\Tasks\Actualización del sistema del Navegador Yandex => C:\Program Files (x86)\Yandex\YandexBrowser\19.4.2.702\service_update.exe [1681400 2019-05-07] (YANDEX LLC -> YANDEX LLC)
Task: {CF50B3BD-E3CF-4FBD-8D39-EB1759228BEB} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [811520 2018-02-22] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {CF6558C6-C655-48BA-9197-2D2A8D611C2A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197064 2019-05-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {D36491B2-5DBC-4957-9BB3-58C1F7605530} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [4417496 2017-11-24] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {DF75FF40-D8A8-434E-BCC7-F0A87178F022} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194552 2019-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {E442FF0E-FF94-4BA7-BA2D-68AE43898191} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)
Task: {E5A8E8B9-CD57-4AEE-BB39-7A330765522D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E82BF923-6E16-4955-95F0-D5104FB806EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6204464 2019-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC8B0738-24A3-4C8C-998F-BAAF97B696A5} - System32\Tasks\Microsoft\OneCore\DirectX\DirectXDatabaseUpdater => C:\WINDOWS\system32\directxdatabaseupdater.exe [252928 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {ED88F63E-6A7A-4AD9-92B7-C7C3660BAEED} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [814872 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {F5A62882-A24E-45C0-A5D2-6202D59F46AC} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_User => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [5273176 2018-07-17] (Janos Mathe -> H.D.S. Hungary)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Actualización del Navegador Yandex.job => C:\Users\User\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
Task: C:\WINDOWS\Tasks\Actualización del sistema del Navegador Yandex.job => C:\Program Files (x86)\Yandex\YandexBrowser\19.4.2.702\service_update.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Reparación del Servicio de actualización del Navegador Yandex.job => C:\Program Files (x86)\Yandex\YandexBrowser\19.4.2.702\service_update.exe
Task: C:\WINDOWS\Tasks\Update for Yandex Browser.job => C:\Users\User\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 186.12.238.16 186.12.238.15
Tcpip\..\Interfaces\{c013fb23-205d-4e42-8090-eb5652c76f47}: [DhcpNameServer] 186.12.238.16 186.12.238.15

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2947481483-1064858154-3000073182-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-2947481483-1064858154-3000073182-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-05-26] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.8.0.0_neutral__v68kp9n051hdp [2019-05-29]
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.28.0.0_neutral__qq0fmhteeht3j [2019-05-29]

FireFox:
========
FF DefaultProfile: whrmbb43.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\whrmbb43.default [2019-05-30]
FF Homepage: Mozilla\Firefox\Profiles\whrmbb43.default -> about:blank
FF Extension: (Facebook Container) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\whrmbb43.default\Extensions\@contain-facebook.xpi [2019-05-25]
FF Extension: (Don't track me Google) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\whrmbb43.default\Extensions\dont-track-me-google@robwu.nl.xpi [2019-04-08]
FF Extension: (Diccionario español Argentina) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\whrmbb43.default\Extensions\es-AR@dictionaries.addons.mozilla.org.xpi [2019-04-08]
FF Extension: (LastPass: Free Password Manager) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\whrmbb43.default\Extensions\support@lastpass.com.xpi [2019-05-19]
FF Extension: (uBlock Origin) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\whrmbb43.default\Extensions\uBlock0@raymondhill.net.xpi [2019-05-25]
FF Extension: (Malwarebytes Browser Extension) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\whrmbb43.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2019-04-10]
FF Extension: (Google Analytics Opt-out) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\whrmbb43.default\Extensions\{2f182d41-fd03-4a6d-938d-081419586c37}.xpi [2019-04-11]
FF Extension: (NoScript) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\whrmbb43.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-05-23]
FF Extension: (CSS Exfil Protection) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\whrmbb43.default\Extensions\{7fc8ef53-24ec-4205-87a4-1e745953bb0d}.xpi [2019-04-07]
FF Extension: (Feedbro) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\whrmbb43.default\Extensions\{a9c2ad37-e940-4892-8dce-cd73c6cbbc0c}.xpi [2019-05-25]
FF Extension: (Violentmonkey) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\whrmbb43.default\Extensions\{aecec67f-0d10-4fa7-b7c7-609a2db280cf}.xpi [2019-05-11]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-05-30]
CHR Extension: (Presentaciones) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-14]
CHR Extension: (h264ify) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal [2019-05-13]
CHR Extension: (Documentos) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-14]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-04-16]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-14]
CHR Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-05-26]
CHR Extension: (Hojas de cálculo) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-16]
CHR Extension: (Complemento inhabilitación Google Analytics) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2019-05-04]
CHR Extension: (HTTPS Everywhere) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2019-05-14]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-05-19]
CHR Extension: (Malwarebytes Browser Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2019-05-04]
CHR Extension: (Herramienta de recuperación de Chromebooks) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2019-05-19]
CHR Extension: (Feedbro) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mefgmmbdailogpfhfblcnnjfmnpnmdfa [2019-05-19]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-04-14]
CHR Extension: (Canvas Blocker (Fingerprint protect)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nomnklagbgmgghhjidfhnoelnjfndfpd [2019-05-04]
CHR Extension: (uBlock Origin Extra) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgdnlhfefecpicbbihgmbmffkjpaplco [2019-05-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-24]

