Inactive Fatal virus in browsers

Status
Not open for further replies.

Broni

Malware Annihilator
Welcome aboard


Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 

royli

TS Rookie
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2019
Ran by 3lchamac0 (administrator) on DESKTOP-A247604 (ASUSTeK COMPUTER INC. K501UW) (21-08-2019 09:03:48)
Running from C:\Users\3lchamac0\Desktop
Loaded Profiles: 3lchamac0 & Classic .NET AppPool & ACME Dotnet & .NET v4.5 & .NET v2.0 & .NET v4.5 Classic & CTAIMA_CAE & .NET v2.0 Classic (Available Profiles: 3lchamac0 & Classic .NET AppPool & ACME Dotnet & .NET v4.5 & .NET v2.0 & .NET v4.5 Classic & CTAIMA_CAE & .NET v2.0 Classic)
Platform: Windows 10 Pro Version 1809 17763.678 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Everything\Everything.exe
() [File not signed] C:\Program Files (x86)\Everything\Everything.exe
() [File not signed] C:\Program Files (x86)\PrtScr\PrtScr.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUS) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Conexant Systems LLC -> Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Conexant Systems LLC -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Docker Inc -> ) C:\Program Files\Docker\Docker\resources\dockerd.exe
(Docker Inc -> Docker Inc.) C:\Program Files\Docker\Docker\com.docker.service
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(ICEpower a/s -> ICEpower A/S) C:\Windows\System32\DriverStore\FileRepository\x40plmwa.inf_amd64_f4ae16267365b868\ICEsoundService64.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Kaspersky Lab -> Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe
(Kaspersky Lab -> Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe
(Kaspersky Lab -> Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avpsus.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft VS Code\Code.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft VS Code\Code.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft VS Code\Code.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft VS Code\Code.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft VS Code\Code.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft VS Code\Code.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft VS Code\Code.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft VS Code\Code.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft VS Code\Code.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft VS Code\resources\app\out\vs\workbench\services\files\node\watcher\win32\CodeHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\3lchamac0\AppData\Local\Microsoft\Teams\current\Teams.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\3lchamac0\AppData\Local\Microsoft\Teams\current\Teams.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\3lchamac0\AppData\Local\Microsoft\Teams\current\Teams.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\3lchamac0\AppData\Local\Microsoft\Teams\current\Teams.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\3lchamac0\AppData\Local\Microsoft\Teams\current\Teams.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.1001.24.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.895.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(OpenVPN Technologies, Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\62.0.3331.116\opera_crashreporter.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(syntevo GmbH -> syntevo GmbH) C:\Program Files\SmartGit\bin\smartgit.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [1010176 2013-06-26] () [File not signed]
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe [1241240 2017-06-27] (Kaspersky Lab -> Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\Run: [PrtScr by FireStarter] => C:\Program Files (x86)\PrtScr\PrtScr.exe [2766336 2013-07-14] () [File not signed]
HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\Run: [Docker for Windows] => C:\Program Files\Docker\Docker\Docker for Windows.exe [1814016 2018-12-19] (Docker Inc -> Docker Inc.)
HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\3lchamac0\AppData\Local\Microsoft\Teams\Update.exe [1789768 2019-08-19] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe [23913464 2019-08-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [643200 2017-09-26] (OpenVPN Technologies, Inc. -> )
HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\devenv.exe [726648 2018-12-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1278661410-3598136645-1859861107-1003\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [643200 2017-09-26] (OpenVPN Technologies, Inc. -> )
HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-82-2325601586-2736651707-184426384-2820633745-1097891582\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-82-271721585-897601226-2024613209-625570482-296978595\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-82-3682073875-1643277370-2842298652-3532359455-2406259117\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-82-3876422241-1344743610-1729199087-774402673-2621913236\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-82-4035669369-1394164305-1342763263-319680832-1071764339\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-82-4068219030-1673637257-3279585211-533386110-4122969689\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-07] (Google LLC -> Google LLC)
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
BootExecute: autocheck autochk * sh4native 7099
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {049A5263-AFD9-47D0-8B2F-97214C246B96} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18416 2015-10-22] (ASUSTeK Computer Inc. -> AsusTek)
Task: {19314FF2-8633-42B4-A034-11D918C848C0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [658040 2017-11-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1B5C250B-9677-4253-9701-49156A9BFEE0} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [964728 2017-11-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1CF22E60-4D85-46B6-9567-C40339E05AAD} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [746104 2017-11-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {26847DD5-58A7-44EF-945A-E634796FA2C4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [658040 2017-11-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2D726934-C782-4007-9491-390E1DADE116} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {2FDEBA26-304B-4AC4-8813-C29D157F6D3B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447512 2019-08-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {331C1F15-1CEF-4620-884B-C37C72E18283} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [521336 2017-11-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {376BA411-3973-45BA-B4F3-F597CD86D614} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1447512 2019-08-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {39D9C0EB-6E28-4AAA-878E-D2F0E633D248} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-08-01] (Google Inc -> Google LLC)
Task: {3A66B2D3-22AE-4126-9AA6-295E04255AAD} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {3EAC82B7-4F80-4826-9FBD-EA480423C021} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [746104 2017-11-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {48529DC4-BAF9-495E-B5FF-6A5603312FB6} - System32\Tasks\Opera scheduled Autoupdate 1545246236 => C:\Program Files (x86)\Opera\launcher.exe [1519640 2019-08-07] (Opera Software AS -> Opera Software)
Task: {5554B469-9DE2-4CB6-B23F-BD1943F6A1F8} - System32\Tasks\Microsoft\Windows\Conexant\AFA => C:\Program Files\CONEXANT\cAudioFilterAgent\SACpl.exe [1823232 2016-07-05] (Conexant Systems, Inc.) [File not signed]
Task: {59DA5210-8B3D-43EE-8D0A-EE41B3D15B9F} - System32\Tasks\G2MUpdateTask-S-1-5-21-1278661410-3598136645-1859861107-1001 => C:\Users\3lchamac0\AppData\Local\GoToMeeting\14074\g2mupdate.exe [32256 2019-08-19] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {64A8ED33-DE01-44E9-87C7-315868A2E18D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {6C3AF0AA-E87A-42D5-A371-7DA4491FC2BF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7F21C979-93DE-4957-8F76-329F63BC3C99} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {90BEB3EB-EBB7-429A-853D-D5679D3BD926} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1864824 2017-11-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9FF356FE-919E-4ADA-AE5A-BE7E555DDE4E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519288 2017-11-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A0606485-A81E-4535-8E2E-EFEFE076A79F} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\KMS_WEEKLY => C:\WINDOWS\KMS_VL_ALL\SilentRun.vbs [108 2018-12-19] () [File not signed]
Task: {B0F9AC33-CD66-4134-86F3-13796C921F26} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {B596FFAA-204D-4292-886F-4C1F2C238F87} - System32\Tasks\Microsoft\Windows\Conexant\SA2 => C:\Program Files\CONEXANT\SAII\SACpl.exe [1832280 2017-06-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
Task: {C0191A11-22EF-40AF-A48E-3C3E57258F64} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4519576 2019-08-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {C10709AF-6A30-4524-B375-4BF5A5FF4644} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351656 2019-08-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {C51D0864-1672-4F45-A6BB-0106713BB0E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-08-01] (Google Inc -> Google LLC)