Opera:
=======
OPR Extension: (NoRef) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bdoadedoanjaohgkelkkheclfnnmpncd [2019-03-22]
OPR Extension: (MEGA) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2019-05-29]
OPR Extension: (Avira Browser Safety) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo [2019-04-05]
OPR Extension: (Decentraleyes) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\dpcjoohkkimnahbhbalbgabfjedoiohd [2019-03-23]
OPR Extension: (HTTPS Everywhere) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2019-03-22]
OPR Extension: (Disconnect) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\hciohocinlhbdkbjldffomiadmnhjnoj [2019-03-22]
OPR Extension: (Netcraft Extension) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\hhhfihlmbcifeafjbbjfkclpofddkalf [2019-03-22]
OPR Extension: (Google Analytics Opt-out (by Google)) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\hmffjpdmbgflojiohllanjaggdenggdo [2019-05-26]
OPR Extension: (LastPass: Free Password Manager) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2019-05-26]
OPR Extension: (uBlock Origin) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2019-05-27]
OPR Extension: (Install Chrome Extensions) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-03-25]
OPR Extension: (Privacy Badger) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\ldfkcgjipgfchpnojicdgpgiocoeelik [2019-03-22]
OPR Extension: (IP Domain Flag) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\nknnchdeakoneodhopnlnbjjmdkmmmpm [2019-03-26]
OPR Extension: (Smart RSS) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\nncgmpcdlilgbepbfpeidpjlcdfhmcfp [2019-03-27]
OPR Extension: (Canvas Defender) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\obdbgnebcljmgkoljcdddaopadkifnpm [2019-05-26]
OPR Extension: (minerBlock) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\ommpkaoknnopoeipocpeenjolbnabkfm [2019-03-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AarSvc; C:\WINDOWS\System32\AarSvc.dll [148992 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe [382424 2018-01-04] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] (ASUSTeK Computer Inc. -> ) [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe [1340376 2017-12-04] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 autotimesvc; C:\WINDOWS\System32\autotimesvc.dll [116224 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11147336 2019-05-15] (Microsoft Corporation -> Microsoft Corporation)
S3 CredentialEnrollmentManagerUserSvc; C:\WINDOWS\system32\CredentialEnrollmentManager.exe [380120 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 CredentialEnrollmentManagerUserSvc_2ff76; C:\WINDOWS\system32\CredentialEnrollmentManager.exe [380120 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 DeviceAssociationBrokerSvc; C:\WINDOWS\System32\deviceaccess.dll [231912 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 DeviceAssociationBrokerSvc; C:\WINDOWS\SysWOW64\deviceaccess.dll [185944 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4133232 2019-05-26] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 DispBrokerDesktopSvc; C:\WINDOWS\System32\DispBroker.Desktop.dll [396288 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [122352 2019-04-09] (Microsoft Corporation -> Microsoft Corporation)
S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [122352 2019-04-09] (Microsoft Corporation -> Microsoft Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [126880 2012-09-26] (Hewlett-Packard Company -> HP)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-11-09] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [758552 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [719640 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [5462864 2019-04-21] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MicrosoftEdgeBetaElevationService; C:\Program Files (x86)\Microsoft\Edge Beta\Application\75.0.139.20\elevation_service.exe [774088 2019-05-23] (Microsoft Corporation -> Microsoft Corporation)
S3 MicrosoftEdgeDevElevationService; C:\Program Files (x86)\Microsoft\Edge Dev\Application\76.0.167.1\elevation_service.exe [777152 2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [8162984 2019-02-17] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2303792 2019-05-25] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3175728 2019-05-25] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5773592 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 TroubleshootingSvc; C:\WINDOWS\system32\MitigationClient.dll [394752 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R2 UsoSvc; C:\WINDOWS\system32\usosvc.dll [509952 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\19.4.2.702\service_update.exe [1681400 2019-05-07] (YANDEX LLC -> YANDEX LLC)
S2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Acx01000; C:\WINDOWS\System32\drivers\Acx01000.sys [337920 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
S3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [18432 2019-03-19] (Microsoft Windows -> Advanced Micro Devices, Inc)
S3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [37888 2019-03-19] (Microsoft Windows -> Advanced Micro Devices, Inc)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-05-08] (ASUSTeK Computer Inc. -> )
R3 clwvd8; C:\WINDOWS\System32\drivers\clwvd8.sys [61056 2018-08-23] (CyberLink Corp. -> CyberLink Corporation)
R3 e1i65x64; C:\WINDOWS\System32\drivers\e1i65x64.sys [553984 2019-03-19] (Microsoft Windows -> Intel Corporation)
R0 FNETHYRAMAS; C:\WINDOWS\System32\drivers\FNETHYRAMAS.SYS [53848 2019-05-26] (FNet Co., Ltd. -> FNet Co., Ltd.)
R1 FNETURPX; C:\WINDOWS\System32\drivers\FNETURPX.SYS [16648 2019-05-26] (FNet Co., Ltd. -> FNet Co., Ltd.)
S3 genericusbfn; C:\WINDOWS\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_dbcdd1a51a139f61\genericusbfn.sys [20992 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1092112 2018-07-13] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S3 intelpmax; C:\WINDOWS\System32\drivers\intelpmax.sys [28672 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [34064 2017-12-26] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
S3 NDKPing; C:\WINDOWS\System32\drivers\NDKPing.sys [63488 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [79504 2017-03-12] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b49751b9038af669\nvlddmkm.sys [21836032 2019-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-03-28] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 portcfg; C:\WINDOWS\System32\drivers\portcfg.sys [25600 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
R3 UcmCxUcsiNvppc; C:\WINDOWS\system32\DRIVERS\UcmCxUcsiNvppc.sys [453000 2019-05-06] (NVIDIA Corporation -> NVIDIA Corporation)
R3 UEFI; C:\WINDOWS\System32\DriverStore\FileRepository\uefi.inf_amd64_245b553a99d0abd8\UEFI.sys [32776 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 UfxChipidea; C:\WINDOWS\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_a4b229fb37a19c3f\UfxChipidea.sys [108344 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R3 umbus; C:\WINDOWS\System32\DriverStore\FileRepository\umbus.inf_amd64_0a69be6a385b49f7\umbus.sys [57856 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 UrsChipidea; C:\WINDOWS\System32\DriverStore\FileRepository\urschipidea.inf_amd64_5bdb369042347ad7\urschipidea.sys [30008 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 UrsSynopsys; C:\WINDOWS\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_38704576f04a98fd\urssynopsys.sys [28472 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 usbaudio2; C:\WINDOWS\System32\drivers\usbaudio2.sys [257024 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: TroubleshootingSvc -> C:\Windows\system32\MitigationClient.dll (Microsoft Corporation)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-30 07:19 - 2019-05-30 07:20 - 000051572 _____ C:\Users\User\Desktop\FRST.txt
2019-05-30 07:19 - 2019-05-30 07:19 - 000000000 ____D C:\FRST
2019-05-30 07:16 - 2019-05-30 07:16 - 002435584 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2019-05-30 07:15 - 2019-05-30 07:15 - 000114821 _____ C:\Users\User\Desktop\32f433314eefb35f8d520482ad975094a771d812.jpeg
2019-05-30 07:11 - 2019-05-30 07:11 - 000000000 ___HD C:\OneDriveTemp
2019-05-30 06:59 - 2019-05-30 06:59 - 000001479 _____ C:\Users\User\Desktop\WinX HD Video Converter Deluxe.lnk
2019-05-30 06:59 - 2019-05-30 06:59 - 000000000 ____D C:\Users\User\AppData\Roaming\Digiarty
2019-05-30 06:59 - 2019-05-30 06:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
2019-05-30 06:59 - 2019-05-30 06:59 - 000000000 ____D C:\Program Files (x86)\Digiarty
2019-05-30 05:49 - 2019-05-30 05:49 - 000000000 ____D C:\Users\User\AppData\Local\niemiro
2019-05-29 18:51 - 2019-05-29 18:51 - 000000000 _____ C:\WINDOWS\diskptex.dat
2019-05-29 18:23 - 2019-05-29 18:27 - 000001600 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-05-29 18:23 - 2019-05-29 18:27 - 000001548 _____ C:\WINDOWS\ZAM.krnl.trace
2019-05-29 18:15 - 2019-05-29 19:13 - 000000000 ____D C:\WINDOWS\Minidump
2019-05-29 13:55 - 2019-05-29 13:56 - 000000000 ____D C:\Program Files (x86)\Doremisoft
2019-05-29 10:39 - 2019-05-29 10:39 - 000001726 _____ C:\Users\User\Desktop\AntiMalware.exe - Acceso directo.lnk
2019-05-28 15:34 - 2019-05-28 15:34 - 000000000 ____D C:\Users\User\AppData\Roaming\SSL Eye
2019-05-28 15:26 - 2019-05-28 15:26 - 000001255 _____ C:\Users\Public\Desktop\SSLEye.lnk
2019-05-28 15:26 - 2019-05-28 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSL EYE
2019-05-28 15:26 - 2019-05-28 15:26 - 000000000 ____D C:\Program Files (x86)\Eagle Eye Digital Solutions
2019-05-27 17:33 - 2019-05-23 13:25 - 000260512 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-05-27 17:33 - 2019-05-23 13:25 - 000260512 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-05-27 17:33 - 2019-05-23 13:24 - 001007008 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-05-27 17:33 - 2019-05-23 13:24 - 001007008 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-05-27 17:33 - 2019-05-23 13:24 - 000870304 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-05-27 17:33 - 2019-05-23 13:24 - 000870304 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-05-27 17:33 - 2019-05-23 13:24 - 000552352 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-05-27 17:33 - 2019-05-23 13:24 - 000457304 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-05-27 17:33 - 2019-05-23 13:24 - 000286624 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-05-27 17:33 - 2019-05-23 13:24 - 000286624 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-05-27 17:33 - 2019-05-23 13:23 - 011051968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-05-27 17:33 - 2019-05-23 13:23 - 009487240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-05-27 17:33 - 2019-05-23 13:22 - 000821120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2019-05-27 17:33 - 2019-05-23 13:22 - 000675016 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-05-27 17:33 - 2019-05-23 13:22 - 000631224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-05-27 17:33 - 2019-05-23 13:22 - 000541904 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-05-27 17:33 - 2019-05-23 13:22 - 000522120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-05-27 17:33 - 2019-05-23 13:21 - 005422040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-05-27 17:33 - 2019-05-23 13:21 - 004759640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-05-27 17:33 - 2019-05-23 13:21 - 002039768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-05-27 17:33 - 2019-05-23 13:21 - 001722456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6443086.dll
2019-05-27 17:33 - 2019-05-23 13:21 - 001542232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-05-27 17:33 - 2019-05-23 13:21 - 001470856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-05-27 17:33 - 2019-05-23 13:21 - 001467864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6443086.dll
2019-05-27 17:33 - 2019-05-23 13:21 - 001162200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-05-27 17:33 - 2019-05-23 13:21 - 001133824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-05-27 17:33 - 2019-05-23 13:21 - 000912472 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-05-27 17:33 - 2019-05-23 13:21 - 000808408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-05-27 17:33 - 2019-05-23 13:21 - 000654752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-05-27 17:33 - 2019-05-23 13:20 - 040412576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-05-27 17:33 - 2019-05-23 13:20 - 035269592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-05-27 17:33 - 2019-05-23 13:20 - 020190808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-05-27 17:33 - 2019-05-23 13:20 - 017467024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-05-27 17:33 - 2019-05-23 13:14 - 004340480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-05-26 20:04 - 2019-05-26 20:07 - 000000000 ____D C:\ProgramData\FNET
2019-05-26 20:04 - 2019-05-26 20:05 - 000000000 ____D C:\Users\User\AppData\Local\Disc_Soft_Ltd
2019-05-26 20:04 - 2017-12-26 01:58 - 000034064 ____N (ASUSTeK Computer Inc.) C:\WINDOWS\system32\Drivers\IOMap64.sys
2019-05-26 20:03 - 2019-05-26 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CloneDrive
2019-05-26 20:02 - 2019-05-26 20:02 - 000002097 _____ C:\Users\Public\Desktop\GameFirst IV.lnk
2019-05-26 20:02 - 2019-05-26 20:02 - 000000000 ____D C:\ProgramData\Caphyon
2019-05-26 20:02 - 2017-03-12 19:45 - 000079504 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\netfilter2.sys
2019-05-26 20:01 - 2019-05-26 20:01 - 000000856 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2019-05-26 20:01 - 2019-05-26 20:01 - 000000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2019-05-26 20:01 - 2019-05-26 20:01 - 000000000 ____D C:\Users\User\AppData\Roaming\ASUSTeK COMPUTER INC
2019-05-26 20:01 - 2019-05-26 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\DAEMON Tools Lite
2019-05-26 20:01 - 2019-05-26 20:01 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2019-05-26 19:58 - 2019-05-29 21:14 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2019-05-26 19:57 - 2016-04-29 13:56 - 000192512 _____ (ASUSTeK Computer Inc.) C:\WINDOWS\SysWOW64\Drivers\UpdateHelper.dll
2019-05-26 19:57 - 2016-04-29 13:56 - 000011832 _____ C:\WINDOWS\SysWOW64\Drivers\AsInsHelp64.sys
2019-05-26 19:57 - 2016-04-29 13:56 - 000010216 _____ C:\WINDOWS\SysWOW64\Drivers\AsInsHelp32.sys
2019-05-26 19:56 - 2019-05-26 19:56 - 000053848 _____ (FNet Co., Ltd.) C:\WINDOWS\system32\Drivers\FNETHYRAMAS.SYS
2019-05-26 19:56 - 2019-05-26 19:56 - 000016648 _____ (FNet Co., Ltd.) C:\WINDOWS\system32\Drivers\FNETURPX.SYS
2019-05-26 19:56 - 2019-05-26 19:56 - 000001985 _____ C:\Users\Public\Desktop\RamCache II.LNK
2019-05-26 19:56 - 2019-05-26 19:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RamCache II
2019-05-26 19:56 - 2019-05-26 19:56 - 000000000 ____D C:\Program Files (x86)\RamCache II
2019-05-26 19:56 - 2012-03-22 16:10 - 000014848 _____ (ASUSTek Computer Inc.) C:\WINDOWS\SysWOW64\Drivers\AiCharger.sys
2019-05-26 19:54 - 2019-05-26 20:04 - 000000000 ____D C:\ProgramData\ASUS
2019-05-26 19:54 - 2019-05-26 19:57 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2019-05-26 19:53 - 2019-05-26 20:03 - 000001990 _____ C:\Users\Public\Desktop\CloneDrive.LNK
2019-05-26 19:53 - 2019-05-26 20:03 - 000000000 ____D C:\Program Files (x86)\CloneDrive
2019-05-26 19:15 - 2019-05-26 19:15 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Studio 3.lnk
2019-05-26 19:15 - 2019-05-26 19:15 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Radar 3.lnk
2019-05-26 19:15 - 2019-05-26 19:15 - 000000000 ____D C:\Program Files\ASUSTeKcomputer.Inc
2019-05-26 15:09 - 2019-05-26 19:20 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2019-05-26 15:09 - 2019-05-26 19:15 - 000000000 ____D C:\ProgramData\SS3
2019-05-26 15:08 - 2019-05-26 19:20 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2019-05-26 15:08 - 2019-05-26 15:08 - 000000000 ____D C:\Program Files\Realtek
2019-05-26 15:08 - 2018-02-28 18:00 - 000343672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2019-05-26 15:08 - 2018-02-28 17:59 - 003452112 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2019-05-26 15:08 - 2018-02-28 17:59 - 001353288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2019-05-26 15:08 - 2018-02-28 17:59 - 000692128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2019-05-26 15:08 - 2018-02-28 17:59 - 000392832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2019-05-26 15:08 - 2018-02-28 17:59 - 000192944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2019-05-26 15:08 - 2018-02-28 17:58 - 003632456 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2019-05-26 15:08 - 2018-02-28 17:58 - 003198528 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2019-05-26 15:08 - 2018-02-28 17:57 - 000366088 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2019-05-26 15:08 - 2018-02-28 17:54 - 003677120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2019-05-26 15:08 - 2018-02-28 17:54 - 003214672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2019-05-26 15:08 - 2018-02-28 17:53 - 072520680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2019-05-26 15:08 - 2018-02-28 17:53 - 006173640 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2019-05-26 15:08 - 2018-02-28 17:53 - 002939728 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2019-05-26 15:08 - 2018-02-28 17:53 - 000023656 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2019-05-26 15:08 - 2018-02-28 17:51 - 000118552 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2019-05-26 15:08 - 2018-02-28 17:51 - 000105264 _____ C:\WINDOWS\system32\audioLibVc.dll
2019-05-26 15:08 - 2018-02-28 13:22 - 013687502 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2019-05-26 15:08 - 2018-02-28 13:22 - 005804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2019-05-26 12:34 - 2019-05-26 12:34 - 000000000 ____D C:\Users\User\AppData\LocalLow\Temp
2019-05-24 15:08 - 2019-05-24 15:08 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evorim
2019-05-24 15:08 - 2019-05-24 15:08 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evorim
2019-05-24 15:08 - 2019-05-24 15:08 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evorim
2019-05-24 12:17 - 2019-05-24 12:17 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\ClockworkMod
2019-05-24 12:17 - 2019-05-24 12:17 - 000000000 ____D C:\Program Files (x86)\ClockworkMod
2019-05-23 09:37 - 2019-05-23 09:45 - 000000000 ____D C:\ProgramData\RogueKiller
2019-05-23 06:42 - 2019-05-23 09:54 - 000000000 ____D C:\ProgramData\osquery
2019-05-22 19:08 - 2019-05-22 19:08 - 000000000 ____D C:\SWTOOLS
2019-05-22 16:40 - 2019-05-22 16:40 - 000001052 _____ C:\Users\User\Desktop\OBS Studio.lnk
2019-05-22 15:12 - 2019-05-22 16:38 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
2019-05-22 13:39 - 2019-05-22 19:32 - 000000000 ____D C:\Users\User\AppData\Roaming\Comodo
2019-05-22 11:03 - 2019-05-22 11:03 - 000002250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam 8.lnk
2019-05-22 11:03 - 2019-05-22 11:03 - 000002238 _____ C:\Users\Public\Desktop\CyberLink YouCam 8.lnk
2019-05-22 11:03 - 2019-05-22 11:03 - 000001974 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam 8 Mirror.lnk
2019-05-22 11:03 - 2019-05-22 11:03 - 000000000 ____D C:\Users\User\AppData\Local\CyberLink
2019-05-22 11:03 - 2018-08-23 14:56 - 000061056 _____ (CyberLink Corporation) C:\WINDOWS\system32\Drivers\clwvd8.sys
2019-05-22 11:02 - 2019-05-22 11:03 - 000000000 ____D C:\Program Files (x86)\CyberLink
2019-05-22 11:02 - 2019-05-22 11:02 - 000000000 ____D C:\ProgramData\install_clap
2019-05-22 11:02 - 2019-05-22 11:02 - 000000000 ____D C:\ProgramData\install_backup
2019-05-22 11:02 - 2019-05-22 11:02 - 000000000 ____D C:\ProgramData\CLSK
2019-05-22 10:57 - 2019-05-22 11:02 - 305822056 _____ C:\Users\User\Downloads\YouCam_8.0.1411.0_Essential_Essential_YUC190116-01.exe
2019-05-22 09:46 - 2019-05-22 09:51 - 000000000 ____D C:\Users\User\AppData\Local\Deployment
2019-05-21 10:15 - 2019-05-21 19:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-05-21 09:08 - 2019-05-21 09:08 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-05-21 09:08 - 2019-05-21 09:08 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-05-21 09:07 - 2019-05-21 09:08 - 025444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-05-21 09:07 - 2019-05-21 09:07 - 009917968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-21 09:07 - 2019-05-21 09:07 - 007636608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-21 09:07 - 2019-05-21 09:07 - 006538848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-21 09:07 - 2019-05-21 09:07 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-21 09:07 - 2019-05-21 09:07 - 004537344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-21 09:07 - 2019-05-21 09:07 - 004128904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-05-21 09:07 - 2019-05-21 09:07 - 002769976 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-21 09:07 - 2019-05-21 09:07 - 002494464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-05-21 09:07 - 2019-05-21 09:07 - 002256592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-21 09:07 - 2019-05-21 09:07 - 001633648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-05-21 09:07 - 2019-05-21 09:07 - 001392136 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-21 09:07 - 2019-05-21 09:07 - 001071928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-21 09:07 - 2019-05-21 09:07 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-05-21 09:07 - 2019-05-21 09:07 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2019-05-20 15:09 - 2019-05-22 19:19 - 000002604 _____ C:\Users\User\Desktop\balenaEtcher.lnk
2019-05-20 15:09 - 2019-05-20 15:10 - 000000000 ____D C:\Users\User\AppData\Roaming\balena-etcher
2019-05-20 15:09 - 2019-05-20 15:09 - 000002455 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\balenaEtcher.lnk
2019-05-20 15:09 - 2019-05-20 15:09 - 000000000 ____D C:\Users\User\AppData\Roaming\balenaEtcher
2019-05-20 15:09 - 2019-05-20 15:09 - 000000000 ____D C:\Users\User\AppData\Local\balena-etcher-updater
2019-05-19 16:24 - 2019-05-19 16:24 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome
2019-05-19 12:47 - 2019-05-19 12:47 - 000003794 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2019-05-15 17:08 - 2019-05-15 17:08 - 025903104 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 022611456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 019849728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 018007040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 007887104 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 007759872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 007275008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 006068328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 005939712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 005924864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 005499904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 004576768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 004562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-05-15 17:08 - 2019-05-15 17:08 - 004306944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 003947520 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 003837440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 003771392 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 003726336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-15 17:08 - 2019-05-15 17:08 - 003682304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 003591184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-15 17:08 - 2019-05-15 17:08 - 003485696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-15 17:08 - 2019-05-15 17:08 - 002724352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-15 17:08 - 2019-05-15 17:08 - 002281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 001999656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 001853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 001753000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-15 17:08 - 2019-05-15 17:08 - 001745408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 001689600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 001508912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-15 17:08 - 2019-05-15 17:08 - 001458176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 001435136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-05-15 17:08 - 2019-05-15 17:08 - 001418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-15 17:08 - 2019-05-15 17:08 - 001395600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 001282560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 001149928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-15 17:08 - 2019-05-15 17:08 - 001042944 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2019-05-15 17:08 - 2019-05-15 17:08 - 001007160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 001007104 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000879576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-15 17:08 - 2019-05-15 17:08 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000781096 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-15 17:08 - 2019-05-15 17:08 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000679368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000673080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000613688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000568120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-15 17:08 - 2019-05-15 17:08 - 000515896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-15 17:08 - 2019-05-15 17:08 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2019-05-15 17:08 - 2019-05-15 17:08 - 000466624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000451896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-15 17:08 - 2019-05-15 17:08 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000404392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2019-05-15 17:08 - 2019-05-15 17:08 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000274128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-15 17:08 - 2019-05-15 17:08 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-15 17:08 - 2019-05-15 17:08 - 000223248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-15 17:08 - 2019-05-15 17:08 - 000220472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-15 17:08 - 2019-05-15 17:08 - 000208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-15 17:08 - 2019-05-15 17:08 - 000201256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-15 17:08 - 2019-05-15 17:08 - 000199688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-15 17:08 - 2019-05-15 17:08 - 000199184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-15 17:08 - 2019-05-15 17:08 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-15 17:08 - 2019-05-15 17:08 - 000180536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-15 17:08 - 2019-05-15 17:08 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-15 17:08 - 2019-05-15 17:08 - 000146744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2019-05-15 17:08 - 2019-05-15 17:08 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000136720 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2019-05-15 17:08 - 2019-05-15 17:08 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-05-15 17:08 - 2019-05-15 17:08 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2019-05-15 17:08 - 2019-05-15 17:08 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-15 17:08 - 2019-05-15 17:08 - 000066360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000056008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-15 17:08 - 2019-05-15 17:08 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2019-05-15 17:08 - 2019-05-15 17:08 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDJPN.DLL
2019-05-15 10:37 - 2019-05-15 10:37 - 000003422 _____ C:\WINDOWS\System32\Tasks\AMSkipUAC
2019-05-13 06:15 - 2019-05-14 09:12 - 000004624 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-05-13 06:15 - 2019-05-13 07:12 - 000004430 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-05-13 05:47 - 2019-05-30 07:11 - 000000524 _____ C:\WINDOWS\Tasks\Actualización del sistema del Navegador Yandex.job
2019-05-13 05:47 - 2019-05-30 07:11 - 000000488 _____ C:\WINDOWS\Tasks\Reparación del Servicio de actualización del Navegador Yandex.job
2019-05-13 05:47 - 2019-05-30 07:11 - 000000472 _____ C:\WINDOWS\Tasks\Actualización del Navegador Yandex.job
2019-05-13 05:47 - 2019-05-22 19:24 - 000003550 _____ C:\WINDOWS\System32\Tasks\Actualización del Navegador Yandex
2019-05-13 05:47 - 2019-05-22 19:19 - 000002669 _____ C:\Users\User\Desktop\Yandex Browser.lnk
2019-05-13 05:47 - 2019-05-13 07:15 - 000000454 _____ C:\WINDOWS\Tasks\Update for Yandex Browser.job
2019-05-13 05:47 - 2019-05-13 05:52 - 000000000 ____D C:\Users\User\AppData\Roaming\Yandex
2019-05-13 05:47 - 2019-05-13 05:47 - 000003718 _____ C:\WINDOWS\System32\Tasks\Actualización del sistema del Navegador Yandex
2019-05-13 05:47 - 2019-05-13 05:47 - 000003616 _____ C:\WINDOWS\System32\Tasks\Reparación del Servicio de actualización del Navegador Yandex
2019-05-13 05:47 - 2019-05-13 05:47 - 000003514 _____ C:\WINDOWS\System32\Tasks\Update for Yandex Browser
2019-05-13 05:47 - 2019-05-13 05:47 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex Browser
2019-05-13 05:47 - 2019-05-13 05:47 - 000000000 ____D C:\Users\User\AppData\Local\Yandex
2019-05-13 05:47 - 2019-05-13 05:47 - 000000000 ____D C:\ProgramData\Yandex
2019-05-13 05:47 - 2019-05-13 05:47 - 000000000 ____D C:\Program Files (x86)\Yandex
2019-05-12 12:30 - 2019-05-12 12:30 - 000000000 ____D C:\Users\User\OneDrive - 广厚设计学校\Documentos\samsung
2019-05-12 12:29 - 2019-05-12 12:29 - 000000000 ____D C:\Users\User\AppData\Local\Downloaded Installations
2019-05-12 10:50 - 2017-01-16 03:26 - 001499408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2019-05-11 19:40 - 2019-05-12 06:17 - 000012928 _____ C:\WINDOWS\SysWOW64\qengineOff.ini
2019-05-11 19:40 - 2019-05-12 06:17 - 000012928 _____ C:\WINDOWS\system32\qengineOff.ini
2019-05-11 19:40 - 2019-05-12 06:17 - 000000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2019-05-11 16:31 - 2019-05-11 16:33 - 000000000 ____D C:\Users\User\AppData\Roaming\Research In Motion
2019-05-11 16:31 - 2019-05-11 16:31 - 000000000 ____D C:\Users\User\AppData\Roaming\XCPCSync.OEM
2019-05-11 16:31 - 2019-05-11 16:31 - 000000000 ____D C:\Users\User\AppData\Local\Research In Motion
2019-05-11 16:31 - 2019-05-11 16:31 - 000000000 ____D C:\ProgramData\Research In Motion
2019-05-11 16:31 - 2019-05-11 16:31 - 000000000 _____ C:\WINDOWS\SysWOW64\out.txt
2019-05-11 16:31 - 2019-05-11 16:31 - 000000000 _____ C:\WINDOWS\SysWOW64\err.txt
2019-05-11 16:30 - 2019-05-11 16:30 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2019-05-11 16:30 - 2012-12-10 16:48 - 000044544 _____ (Research in Motion Ltd) C:\WINDOWS\system32\Drivers\RimSerial_AMD64.sys
2019-05-11 13:37 - 2019-05-22 19:19 - 000002603 _____ C:\Users\User\Desktop\odio.lnk
2019-05-11 13:37 - 2019-05-11 13:37 - 000002454 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\odio.lnk
2019-05-11 13:37 - 2019-05-11 13:37 - 000000000 ____D C:\Users\User\AppData\Roaming\odio
2019-05-11 10:25 - 2019-05-11 10:25 - 000000000 ____D C:\ProgramData\Applications
2019-05-11 07:54 - 2019-05-11 07:54 - 000000000 ____D C:\WINDOWS\ERUNT
2019-05-11 07:47 - 2019-05-15 09:16 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-05-11 06:37 - 2019-05-23 18:58 - 000002357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge Beta.lnk
2019-05-11 06:37 - 2019-05-23 18:58 - 000002316 _____ C:\Users\Public\Desktop\Microsoft Edge Beta.lnk
2019-05-10 20:09 - 2019-05-10 20:09 - 000000000 ____D C:\Users\User\OneDrive - 广厚设计学校\Documentos\SideSync
2019-05-10 19:58 - 2019-05-10 19:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2019-05-10 19:57 - 2019-05-10 19:57 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ss_conn_usb_driver_01007.Wdf
2019-05-10 18:58 - 2019-05-10 18:58 - 000000000 ____D C:\Users\User\AppData\Local\CrashRpt
2019-05-10 18:09 - 2016-06-18 01:49 - 000178872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hadrres.dll
2019-05-10 18:09 - 2016-06-18 01:45 - 000104640 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL$FCEMS-sqlctr12.2.5000.0.dll
2019-05-10 18:09 - 2014-02-21 06:27 - 000081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fssres.dll
2019-05-10 18:09 - 2014-02-21 06:20 - 000056000 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL12.FCEMS-sqlagtctr.dll
2019-05-10 18:08 - 2019-05-29 21:14 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2019-05-10 18:08 - 2019-05-29 21:14 - 000000000 ____D C:\WINDOWS\system32\1033
2019-05-10 11:36 - 2019-05-06 02:35 - 001468000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvppcgenco64_1127831.dll
2019-05-10 11:36 - 2019-05-06 02:35 - 000453000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\UcmCxUcsiNvppc.sys
2019-05-06 21:17 - 2019-05-06 21:32 - 000000000 ____D C:\Users\User\OneDrive - 广厚设计学校\Documentos\Fiddler2
2019-05-06 20:31 - 2019-05-29 21:14 - 000000000 ____D C:\Program Files (x86)\KeyCryptSDK
2019-05-06 13:47 - 2019-05-30 06:54 - 000000000 ____D C:\Users\User\AppData\Roaming\obs-studio
2019-05-06 13:47 - 2019-05-06 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2019-05-06 13:47 - 2019-05-06 13:47 - 000000000 ____D C:\Program Files\obs-studio
2019-05-06 12:00 - 2019-05-06 12:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\2BrightSparks
2019-05-04 19:34 - 2019-05-04 19:34 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\B294C36B.sys
2019-05-04 19:22 - 2019-05-16 08:23 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-04 19:22 - 2019-05-04 19:22 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-05-04 19:22 - 2019-05-04 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-04 19:22 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-05-04 18:55 - 2019-05-04 19:22 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2019-05-04 16:00 - 2019-05-04 16:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\HardDiskSentinel
2019-05-04 13:11 - 2019-05-04 13:11 - 008010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 007831368 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 007006720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 003734456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 002990600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-05-04 13:11 - 2019-05-04 13:11 - 002762472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 002699280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-05-04 13:11 - 2019-05-04 13:11 - 002550584 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 002449216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 002420736 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 002081464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001954960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001830416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001784832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001709056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001608704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001562640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001505808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001258496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001213456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001079296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000913408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000811192 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-04 13:11 - 2019-05-04 13:11 - 000811192 _____ C:\WINDOWS\system32\locale.nls
2019-05-04 13:11 - 2019-05-04 13:11 - 000804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-05-04 13:11 - 2019-05-04 13:11 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000680760 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2019-05-04 13:11 - 2019-05-04 13:11 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000358944 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-05-04 13:11 - 2019-05-04 13:11 - 000279624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-05-04 13:11 - 2019-05-04 13:11 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-05-04 13:11 - 2019-05-04 13:11 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-05-04 13:00 - 2019-05-04 13:00 - 000000000 ____D C:\Users\User\AppData\Local\OneDrive
2019-05-04 12:57 - 2019-05-30 06:58 - 000000000 ____D C:\Users\User\Desktop\COSAS