Task: {CF220DB5-269B-4922-BF69-AD2E8EB3DFA3} - System32\Tasks\SpyHunter4Startup => C:\Users\3lchamac0\Downloads\SH42564782\Portable\SpyHunter4.exe [8385728 2018-03-30] (Enigma Software Group USA, LLC -> Enigma Software Group USA, LLC.) [File not signed]
Task: {F265FF1E-FA22-4730-81A8-B111E661334D} - System32\Tasks\G2MUploadTask-S-1-5-21-1278661410-3598136645-1859861107-1001 => C:\Users\3lchamac0\AppData\Local\GoToMeeting\14074\g2mupload.exe [32256 2019-08-19] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {F294FE79-DA83-4754-91B1-56A3495B6578} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351656 2019-08-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {F49B00E7-2FD8-4935-ABE2-31481D711D7C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [114736 2019-08-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {FC8B9900-5942-4490-86F1-9FD7FE825E95} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [54784 2015-12-02] (ASUS) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1278661410-3598136645-1859861107-1001.job => C:\Users\3lchamac0\AppData\Local\GoToMeeting\14074\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1278661410-3598136645-1859861107-1001.job => C:\Users\3lchamac0\AppData\Local\GoToMeeting\14074\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1278661410-3598136645-1859861107-1001] => localhost:1080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{3d68270d-d277-4a5c-8062-090b9117fd07}: [DhcpNameServer] 207.244.82.25 108.59.15.5
Tcpip\..\Interfaces\{680e0d8c-9fec-4987-ab28-e011d3305b50}: [NameServer] 45.86.180.227,185.162.93.213,185.4.65.4,116.203.6.218,185.130.104.222,185.4.64.13,8.8.8.8
Tcpip\..\Interfaces\{680e0d8c-9fec-4987-ab28-e011d3305b50}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{6cd5f70a-cc25-4b7d-b251-eaf6cd378487}: [NameServer] 45.86.180.227,185.162.93.213,185.4.65.4,116.203.6.218,185.130.104.222,185.4.64.13,95.216.188.196,8.8.8.8
Tcpip\..\Interfaces\{6cd5f70a-cc25-4b7d-b251-eaf6cd378487}: [DhcpNameServer] 200.55.128.3 200.55.128.4
Tcpip\..\Interfaces\{e3ced0d0-8fe8-4483-8cc5-623149b65cb5}: [NameServer] 45.86.180.227,185.162.93.213,185.4.65.4,116.203.6.218,185.130.104.222,185.4.64.13

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-07-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2019-05-03] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2019-05-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-02] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\3lchamac0\Downloads
Edge Extension: (Avast Online Security) -> EdgeExtension_51CA791EAvastOnlineSecurity_s1d0xtrs8dx04 => C:\Program Files\WindowsApps\51CA791E.AvastOnlineSecurity_19.2.289.0_neutral__s1d0xtrs8dx04 [2019-08-19]

FireFox:
========
FF DefaultProfile: h7i76vjt.default
FF ProfilePath: C:\Users\3lchamac0\AppData\Roaming\Mozilla\Firefox\Profiles\jd8c5ck9.default-release [2019-08-21]
FF ProfilePath: C:\Users\3lchamac0\AppData\Roaming\Mozilla\Firefox\Profiles\h7i76vjt.default [2019-08-21]
FF user.js: detected! => C:\Users\3lchamac0\AppData\Roaming\Mozilla\Firefox\Profiles\h7i76vjt.default\user.js [2019-07-05]
FF Homepage: Mozilla\Firefox\Profiles\h7i76vjt.default -> hxxps://www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\h7i76vjt.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__190521
FF HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\Firefox\Extensions: [helper-sig@savefrom.net] - C:\Users\3lchamac0\AppData\Roaming\Mozilla\Firefox\Profiles\h7i76vjt.default\extensions\staged\helper-sig@savefrom.net.xpi
FF Extension: (SaveFrom.net helper) - C:\Users\3lchamac0\AppData\Roaming\Mozilla\Firefox\Profiles\h7i76vjt.default\extensions\staged\helper-sig@savefrom.net.xpi [2019-01-09] [UpdateUrl:hxxps://download.sf-helper.com/mozilla/updates.json]
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2019-05-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2019-05-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-02] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-02] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\3lchamac0\AppData\Local\Google\Chrome\User Data\Default [2019-08-20]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\3lchamac0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\3lchamac0\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-20]
CHR Profile: C:\Users\3lchamac0\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-08-19]

Opera:
=======
OPR Extension: (uMatrix) - C:\Users\3lchamac0\AppData\Roaming\Opera Software\Opera Stable\Extensions\clblbeknmgobkgonndomehcjpckopfeh [2019-08-20]
OPR Extension: (Avast Online Security) - C:\Users\3lchamac0\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2019-08-19]
OPR Extension: (Install Chrome Extensions) - C:\Users\3lchamac0\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-08-19]
OPR Extension: (Google Hangouts) - C:\Users\3lchamac0\AppData\Roaming\Opera Software\Opera Stable\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2019-08-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe [1241240 2017-06-27] (Kaspersky Lab -> Kaspersky Lab ZAO)
R2 avpsus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avpsus.exe [2544192 2017-06-27] (Kaspersky Lab -> Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-08-08] (Microsoft Corporation -> Microsoft Corporation)
R2 com.docker.service; C:\Program Files\Docker\Docker\com.docker.service [15912 2018-12-19] (Docker Inc -> Docker Inc.)