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-30 07:16 - 2019-04-09 13:53 - 002010868 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-30 07:16 - 2019-03-19 08:49 - 000869950 _____ C:\WINDOWS\system32\perfh00A.dat
2019-05-30 07:16 - 2019-03-19 08:49 - 000193894 _____ C:\WINDOWS\system32\perfc00A.dat
2019-05-30 07:16 - 2019-03-19 01:50 - 000000000 ____D C:\WINDOWS\INF
2019-05-30 07:13 - 2019-04-23 18:45 - 000004218 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8CC666B1-5C6C-4F12-ABDE-81A518C1AD41}
2019-05-30 07:13 - 2019-02-14 18:34 - 000000000 ____D C:\ProgramData\NVIDIA
2019-05-30 07:11 - 2019-04-09 13:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-30 07:11 - 2019-03-20 15:21 - 000000000 ____D C:\Users\User\AppData\Local\Battle.net
2019-05-30 07:11 - 2019-03-19 01:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-30 07:11 - 2018-11-26 11:15 - 000000000 ___RD C:\Users\User\OneDrive
2019-05-30 07:10 - 2019-03-19 01:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-05-30 07:02 - 2019-02-02 07:33 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2019-05-30 06:15 - 2019-04-09 13:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-30 05:53 - 2019-03-19 01:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-30 05:21 - 2019-02-14 18:42 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2019-05-29 22:13 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2019-05-29 22:13 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-05-29 22:13 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-05-29 22:13 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2019-05-29 22:13 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-05-29 22:13 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-29 22:13 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-05-29 22:13 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-29 21:14 - 2019-04-09 13:38 - 000000000 ____D C:\Users\DefaultAppPool
2019-05-29 21:14 - 2019-03-20 15:21 - 000000000 ____D C:\Users\User\AppData\Roaming\Battle.net
2019-05-29 21:14 - 2019-03-19 01:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-29 21:14 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-05-29 21:14 - 2019-02-25 07:01 - 000000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2019-05-29 21:14 - 2019-02-15 09:43 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2019-05-29 21:14 - 2019-02-14 18:34 - 000000000 ____D C:\WINDOWS\system32\DAX3
2019-05-29 21:14 - 2019-02-14 18:34 - 000000000 ____D C:\WINDOWS\system32\DAX2
2019-05-29 21:13 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\registration
2019-05-29 19:13 - 2018-11-26 11:08 - 000284737 ____N C:\WINDOWS\Minidump\052919-8843-01.dmp
2019-05-29 19:11 - 2018-11-26 11:08 - 000284737 _____ C:\DUMP1a6d.tmp
2019-05-29 18:24 - 2019-03-03 10:39 - 000000000 ____D C:\Users\User\Desktop\Nueva carpeta
2019-05-29 18:22 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-05-29 18:22 - 2019-02-14 21:26 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-05-29 18:15 - 2018-11-26 11:08 - 000292961 ____N C:\WINDOWS\Minidump\052919-9953-01.dmp
2019-05-29 18:10 - 2018-11-26 11:08 - 000283233 _____ C:\DUMP4287.tmp
2019-05-29 18:05 - 2018-11-26 11:08 - 000286305 _____ C:\DUMP1b09.tmp
2019-05-29 14:18 - 2019-03-21 20:06 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2019-05-29 13:26 - 2019-04-09 13:59 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2947481483-1064858154-3000073182-1001
2019-05-29 13:26 - 2019-04-09 13:38 - 000002364 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-29 10:21 - 2019-02-26 11:49 - 000000000 ____D C:\Users\User\AppData\Local\AMSDK
2019-05-29 10:20 - 2019-04-12 17:40 - 000000000 ____D C:\Users\User\AppData\Local\Zemana
2019-05-29 04:57 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-29 04:57 - 2019-02-14 18:42 - 000000000 ____D C:\ProgramData\Packages
2019-05-28 18:10 - 2019-02-14 19:01 - 000001252 _____ C:\Users\User\Desktop\AIDA64 Extreme.lnk
2019-05-28 15:51 - 2019-03-26 06:04 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2019-05-28 15:51 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\ModemLogs
2019-05-28 15:51 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-05-28 15:49 - 2019-04-25 08:30 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-05-28 15:49 - 2019-04-25 08:30 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-05-28 14:08 - 2019-03-21 09:26 - 000000000 ____D C:\Users\User\OneDrive - 广厚设计学校\Documentos\Sound recordings
2019-05-28 10:21 - 2019-04-05 06:26 - 000000000 ____D C:\ProgramData\HitmanPro
2019-05-27 17:35 - 2019-03-30 11:57 - 000000000 ____D C:\Temp
2019-05-27 17:34 - 2019-02-14 18:51 - 000000000 ____D C:\Users\User\AppData\Local\NVIDIA
2019-05-26 20:04 - 2019-02-14 19:42 - 000000000 ____D C:\Program Files\WinRAR
2019-05-26 20:02 - 2019-01-18 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2019-05-26 20:01 - 2019-02-14 18:58 - 000000000 ____D C:\Program Files (x86)\ASUS
2019-05-26 19:57 - 2019-02-14 18:59 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-05-26 19:52 - 2018-11-26 12:27 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-05-26 19:52 - 2018-11-26 12:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-05-26 19:15 - 2019-02-14 18:59 - 000000000 ___HD C:\Program Files (x86)\Temp
2019-05-26 19:15 - 2019-02-14 18:50 - 000000000 ____D C:\ProgramData\Package Cache
2019-05-26 18:56 - 2019-02-14 19:44 - 000000000 ____D C:\Program Files\Microsoft Office
2019-05-26 15:56 - 2019-03-19 15:09 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2019-05-26 14:47 - 2019-04-09 13:51 - 000457224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-24 15:04 - 2019-04-09 17:40 - 000002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge Dev.lnk
2019-05-24 15:04 - 2019-04-09 17:40 - 000002303 _____ C:\Users\Public\Desktop\Microsoft Edge Dev.lnk
2019-05-24 14:22 - 2019-03-19 01:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-24 12:18 - 2019-02-14 19:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-05-24 12:18 - 2019-02-14 19:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-24 12:06 - 2019-02-14 19:31 - 000001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2019-05-23 16:36 - 2019-04-09 13:59 - 000004206 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1553294838
2019-05-23 16:36 - 2019-03-22 19:47 - 000001400 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2019-05-23 13:14 - 2019-03-26 08:34 - 005085672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-05-23 11:16 - 2019-02-14 21:26 - 000000101 _____ C:\WINDOWS\win.ini
2019-05-23 11:13 - 2019-03-22 08:23 - 000000000 ____D C:\Users\User\OneDrive - 广厚设计学校\Documentos\YouCam
2019-05-23 11:13 - 2019-02-14 18:42 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2019-05-22 20:39 - 2019-03-26 08:34 - 000052456 _____ C:\WINDOWS\system32\nvinfo.pb
2019-05-22 20:01 - 2019-03-19 01:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-05-22 19:19 - 2019-04-13 19:01 - 000002486 _____ C:\Users\User\Desktop\Vivaldi.lnk
2019-05-22 19:01 - 2019-02-14 18:34 - 005432688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-05-22 19:01 - 2019-02-14 18:34 - 002637808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-05-22 19:01 - 2019-02-14 18:34 - 001767920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-05-22 19:01 - 2019-02-14 18:34 - 000650608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-05-22 19:01 - 2019-02-14 18:34 - 000450872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-05-22 19:01 - 2019-02-14 18:34 - 000125240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-05-22 19:01 - 2019-02-14 18:34 - 000083440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-05-22 18:25 - 2019-02-14 18:51 - 000000000 ____D C:\Users\User\AppData\Local\NVIDIA Corporation
2019-05-22 15:12 - 2019-04-18 17:22 - 000000000 ____D C:\Users\User\AppData\Local\SquirrelTemp
2019-05-22 12:03 - 2019-02-14 18:34 - 008579232 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-05-22 11:08 - 2019-03-22 08:22 - 000000000 ___HD C:\ProgramData\CyberLink
2019-05-22 11:03 - 2019-03-22 08:23 - 000000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2019-05-22 09:50 - 2019-02-15 11:44 - 000000320 _____ C:\Users\User\Desktop\Magic The Gathering Online - 1 .appref-ms
2019-05-22 09:50 - 2019-02-03 18:18 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast, LLC
2019-05-21 15:52 - 2019-02-14 19:24 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-21 15:52 - 2019-02-14 19:24 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-21 10:15 - 2019-03-17 11:11 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-19 12:51 - 2019-04-09 17:38 - 000003480 _____ C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2019-05-19 12:51 - 2019-04-09 17:38 - 000003356 _____ C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2019-05-19 12:51 - 2018-11-26 17:15 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-15 17:11 - 2019-03-19 01:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-15 10:37 - 2019-04-12 17:40 - 000003556 _____ C:\WINDOWS\System32\Tasks\AMHelper
2019-05-15 05:11 - 2019-03-20 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2019-05-15 05:11 - 2019-03-20 12:10 - 000000000 ____D C:\Program Files (x86)\Sophos
2019-05-15 02:46 - 2019-04-09 13:59 - 000003556 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 02:46 - 2019-04-09 13:59 - 000003432 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-14 18:18 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-05-14 17:28 - 2019-03-19 01:56 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-14 17:28 - 2019-03-19 01:56 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-14 17:28 - 2019-02-14 22:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 17:26 - 2019-02-14 22:15 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-14 17:09 - 2019-03-19 01:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-05-14 09:12 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-05-14 09:12 - 2019-03-19 01:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-05-13 11:14 - 2018-12-16 12:14 - 000000000 ____D C:\Users\User\OneDrive - 广厚设计学校\Documentos\Diablo III
2019-05-11 10:50 - 2019-01-31 14:54 - 000000000 ____D C:\Users\User\Downloads\blue
2019-05-10 18:01 - 2019-03-25 20:40 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2019-05-08 08:42 - 2019-04-13 19:01 - 000002366 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2019-05-08 08:42 - 2019-04-13 19:00 - 000000000 ____D C:\Users\User\AppData\Local\Vivaldi
2019-05-04 19:34 - 2019-04-18 18:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-04 16:00 - 2019-02-15 09:43 - 000001160 _____ C:\Users\User\Desktop\Hard Disk Sentinel.lnk
2019-05-04 16:00 - 2018-11-26 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
2019-05-04 12:52 - 2019-02-26 10:00 - 000000000 ____D C:\Users\User\AppData\Local\ESET