R2 docker; C:\Program Files\Docker\Docker\Resources\dockerd.exe [43794472 2018-12-19] (Docker Inc -> )
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-10-29] (Intel(R) Software -> Intel Corporation)
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1010176 2013-06-26] () [File not signed]
S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [149504 2019-01-31] (Microsoft Windows -> Microsoft Corporation)
R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [2880000 2019-07-10] (Microsoft Windows -> Microsoft Corporation)
R2 ibtsiva; C:\WINDOWS\System32\ibtsiva.exe [550568 2018-05-02] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 ICEsoundService; C:\WINDOWS\System32\DriverStore\FileRepository\x40plmwa.inf_amd64_f4ae16267365b868\ICEsoundService64.exe [915216 2019-06-21] (ICEpower a/s -> ICEpower A/S)
S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] (AzureEngBuildCodeSign -> ) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265824 2018-04-16] (Intel Corporation -> )
R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [41272 2019-01-31] (Microsoft Windows -> Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519288 2017-11-15] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519288 2017-11-15] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] ( ) [File not signed]
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73856 2017-09-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73856 2017-09-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 SAService; C:\WINDOWS\system32\SAsrv.exe [416576 2016-10-27] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5356848 2019-08-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [974848 2019-02-20] (Microsoft Windows -> )
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [288768 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3340600 2019-08-14] (Microsoft Windows -> Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2019-06-11] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848288 2018-04-16] (Intel Corporation -> Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [140280 2015-10-22] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R3 CnxtHdAudService; C:\WINDOWS\system32\drivers\CHDRT64.sys [3463976 2019-06-21] (Synaptics Incorporated -> Conexant Systems Inc.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-10-29] (Intel(R) Software -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-10-29] (Intel(R) Software -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-10-29] (Intel(R) Software -> Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [34216 2018-11-05] (ASUSTek Computer Inc. -> ASUS)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [36384 2019-01-31] (Microsoft Windows -> Microsoft Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [198168 2018-04-19] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab -> Kaspersky Lab ZAO)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [31848 2015-08-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Kaspersky Lab)
S3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [125912 2017-06-22] (Kaspersky Lab -> Kaspersky Lab ZAO)
R1 KLFLTDEV; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [44880 2016-06-25] (Kaspersky Lab -> Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [686552 2017-06-22] (Kaspersky Lab -> Kaspersky Lab ZAO)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [56792 2017-06-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [94160 2017-05-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199128 2017-06-14] (Kaspersky Lab -> Kaspersky Lab ZAO)
S3 l2bridge; C:\WINDOWS\System32\drivers\l2bridge.sys [40248 2019-01-31] (Microsoft Windows -> Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8614464 2018-04-18] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_1aae4f19e68d0780\nvlddmkm.sys [17003280 2017-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-11-15] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50808 2017-11-15] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-11-15] (NVIDIA Corporation -> NVIDIA Corporation)
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [57856 2019-01-31] (Microsoft Windows -> Microsoft Corporation)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [41984 2019-01-31] (Microsoft Windows -> Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [282112 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [107008 2019-01-31] (Microsoft Windows -> Microsoft Corporation)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1409024 2019-06-11] (Microsoft Windows -> Microsoft Corporation)
R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [37920 2019-01-31] (Microsoft Windows -> Microsoft Corporation)
R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [37920 2019-01-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-08-16] (Zemana Ltd. -> Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 

royli

TS Rookie
==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation)
NETSVC: HgClientService -> C:\Windows\system32\hgclientservice.dll (Microsoft Corporation)
NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-21 09:03 - 2019-08-21 09:05 - 000040849 _____ C:\Users\3lchamac0\Desktop\FRST.txt