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05.2019
Ran by User (30-05-2019 07:20:36)
Running from C:\Users\User\Desktop
Windows 10 Pro Version 1903 18362.116 (X64) (2019-04-09 16:59:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2947481483-1064858154-3000073182-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2947481483-1064858154-3000073182-503 - Limited - Disabled)
Invitado (S-1-5-21-2947481483-1064858154-3000073182-501 - Limited - Disabled)
User (S-1-5-21-2947481483-1064858154-3000073182-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-2947481483-1064858154-3000073182-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actualización de NVIDIA 36.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 36.0.0.0 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.192 - Adobe)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 3.00.13 - ASUSTeK Computer Inc.)
AIDA64 Extreme v6.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.00 - FinalWire Ltd.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.49.1 - Asmedia Technology)
Assassin's Creed Unity (HKLM-x32\...\Uplay Install 720) (Version: - Ubisoft)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.05.02 - ASUSTeK Computer Inc.)
Asus ApoDispatchConfigurator (HKLM\...\{4FEB3307-A0EF-4385-9C8F-4B4C1503311C}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden
Asus AudioCaptureNotificationConfigurator (HKLM\...\{04C5CE55-7F32-4D2D-AEA2-FDC03E8F65CC}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden
Asus DeviceRoutingConfigurator (HKLM\...\{AC306567-A1B7-4208-8FED-97CF535050BC}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden
Asus NahimicSettingsConfigurator (HKLM\...\{4354E970-FFD1-4354-BB44-A23C4C4DDB28}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden
Asus ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.6.3401 - ASUSTeK COMPUTER INC) Hidden
Asus ProfileSwitcherCleanup (HKLM\...\{1C7D230F-66FA-4302-80F7-33EFE7EFED4F}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Hidden
ASUS ROG Connect Plus (HKLM-x32\...\{ECF51D37-52ED-4871-BF8B-FEA34B8B4120}) (Version: 1.00.35 - ASUSTeK Computer Inc.)
Asus Sonic Radar 3 (HKLM-x32\...\{379946d7-d0d7-4395-87e8-8097ca734c8a}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC)
Asus Sonic Studio 3 (HKLM-x32\...\{13df6180-9a6f-4b9b-bfb8-3741c3af4e01}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC)
Asus SonicMapperConfigurator (HKLM\...\{6FD5072F-7FCE-4F73-BAB0-98251FF891CE}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Hidden
Asus SonicRadar3Setup (HKLM\...\{B938DE12-4F3D-4068-9649-E5A9E3CB464C}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Hidden
Asus SonicStudio3Setup (HKLM\...\{4F5EDE91-E41F-428B-BE5D-EB185BE9007A}) (Version: 3.6.34.49403 - ASUSTeK COMPUTER INC) Hidden
balenaEtcher 1.5.39 (HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.5.39 - Balena Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
CloneDrive (HKLM-x32\...\CloneDrive) (Version: 1.00.07 - ASUSTeKcomputer Inc)
Complete Internet Repair 5.2.3.4010 (HKLM\...\Complete Internet Repair_is1) (Version: 5.2.3.4010 - Rizonesoft)
CrystalDiskInfo 8.0.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.0.0 - Crystal Dew World)
CyberLink YouCam 8 (HKLM-x32\...\{704F43D3-B221-4379-A878-355DFED0FC2B}) (Version: 8.0.1411.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.10.0.0779 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 425.31 - NVIDIA Corporation) Hidden
Galería de fotos (HKLM-x32\...\{F7314CA2-F900-46D7-9EA1-FBDD9D73F765}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GameFirst IV (HKLM-x32\...\{CF8E6767-AF00-47A9-9F68-C583556BE3D9}) (Version: 1.7.2.0 - ASUSTeK COMPUTER INC.) Hidden
GameFirst IV (HKLM-x32\...\GameFirst IV 1.7.2.0) (Version: 1.7.2.0 - ASUSTeK COMPUTER INC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Hard Disk Sentinel (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: 5.30 - Janos Mathe)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
hppLaserJetService (HKLM-x32\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (HKLM-x32\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (HKLM-x32\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1069 - Intel Corporation)
Intel(R) Network Connections 22.9.16.0 (HKLM\...\PROSetDX) (Version: 22.9.16.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.0.1015 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Macrium Reflect Free Edition (HKLM\...\{B9B98940-69DB-4212-B3B1-FB8077FB8B4B}) (Version: 7.2.3957 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.2 - Paramount Software (UK) Ltd.)
Magic The Gathering Online - 1 (HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\01641bea2c75c522) (Version: 3.4.108.2092 - Wizards of the Coast, LLC)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Edge Beta (HKLM-x32\...\Microsoft Edge Beta) (Version: 75.0.139.20 - Microsoft Corporation)
Microsoft Edge Dev (HKLM-x32\...\Microsoft Edge Dev) (Version: 76.0.167.1 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.103.17 - )
Microsoft Office Profesional Plus 2019 - es-es (HKLM\...\Proplus2019Retail - es-es) (Version: 16.0.11601.20230 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0007 - Microsoft Corporation)
Microsoft Project Professional 2019 - es-es (HKLM\...\ProjectPro2019Retail - es-es) (Version: 16.0.11601.20230 - Microsoft Corporation)
Microsoft Visio Professional 2019 - es-es (HKLM\...\VisioPro2019Retail - es-es) (Version: 16.0.11601.20230 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{F25C8769-16B6-4B19-BB0B-76F213829AC6}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 67.0 (x64 es-AR) (HKLM\...\Mozilla Firefox 67.0 (x64 es-AR)) (Version: 67.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.2 - Mozilla)
Mozilla Thunderbird 60.7.0 (x86 es-AR) (HKLM-x32\...\Mozilla Thunderbird 60.7.0 (x86 es-AR)) (Version: 60.7.0 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA Controlador de audio HD 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 430.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 430.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.18.0.102 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.18.0.102 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.1.27.831 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.1.27.831 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.1.0 - OBS Project)
odio 1.4.0 (HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\dd2052c3-9585-57bb-a40b-87a370655a6f) (Version: 1.4.0 - Meni Edri)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11601.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11601.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.11601.20230 - Microsoft Corporation) Hidden
Opera Stable 60.0.3255.109 (HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\Opera 60.0.3255.109) (Version: 60.0.3255.109 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.39.26720 - Electronic Arts, Inc.)
Panel de control de NVIDIA 430.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 430.86 - NVIDIA Corporation) Hidden
RamCache II (HKLM-x32\...\RamCache II) (Version: 1.01.04 - ASUSTeKcomputer Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8382 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
SSL EYE (HKLM-x32\...\{7DBB0B4F-D9D6-4DE1-BCD8-4E58B44DE928}) (Version: 1.6 - Eagle Eye Digital Solutions)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft)
Vivaldi (HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\Vivaldi) (Version: 2.5.1525.40 - Vivaldi Technologies AS.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinX HD Video Converter Deluxe 5.15.2 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
Yandex Browser (HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\YandexBrowser) (Version: 19.4.2.702 - YANDEX)
Zemana AntiMalware versión 3.1.200 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.1.200 - Zemana(Beta))

Packages:
=========
Complemento de Fotos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-05-29] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_95.1.531.0_x64__v10z8vjag6ke6 [2019-05-29] (HP Inc.)
Inicio -> C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy [2019-04-09] (Microsoft Corporation)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2019-04-13] (Instagram)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.28.0.0_neutral__qq0fmhteeht3j [2019-05-29] (LastPass)
Llamada -> C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy [2019-04-09] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-05-29] (Netflix, Inc.)
Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.8.0.0_neutral__v68kp9n051hdp [2019-05-29] (Symantec Corporation)
Windows Defender Application Guard Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsDefenderApplicationGuard_1.0.8.0_x64__8wekyb3d8bbwe [2019-05-29] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-04-21] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-05-26] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-04-21] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-05-26] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Herramienta de recuperación de Chromebooks.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google Inc.) -> --profile-directory=Default --app-id=jndclpdbaamdhonoechobihbbiimdgai

==================== Loaded Modules (Whitelisted) ==============

2019-05-26 19:54 - 2017-10-29 19:15 - 000147456 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2019-05-26 19:57 - 2016-04-29 13:56 - 000179712 _____ () [File not signed] C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsusService.dll
2019-02-14 18:58 - 2017-12-26 10:26 - 000053248 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.01\cpuutil.dll
2019-05-26 19:55 - 2017-11-27 06:57 - 000062464 _____ () [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\Exeio.dll
2019-05-26 19:55 - 2017-11-27 06:57 - 001772544 _____ () [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\Vender.dll
2019-05-23 18:29 - 2019-05-23 18:29 - 085602816 _____ () [File not signed] D:\Battle.net\Battle.net.11189\libcef.dll
2019-05-23 18:29 - 2019-05-23 18:29 - 000089600 _____ () [File not signed] D:\Battle.net\Battle.net.11189\libEGL.dll
2019-05-23 18:29 - 2019-05-23 18:29 - 003841536 _____ () [File not signed] D:\Battle.net\Battle.net.11189\libGLESv2.dll
2019-05-26 19:54 - 2017-10-29 19:15 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsAcpi.dll
2019-05-26 19:55 - 2017-11-24 08:47 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\asacpi.dll
2019-02-14 18:59 - 2014-04-24 03:29 - 001360016 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2019-04-12 13:03 - 2019-05-30 07:11 - 000041768 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.01\PEbiosinterface32.dll
2019-05-26 19:54 - 2017-10-29 19:15 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\asacpiEx.dll
2019-05-26 19:54 - 2017-10-29 19:15 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsMultiLang.dll
2019-05-26 19:55 - 2017-11-24 08:47 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\AsMultiLang.dll
2019-05-26 19:55 - 2017-11-24 08:47 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\asacpiEx.dll
2019-05-26 19:57 - 2016-04-29 13:56 - 000211456 _____ (ASUSTek Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\ACPIWMI.dll
2019-05-26 19:57 - 2016-04-29 13:56 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\asacpiex.dll
2019-05-26 19:55 - 2017-05-02 21:17 - 000106496 _____ (ASUSTek Computer Inc.,) [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\EIO.DLL
2019-05-23 18:29 - 2019-05-23 18:29 - 001463808 _____ (Firelight Technologies) [File not signed] D:\Battle.net\Battle.net.11189\fmod.dll
2009-05-21 20:09 - 2009-05-21 20:09 - 000554496 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll
2009-06-24 10:57 - 2009-06-24 10:57 - 000029696 _____ (HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\DebugLogger.dll
2009-06-24 10:57 - 2009-06-24 10:57 - 000032768 _____ (HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPHTTPProxy.dll
2009-06-24 10:57 - 2009-06-24 10:57 - 000136704 _____ (HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
2009-06-24 10:57 - 2009-06-24 10:57 - 000031744 _____ (HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPServiceCommunicator.dll
2019-05-23 18:29 - 2019-05-23 18:29 - 000596992 _____ (The Chromium Authors) [File not signed] D:\Battle.net\Battle.net.11189\chrome_elf.dll
2019-05-29 19:58 - 2019-04-11 10:49 - 001548288 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\Origin\LIBEAY32.dll
2019-05-29 19:58 - 2019-04-11 10:49 - 000395776 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\Origin\ssleay32.dll
2019-05-29 19:58 - 2019-05-25 09:55 - 001611264 _____ (The Qt Company Ltd) [File not signed] D:\Origin\platforms\qwindows.dll
2019-05-29 19:58 - 2019-05-25 09:56 - 005487104 _____ (The Qt Company Ltd) [File not signed] D:\Origin\Qt5Core.dll
2019-05-29 19:58 - 2019-05-25 09:56 - 005841920 _____ (The Qt Company Ltd) [File not signed] D:\Origin\Qt5Gui.dll
2019-05-29 19:58 - 2019-05-25 09:56 - 001179136 _____ (The Qt Company Ltd) [File not signed] D:\Origin\Qt5Network.dll
2019-05-29 19:58 - 2019-05-25 09:56 - 005089792 _____ (The Qt Company Ltd) [File not signed] D:\Origin\Qt5Widgets.dll
2019-05-29 19:58 - 2019-05-25 09:56 - 000184832 _____ (The Qt Company Ltd) [File not signed] D:\Origin\Qt5Xml.dll
2019-05-23 18:28 - 2019-05-23 18:28 - 000047104 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\audio\qtaudio_windows.dll
2019-05-23 18:29 - 2019-05-23 18:29 - 000026112 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\imageformats\qgif.dll
2019-05-23 18:29 - 2019-05-23 18:29 - 000027136 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\imageformats\qico.dll
2019-05-23 18:29 - 2019-05-23 18:29 - 000243712 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\imageformats\qjpeg.dll
2019-05-23 18:29 - 2019-05-23 18:29 - 000223744 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\imageformats\qmng.dll
2019-05-23 18:29 - 2019-05-23 18:29 - 000020992 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\imageformats\qsvg.dll
2019-05-23 18:29 - 2019-05-23 18:29 - 000332288 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\imageformats\qtiff.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 001140224 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\platforms\qwindows.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 000041984 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\qml\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 000014848 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\qml\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 000014848 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\qml\QtQml\Models.2\modelsplugin.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 000014848 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\qml\QtQuick.2\qtquick2plugin.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 000084480 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\qml\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 000267776 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\qml\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 000071680 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 000211456 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\qml\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 000014848 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\qml\QtQuick\Window.2\windowplugin.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 004943360 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\Qt5Core.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 005022208 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\Qt5Gui.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 000626176 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\Qt5Multimedia.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 000877056 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\Qt5Network.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 002908672 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\Qt5Qml.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 003078656 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\Qt5Quick.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 000096256 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\Qt5QuickControls2.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 000681472 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\Qt5QuickTemplates2.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 000259072 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\Qt5Svg.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 004718080 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\Qt5Widgets.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 000439296 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\Qt5WinExtras.dll
2019-05-23 18:30 - 2019-05-23 18:30 - 000159232 _____ (The Qt Company Ltd.) [File not signed] D:\Battle.net\Battle.net.11189\Qt5Xml.dll
2019-05-26 19:55 - 2017-12-20 00:01 - 000193536 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.03\AsusGpuTweak.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZAM.exe" /service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\qwfp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZAM.exe" /service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zam64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zamguard64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-02-14 21:26 - 2019-04-08 10:50 - 000000854 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NGX;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\WindowsPowerShell\Scripts;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;%USERPROFILE%\adb-fastboot\platform-tools;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\
HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 186.12.238.16 - 186.12.238.15
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "YouCam Service8"
HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"
HKU\S-1-5-21-2947481483-1064858154-3000073182-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-DeviceManagement-deviceenroller-TCP-Out] => (Allow) %SystemRoot%\system32\deviceenroller.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{206880D4-9E43-489F-B3CC-AB3DB4AFC3DC}] => (Allow) D:\JUEGOS\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7A326883-1CD8-4F15-8D1C-104FC7251C35}] => (Allow) D:\JUEGOS\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{0CDF36E6-888F-44A3-8634-1BE5E07CB1CD}] => (Allow) D:\JUEGOS\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A78DB1FD-7259-4A5C-A367-8F149B8683F0}] => (Allow) D:\JUEGOS\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{F1F93C45-59A7-4DD2-8CDF-E181578E36F7}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [UDP Query User{F745A6C2-2640-4202-BD22-990C987DAC0D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{64D4AD78-A543-43DE-B910-0F2780763C6A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{72006CBF-2179-4A47-8226-0DE967B54CFC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EB8C46DE-A6B5-4716-933A-4C6E0F7AC219}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{F8B60329-5F39-487C-B8F0-1CEFD18DAD8A}] => (Allow) D:\JUEGOS\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{3833410C-D418-487D-82E0-C330A16A4BEB}] => (Allow) D:\JUEGOS\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{4281C2F5-AA63-49E3-A007-A5412A6328AC}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0DBCFB9C-BDA7-497C-8DF6-E19B5476034D}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Dev\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F3864D4A-1598-4E0A-A05C-7C69CEF47E07}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{18978F15-0762-4F98-800D-042CB3F52174}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{37DE6283-B521-4B33-895D-755A0FD74B18}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{78C870A4-3519-4E5A-A52C-A6A9C0D25E3E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E13339BB-1A20-4D08-AEE0-D3E12A23FEFB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{413E61FB-CFBB-4350-9594-D3408535C41E}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{24ADA082-9923-48AD-88FC-68381C074A17}] => (Allow) C:\Program Files (x86)\Eagle Eye Digital Solutions\SSL EYE\SSLEye.exe (Eagle Eye Digital Solutions -> Eagle Eye Digital Solutions)
FirewallRules: [{7467A309-69EF-4EFC-945A-5732C25EC44A}] => (Allow) D:\JUEGOS\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{5AC282AD-366C-42FE-9D17-475455E8EAE5}] => (Allow) D:\JUEGOS\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{9964418C-F5E3-4D69-BDE2-D4D66EB39F0E}] => (Allow) D:\JUEGOS\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{CCA324D7-A312-4A1C-9064-F2ADBE851E79}] => (Allow) D:\JUEGOS\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