2019-08-21 09:03 - 2019-08-21 09:03 - 001612800 _____ (Farbar) C:\Users\3lchamac0\Desktop\FRST64.exe
2019-08-21 09:03 - 2019-08-21 09:03 - 000000000 ____D C:\FRST
2019-08-20 15:00 - 2019-08-20 15:00 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1278661410-3598136645-1859861107-1003
2019-08-20 15:00 - 2019-08-20 15:00 - 000002334 _____ C:\Users\royli\Desktop\Google Chrome.lnk
2019-08-20 15:00 - 2019-08-20 15:00 - 000000000 ___RD C:\Users\royli\OneDrive
2019-08-20 14:59 - 2019-08-20 15:02 - 000000000 ____D C:\Users\royli\AppData\Roaming\Everything
2019-08-20 14:59 - 2019-08-20 14:59 - 000000000 ____D C:\Users\royli\AppData\Local\NVIDIA Corporation
2019-08-20 14:58 - 2019-08-20 14:58 - 000001444 _____ C:\Users\royli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Endpoint Security 10 para Windows.lnk
2019-08-20 14:58 - 2019-08-20 14:58 - 000000000 ____D C:\Users\royli\OpenVPN
2019-08-20 14:58 - 2019-08-20 14:58 - 000000000 ____D C:\Users\royli\AppData\Local\MicrosoftEdge
2019-08-20 14:57 - 2019-08-20 15:00 - 000002367 _____ C:\Users\royli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-20 14:57 - 2019-08-20 15:00 - 000000000 ____D C:\Users\royli
2019-08-20 14:57 - 2019-08-20 14:59 - 000000184 _____ C:\Users\royli\AppData\Roaming\sp_data.sys
2019-08-20 14:57 - 2019-08-20 14:59 - 000000000 ____D C:\Users\royli\AppData\Local\Packages
2019-08-20 14:57 - 2019-08-20 14:57 - 000000020 ___SH C:\Users\royli\ntuser.ini
2019-08-20 14:57 - 2019-08-20 14:57 - 000000000 __SHD C:\Users\royli\IntelGraphicsProfiles
2019-08-20 14:57 - 2019-08-20 14:57 - 000000000 ___RD C:\Users\royli\3D Objects
2019-08-20 14:57 - 2019-08-20 14:57 - 000000000 ____D C:\Users\royli\AppData\Roaming\Adobe
2019-08-20 14:57 - 2019-08-20 14:57 - 000000000 ____D C:\Users\royli\AppData\Local\VirtualStore
2019-08-20 14:57 - 2019-08-20 14:57 - 000000000 ____D C:\Users\royli\AppData\Local\Publishers
2019-08-20 14:57 - 2019-08-20 14:57 - 000000000 ____D C:\Users\royli\AppData\Local\NVIDIA
2019-08-20 14:57 - 2019-08-20 14:57 - 000000000 ____D C:\Users\royli\AppData\Local\Google
2019-08-20 14:57 - 2019-08-20 14:57 - 000000000 ____D C:\Users\royli\AppData\Local\ConnectedDevicesPlatform
2019-08-20 14:57 - 2019-06-04 15:16 - 000000000 ____D C:\Users\royli\AppData\Roaming\Macromedia
2019-08-20 14:57 - 2019-02-15 18:10 - 000000000 ____D C:\Users\royli\AppData\Roaming\Intel
2019-08-20 13:44 - 2019-08-20 13:57 - 000000251 _____ C:\Users\3lchamac0\Desktop\test.html
2019-08-20 11:38 - 2019-08-20 11:38 - 000528030 _____ C:\Users\3lchamac0\Downloads\umap0003.xml.gz
2019-08-20 11:29 - 2019-08-20 11:30 - 000222410 _____ C:\TDSSKiller.2.8.16.0_20.08.2019_11.29.28_log.txt
2019-08-20 11:29 - 2019-08-20 11:29 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\74212225.sys
2019-08-20 11:29 - 2019-08-20 11:29 - 000000000 ____D C:\Users\3lchamac0\Downloads\tdsskiller
2019-08-20 11:27 - 2019-08-20 11:28 - 002218636 _____ C:\Users\3lchamac0\Downloads\tdsskiller.zip
2019-08-20 10:33 - 2019-08-20 10:34 - 000009861 _____ C:\Users\3lchamac0\Desktop\hermas.php
2019-08-20 10:21 - 2019-08-20 10:21 - 000007165 _____ C:\Users\3lchamac0\Desktop\products.xlsx
2019-08-20 09:47 - 2019-08-20 09:47 - 000018011 _____ C:\Users\3lchamac0\Desktop\clientes que han comprado Validación Express.xlsx
2019-08-20 09:41 - 2019-08-20 09:41 - 000054001 _____ C:\Users\3lchamac0\Desktop\document.pdf
2019-08-20 09:30 - 2019-08-20 09:48 - 000000664 _____ C:\Users\3lchamac0\Desktop\clientes VS.sql
2019-08-20 09:23 - 2019-08-20 09:23 - 000009828 _____ C:\Users\3lchamac0\Downloads\orders (2).xlsx
2019-08-20 09:13 - 2019-08-20 09:13 - 000076873 _____ C:\Users\3lchamac0\Downloads\orders (1).xlsx
2019-08-20 09:08 - 2019-08-20 09:08 - 000041252 _____ C:\Users\3lchamac0\Downloads\orders.xlsx
2019-08-19 17:59 - 2019-08-19 18:02 - 011539456 _____ (SurfRight B.V.) C:\Users\3lchamac0\Downloads\HitmanPro_x64.exe
2019-08-19 16:01 - 2019-08-19 16:01 - 000001672 _____ C:\WINDOWS\system32\.crusader
2019-08-19 15:43 - 2019-08-19 16:01 - 000000000 ____D C:\ProgramData\HitmanPro
2019-08-19 15:03 - 2019-08-19 15:03 - 006822192 _____ (EnigmaSoft Limited) C:\Users\3lchamac0\Downloads\sh-remover (2).exe
2019-08-19 15:03 - 2019-08-19 15:03 - 000000000 ____D C:\Program Files\EnigmaSoft
2019-08-19 15:02 - 2019-08-19 15:03 - 006822192 _____ (EnigmaSoft Limited) C:\Users\3lchamac0\Downloads\sh-remover.exe
2019-08-19 15:02 - 2019-08-19 15:03 - 006822192 _____ (EnigmaSoft Limited) C:\Users\3lchamac0\Downloads\sh-remover (1).exe
2019-08-19 11:32 - 2019-08-19 11:32 - 000003392 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2019-08-19 11:32 - 2018-03-30 13:12 - 000039096 _____ (Enigma Software Group USA, LLC) C:\WINDOWS\SysWOW64\sh4native.exe
2019-08-19 11:31 - 2019-08-20 15:20 - 000045539 _____ C:\spyhunter.fix
2019-08-19 11:31 - 2019-08-19 14:52 - 000000000 ___HD C:\LD4uDkV1aklscs15
2019-08-19 10:57 - 2019-05-12 05:31 - 000000000 ____D C:\Users\3lchamac0\Downloads\SH42564782
2019-08-19 10:35 - 2019-08-19 10:55 - 136154321 _____ C:\Users\3lchamac0\Downloads\SH42564782.rar
2019-08-19 10:28 - 2019-08-19 10:19 - 000034540 _____ C:\Users\3lchamac0\Downloads\SpyHunter.torrent
2019-08-19 10:27 - 2019-08-19 10:27 - 002599473 _____ (AIMP DevTeam) C:\Users\3lchamac0\Downloads\setup.exe
2019-08-19 09:01 - 2019-08-19 09:03 - 000000000 ____D C:\AdwCleaner