==================== Restore Points =========================

29-05-2019 19:28:04 Windows Update

==================== Faulty Device Manager Devices =============

Name: DAEMON Tools Lite Virtual USB Bus
Description: DAEMON Tools Lite Virtual USB Bus
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Disc Soft Ltd
Service: dtliteusbbus
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: DAEMON Tools Lite Virtual SCSI Bus
Description: DAEMON Tools Lite Virtual SCSI Bus
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Disc Soft Ltd
Service: dtlitescsibus
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2019 07:10:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina CoCreateInstance. HR = 0x8007045b, Se está cerrando el sistema.
.

Error: (05/30/2019 07:10:41 AM) (Source: VSS) (EventID: 13) (User: )
Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} y el nombre CEventSystem no puede iniciarse. [0x8007045b, Se está cerrando el sistema.
]

Error: (05/30/2019 06:38:26 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: El tamaño del búfer necesario es mayor que el tamaño del búfer que se llevó a la función Collect del archivo DLL del contador extensible "C:\Windows\System32\perfts.dll" del servicio "LSM". El tamaño del búfer indicado era 19200 y el tamaño necesario es 40768.

Error: (05/30/2019 05:44:15 AM) (Source: ESENT) (EventID: 447) (User: )
Description: Catalog Database (3540,D,29) Catalog Database: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 9, PgnoRoot: 35) of database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb (4953 => 13404, 9).

Tag: BtDownCLines

Fatal: 1

Error: (05/30/2019 05:44:15 AM) (Source: ESENT) (EventID: 544) (User: )
Description: Catalog Database (3540,D,29) Catalog Database: Error al comprobar la página de base de datos leída del archivo "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" en la posición 54906880 (0x000000000345d000) (página de base de datos 13404 (0x345C)) con 4096 (0x00001000) bytes porque, de forma persistente, la marca de tiempo de detección de vaciado perdido no coincide. La operación de lectura se cerrará con el error -1119 (0xfffffba1).

El estado de vaciado en la página de la base de datos 13404 (0x345C) era 1, mientras que el estado de vaciado en la página de asignaciones de vaciado 0 (0x0) era 2.

Si el problema persiste, restaure la base de datos a partir de una copia de seguridad anterior. Este problema puede estar causado por hardware defectuoso. Póngase en contacto con el proveedor de hardware para obtener ayuda para diagnosticar el problema.

Error: (05/30/2019 05:44:15 AM) (Source: ESENT) (EventID: 544) (User: )
Description: Catalog Database (3540,D,29) Catalog Database: Error al comprobar la página de base de datos leída del archivo "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" en la posición 54910976 (0x000000000345e000) (página de base de datos 13405 (0x345D)) con 4096 (0x00001000) bytes porque, de forma persistente, la marca de tiempo de detección de vaciado perdido no coincide. La operación de lectura se cerrará con el error -1119 (0xfffffba1).

El estado de vaciado en la página de la base de datos 13405 (0x345D) era 3, mientras que el estado de vaciado en la página de asignaciones de vaciado 0 (0x0) era 1.

Si el problema persiste, restaure la base de datos a partir de una copia de seguridad anterior. Este problema puede estar causado por hardware defectuoso. Póngase en contacto con el proveedor de hardware para obtener ayuda para diagnosticar el problema.

Error: (05/29/2019 07:33:38 PM) (Source: ESENT) (EventID: 447) (User: )
Description: Catalog Database (3540,D,29) Catalog Database: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 9, PgnoRoot: 35) of database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb (4953 => 13404, 9).

Tag: BtDownCLines

Fatal: 1

Error: (05/29/2019 07:33:38 PM) (Source: ESENT) (EventID: 544) (User: )
Description: Catalog Database (3540,D,29) Catalog Database: Error al comprobar la página de base de datos leída del archivo "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" en la posición 54906880 (0x000000000345d000) (página de base de datos 13404 (0x345C)) con 4096 (0x00001000) bytes porque, de forma persistente, la marca de tiempo de detección de vaciado perdido no coincide. La operación de lectura se cerrará con el error -1119 (0xfffffba1).

El estado de vaciado en la página de la base de datos 13404 (0x345C) era 1, mientras que el estado de vaciado en la página de asignaciones de vaciado 0 (0x0) era 2.

Si el problema persiste, restaure la base de datos a partir de una copia de seguridad anterior. Este problema puede estar causado por hardware defectuoso. Póngase en contacto con el proveedor de hardware para obtener ayuda para diagnosticar el problema.


System errors:
=============
Error: (05/30/2019 07:11:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Intel(R) PROSet Monitoring Service no pudo iniciarse debido al siguiente error:
El sistema no puede encontrar el archivo especificado.

Error: (05/30/2019 07:10:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QGCBUE3)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (05/30/2019 07:10:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QGCBUE3)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (05/30/2019 07:10:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QGCBUE3)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (05/30/2019 07:10:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QGCBUE3)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (05/30/2019 07:10:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QGCBUE3)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (05/30/2019 07:10:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QGCBUE3)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (05/30/2019 07:10:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QGCBUE3)
Description: El servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} no se registró con DCOM dentro del tiempo de espera requerido.


Windows Defender:
===================================
Date: 2019-05-29 19:45:26.176
Description:
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
Trojan:Win32/Occamy.C threat description - Microsoft Security Intelligence
Nombre: Trojan:Win32/Occamy.C
Id.: 2147726780
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\User\Desktop\dll-injector-hacker_0.6.6_Fix.exe.opdownload
Origen de detección: Equipo local
Tipo de detección: FastPath
Origen de detección: Protección en tiempo real
Usuario: DESKTOP-QGCBUE3\User
Nombre de proceso: C:\Users\User\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
Versión de inteligencia de seguridad: AV: 1.293.2519.0, AS: 1.293.2519.0, NIS: 1.293.2519.0
Versión de motor: AM: 1.1.15900.4, NIS: 1.1.15900.4

Date: 2019-05-29 18:39:32.761
Description:
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {80DBEEE7-8939-4DC8-9666-E59101A4966A}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: DESKTOP-QGCBUE3\User

Date: 2019-05-29 18:15:30.090
Description:
Antivirus de Windows Defender encontró un error al intentar cargar la inteligencia de seguridad e intentará revertir a una versión que sepa que es correcta.
Inteligencia de seguridad intentada: Actual
Código de error: 0x80070003
Descripción del error: El sistema no puede encontrar la ruta especificada.
Versión de inteligencia de seguridad: 0.0.0.0;0.0.0.0
Versión del motor: 0.0.0.0

Date: 2019-05-28 15:26:27.251
Description:
Antivirus de Windows Defender encontró un error al intentar cargar un archivo sospechoso para analizarlo.
Nombre de archivo: C:\Users\User\Downloads\d2b13850-3336-4726-9ad5-81c0f9f72383.tmp
Sha256:
Versión actual de inteligencia de seguridad: AV: 1.293.2434.0, AS: 1.293.2434.0
Versión actual del motor: 1.1.15900.4
Código de error: 0x80508016

CodeIntegrity:
===================================

Date: 2019-05-29 19:11:07.787
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-29 19:07:05.345
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-05-29 18:17:48.522
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume7\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Microsoft signing level requirements.

Date: 2019-05-29 18:17:45.918
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume7\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements.

Date: 2019-05-29 15:09:31.720
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume7\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements.