2019-08-19 08:54 - 2019-08-19 08:54 - 000002580 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-08-19 08:54 - 2019-08-19 08:54 - 000002531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-08-19 08:54 - 2019-08-19 08:54 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-08-19 08:54 - 2019-08-19 08:54 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-08-19 08:54 - 2019-08-19 08:54 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-08-19 08:54 - 2019-08-19 08:54 - 000002485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-08-19 08:54 - 2019-08-19 08:54 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-08-19 08:54 - 2019-08-19 08:54 - 000002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-08-19 08:54 - 2019-08-19 08:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-08-16 16:23 - 2019-08-16 16:23 - 000000000 ____D C:\Users\3lchamac0\OpenVPN
2019-08-16 16:22 - 2019-08-16 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2019-08-16 16:22 - 2019-08-16 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2019-08-16 16:22 - 2019-08-16 16:22 - 000000000 ____D C:\Program Files\TAP-Windows
2019-08-16 16:22 - 2019-08-16 16:22 - 000000000 ____D C:\Program Files\OpenVPN
2019-08-16 16:20 - 2019-08-16 16:20 - 000009219 _____ C:\Users\3lchamac0\Desktop\VPNBook.com-OpenVPN-US1.zip
2019-08-16 16:20 - 2019-08-16 16:20 - 000000000 ____D C:\Users\3lchamac0\Desktop\VPNBook.com-OpenVPN-US1
2019-08-16 16:01 - 2019-08-21 08:58 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-08-16 16:01 - 2019-08-16 16:01 - 000002896 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-08-16 16:01 - 2019-08-16 16:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-08-16 16:01 - 2019-08-16 16:01 - 000000000 ____D C:\Program Files\CCleaner
2019-08-16 13:25 - 2019-08-21 09:05 - 000079304 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-08-16 13:25 - 2019-08-16 18:00 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2019-08-16 13:25 - 2019-08-16 15:32 - 000059647 _____ C:\WINDOWS\ZAM.krnl.trace
2019-08-16 13:25 - 2019-08-16 13:25 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2019-08-16 13:25 - 2019-08-16 13:25 - 000000000 ____D C:\Users\3lchamac0\AppData\Local\Zemana
2019-08-16 11:55 - 2019-03-28 05:11 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2019-08-16 11:55 - 2019-03-28 05:11 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2019-08-16 11:55 - 2019-03-28 05:09 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2019-08-16 11:55 - 2019-03-28 05:09 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2019-08-16 11:55 - 2019-03-28 02:35 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll
2019-08-16 11:55 - 2019-03-28 02:35 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll
2019-08-16 11:55 - 2019-03-28 02:35 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll
2019-08-16 11:55 - 2019-03-28 02:35 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll
2019-08-16 11:55 - 2019-03-28 02:35 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll
2019-08-16 11:55 - 2019-03-28 02:35 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 026808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 023453696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 022114960 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 020816896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 019011584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 012939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 012244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 011724288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 009941504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 008900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 007921664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 007884288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 007871488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 006925312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 006544552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 006441472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 006308016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 005587968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 005570968 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 004737536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 004719104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvgm.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 004628992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 004351656 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 004344832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 003978240 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 003818632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 003635200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 003614720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 003567104 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 003385856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 003363856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 003335224 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 