Date: 2019-05-29 12:50:46.545
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume7\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements.

Date: 2019-05-29 12:42:50.331
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume7\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements.

Date: 2019-05-29 12:27:01.145
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume7\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 0312 01/05/2017
Motherboard: ASUSTeK COMPUTER INC. STRIX B250F GAMING
Processor: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 35%
Total physical RAM: 20408.98 MB
Available physical RAM: 13196.02 MB
Total Virtual: 21688.98 MB
Available Virtual: 12375.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.97 GB) (Free:96.56 GB) NTFS
Drive d: (JUEGOS) (Fixed) (Total:930.18 GB) (Free:769.04 GB) NTFS
Drive e: (DATOS) (Fixed) (Total:465.54 GB) (Free:165.18 GB) NTFS
Drive f: (Nuevo vol) (Fixed) (Total:1863 GB) (Free:957.65 GB) NTFS

\\?\Volume{8255a513-4e3a-46f0-bd33-591c958976ef}\ (Recuperación) (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{98707b82-9631-44cd-b9e8-a80ca891b877}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D972C032)
Partition 1: (Not Active) - (Size=930.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: 2E0ABA02)

Partition: GPT.

==================== End of Addition.txt ============================
 

Attachments

Last edited by a moderator:
Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ".
Code: 
Start::
CreateRestorePoint:
CloseProcesses:
S2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [X]
CMD: ipconfig /flushDNS 
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.
Please scan your system with Malwarebytes.
  • Launch Malwarebytes and select the Scan tab.
  • Ensure that "Threat Scan" is selected.
  • Click on Start Scan and wait for the scan to complete.
  • If no threats are found, close the Malwarebytes window. If threats are detected, make sure they are all selected and click Quarantine selected.
  • Click on Reports in the left pane, and check the box next to the latest report (at the top). Click on View Report.
  • Select Export in the bottom left corner, and click Text File. Save the file to your desktop, with a name like MBAMLog.txt.
  • Open the Malwarebytes log on your desktop, and copy and paste its contents into your next reply.
 
Thank you very much for your reply. Attached are the reports. Best regards.

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05.2019
Ran by User (30-05-2019 10:59:01) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
S2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [X]
CMD: ipconfig /flushDNS
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\Intel(R) PROSet Monitoring Service => removed successfully
Intel(R) PROSet Monitoring Service => service removed successfully

========= ipconfig /flushDNS =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 94512640 B
Java, Flash, Steam htmlcache => 296310619 B
Windows/system/drivers => 1236725 B
Edge => 219212188 B
Chrome => 59591412 B
Firefox => 1091443370 B
Opera => 543650632 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 386694 B
LocalService => 0 B
NetworkService => 309610 B
NetworkService => 0 B
User => 28801846 B
DefaultAppPool => 0 B

RecycleBin => 110701565 B
EmptyTemp: => 2.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:59:47 ====



Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/30/19
Scan Time: 11:01 AM
Log File: 61601aa0-82e3-11e9-b6e0-6045cba1c661.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.10836
License: Free

-System Information-
OS: Windows 10 (Build 18362.116)
CPU: x64
File System: NTFS
User: DESKTOP-QGCBUE3\User

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 322711
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 40 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 
Hi, thank you very much. The pc is doing well, at least it starts and all the programs work. The problem persists over the MITM attack. Attached screenshot of the certificate with problems. Thank you very much. Best regards.
1.jpg
 
You can try the following:

1. Open run command.
2. Type certmgr.msc and press enter
3. Certificates are stored in the folders under Certificates - Current User.

You will likely need to search through the folders to find the certificate you're looking for.
 
Thank you very much. I followed your instructions to locate the certificate and I was unsuccessful. I deleted some certificates but nothing remains the same. Any other instructions very thankful in advance. Attached screenshots of the crt. Cordial greetings.1.jpg2.jpg2.jpg3.jpg4.jpg
 
Two things. First, it does not appear as though you are looking at current user which includes the ability to search for specific certificates.

47247

Second, the image you posted above pointed to Twitter. Thus, why not delete the *.twitter.com cert and see what SSL Eye v1.6 shows then.
 
Another thing, although Malwarebytes didn't detect anything with Opera, Windows Defender had identified it as the source of the trojan. Since it is your primary browser, it could be a false/positive but it wouldn't hurt to get yet another opinion.

Please do a scan with ESET Online Scanner.

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • Click on Get Started.
  • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.
 
Hello, I'm enclosing the report. I still can't figure out the certificate. Thank you very much. Best regards.

30/5/2019 17:38:18
Files scanned: 662007
Infected files: 3
Cleaned threats: 3
Total scan time 02:11:51
Scan status: Finished


C:\Program Files (x86)\ASUS\GameFirst IV\nfapi.dll a variant of Win32/NetFilter.A potentially unsafe application cleaned by deleting
C:\Users\User\Desktop\COSAS\DRIVERS ASUS\Nueva carpeta (6)\dtlite10100-0779.exe a variant of Generik.MEWCBLI trojan cleaned by deleting
F:\FileHistory\User\DESKTOP-QGCBUE3\Data\C\Users\User\Desktop\COSAS\DRIVERS ASUS\Nueva carpeta (6)\dtlite10100-0779 (2019_05_27 00_04_20 UTC).exe a variant of Generik.MEWCBLI trojan cleaned by deleting
 
Additionally, the SSLEye program does not finish analyzing. I restored the Windows firewall values and it's still not running. Thank you very much.

ssleye.jpg
 
Hi, Solitario. Since I may be overlooking something, I'm going to consult with staff members.
 
Hi there,

A few things to try.

First, ping twitter.com from the suspect computer and let me know what IP address you get, and also run tracert twitter.com

Also rerun your SSLEye tests for each of the following IP addresses

47294

Then flush your DNS, set your DNS settings on your computer manually to Google's DNS, and if other computers on your network are affected, reset your router to factory settings.

Let me know if any of these steps resolve the problem.

Richard
 
Hello, thank you very much for your reply. I've changed my dns to google dns. The ip address that shows when I ping twitter is: 35.186.207.124 . When I try to verify with the program SSLeye the ip addresses that he indicated me leaves an error of the program saying that it can not verify addresses of ip only domains. After changing the dns when I ping to twitter the next ip 104.244.42.65 comes out. I haven't restarted the pc yet. Thank you very much. Best regards.
 
I reset the router from its back where it has a slot and a button inside the slot. The fingerprint that the certificate now shows me is the following: c7e0df3987d7a37fd4acff87665bcb6ca6043b47. I don't know if it's the right one, but it changed since the dns modification. Thank you very much. Regards.
 
Now I'm with my dns. The strange thing is that doing ping to twitter the next ip 35.186.207.124 comes out and doing a whois gives as result the following:

Code: 
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2019, American Registry for Internet Numbers, Ltd.
#


NetRange:       35.184.0.0 - 35.191.255.255
CIDR:           35.184.0.0/13
NetName:        GOOGLE-CLOUD
NetHandle:      NET-35-184-0-0-1
Parent:         NET35 (NET-35-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   Google LLC (GOOGL-2)
RegDate:        2016-10-11
Updated:        2016-10-17
Ref:            https://rdap.arin.net/registry/ip/35.184.0.0



OrgName:        Google LLC
OrgId:          GOOGL-2
Address:        1600 Amphitheatre Parkway
City:           Mountain View
StateProv:      CA
PostalCode:     94043
Country:        US
RegDate:        2006-09-29
Updated:        2017-12-21
Comment:        *** The IP addresses under this Org-ID are in use by Google Cloud customers ***
Comment:       
Comment:        Direct all copyright and legal complaints to
Comment:        https://support.google.com/legal/go/report
Comment:       
Comment:        Direct all spam and abuse complaints to
Comment:        https://support.google.com/code/go/gce_abuse_report
Comment:       
Comment:        For fastest response, use the relevant forms above.
Comment:       
Comment:        Complaints can also be sent to the GC Abuse desk
Comment:        (email@google.com)
Comment:        but may have longer turnaround times.
Comment:       
Comment:        Complaints sent to any other POC will be ignored.
Ref:            https://rdap.arin.net/registry/entity/GOOGL-2


OrgTechHandle: ZG39-ARIN
OrgTechName:   Google LLC
OrgTechPhone:  +1-650-253-0000
OrgTechEmail:  email@google.com
OrgTechRef:    https://rdap.arin.net/registry/entity/ZG39-ARIN

OrgNOCHandle: GCABU-ARIN
OrgNOCName:   GC Abuse
OrgNOCPhone:  +1-650-253-0000
OrgNOCEmail:  email@google.com
OrgNOCRef:    https://rdap.arin.net/registry/entity/GCABU-ARIN

OrgAbuseHandle: GCABU-ARIN
OrgAbuseName:   GC Abuse
OrgAbusePhone:  +1-650-253-0000
OrgAbuseEmail:  email@google.com
OrgAbuseRef:    https://rdap.arin.net/registry/entity/GCABU-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2019, American Registry for Internet Numbers, Ltd.
#
 
Hmm this is very strange. I am continuing to investigate.

I haven't yet been able to track down DNS settings for Claro AR to test it myself, although I did test a number of other AR DNS servers: https://public-dns.info/nameserver/ar.html and managed to reach Twitter just fine. This does not seem to be part of national / countrywide internet censorship (although most censorship doesn't tend to work in exactly this way anyway). Argentina

It does not appear to be part of a datasaving measure / addon because it is replicable inside tracert / ping too.

Which certainly raises the possibility of some sort of phishing attack, although I cannot yet find any directly supporting evidence / proof of this.
 
niemiro said:
Hmm this is very strange. I am continuing to investigate.

I haven't yet been able to track down DNS settings for Claro AR to test it myself, although I did test a number of other AR DNS servers: DNS servers in Argentina and managed to reach Twitter just fine. This does not seem to be part of national / countrywide internet censorship (although most censorship doesn't tend to work in exactly this way anyway). Argentina

It does not appear to be part of a datasaving measure / addon because it is replicable inside tracert / ping too.

Which certainly raises the possibility of some sort of phishing attack, although I cannot yet find any directly supporting evidence / proof of this.
Click to expand...

Thank you very much. The dns of Claro Argentina that I have in my pc are the following ones: 186.12.238.16 | 186.12.238.15 .I look forward to further instructions. Best regards.
 
@niemiro I don't understand much or better said almost anything about this but I am enclosing a screenshot of my internet connection details in case you need to investigate.

claro.jpg
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top