003333632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002999808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002942976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002926096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 002842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002778760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002767160 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002700792 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002593544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002438576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002421760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 002346496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002323688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002278792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002177336 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-08-14 09:42 - 2019-08-14 09:42 - 002073232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 002017792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-08-14 09:42 - 2019-08-14 09:42 - 001966904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 001892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001733120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001715712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001715000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001711104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001701880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-14 09:42 - 2019-08-14 09:42 - 001674752 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001668752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001641400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001506304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001483872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001479184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001477432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001472568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 001466880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001465984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001391096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 001344960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-14 09:42 - 2019-08-14 09:42 - 001321784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001278808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 001267712 _____ (Microsoft Corporation) C:\WINDOWS\system32\APMon.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001260560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001222160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001221528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 001205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001182240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 001180464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 001038336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001020416 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000993792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000895792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000864568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000850976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000831288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 000806024 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000783184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000764416 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000763392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000758688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000732168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 000730112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000678680 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000649528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000603280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000586256 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000553784 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000535056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000522104 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000515440 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000508968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000449576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 000444728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000398928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000396088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 000378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000375752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingDiagSpp.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingDiagSpp.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000317240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000294512 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000278624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000262336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-08-14 09:42 - 2019-08-14 09:42 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000203064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 000200504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000193040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000189712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsutil.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-08-14 09:42 - 2019-08-14 09:42 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000177464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationVdev.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000173216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000152576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000152576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000152080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fsutil.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000141736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000121656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000118480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 000114128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000092832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiskSnapshot.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvsetup.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Groupinghc.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2019-08-14 09:42 - 2019-08-14 09:42 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000058882 _____ C:\WINDOWS\system32\srms.dat
2019-08-14 09:42 - 2019-08-14 09:42 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-08-14 09:42 - 2019-08-14 09:42 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\shunimpl.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shunimpl.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-08-14 09:42 - 2019-08-14 09:42 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-08-14 09:42 - 2019-08-14 09:42 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-08-14 09:42 - 2019-08-14 09:42 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-08-14 09:42 - 2019-08-14 09:42 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-08-14 09:42 - 2019-08-14 09:42 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-08-14 09:42 - 2019-08-14 09:42 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-08-14 09:42 - 2019-08-14 09:42 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-08-14 09:42 - 2019-08-14 09:42 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-08-14 09:41 - 2019-08-14 09:42 - 000253256 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 015454736 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe
2019-08-14 09:41 - 2019-08-14 09:41 - 007687784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 003340600 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2019-08-14 09:41 - 2019-08-14 09:41 - 002706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-14 09:41 - 2019-08-14 09:41 - 002031104 _____ C:\WINDOWS\system32\rdpnano.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 002030592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys
2019-08-14 09:41 - 2019-08-14 09:41 - 002022096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 001662264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 001294488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-14 09:41 - 2019-08-14 09:41 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-08-14 09:41 - 2019-08-14 09:41 - 001048376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-14 09:41 - 2019-08-14 09:41 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 000799784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 000794040 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-08-14 09:41 - 2019-08-14 09:41 - 000645432 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 000482104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-14 09:41 - 2019-08-14 09:41 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 000344008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmEngUM.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 000310072 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 000248120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2019-08-14 09:41 - 2019-08-14 09:41 - 000230848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 000147768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2019-08-14 09:41 - 2019-08-14 09:41 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2019-08-14 09:41 - 2019-08-14 09:41 - 000125016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-08-14 09:41 - 2019-08-14 09:41 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pmem.sys
2019-08-14 09:41 - 2019-08-14 09:41 - 000104248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-08-14 09:41 - 2019-08-14 09:41 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-08-14 09:41 - 2019-08-14 09:41 - 000087056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2019-08-14 09:41 - 2019-08-14 09:41 - 000032784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2019-08-14 09:41 - 2019-08-14 09:41 - 000032568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2019-08-11 01:38 - 2019-08-11 01:38 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2019-08-11 01:38 - 2019-08-11 01:38 - 000000000 ____D C:\Users\3lchamac0\AppData\LocalLow\Adobe
2019-08-07 22:24 - 2019-08-08 22:45 - 000000000 ____D C:\Users\3lchamac0\Desktop\doc portugal
2019-08-06 08:56 - 2019-08-06 08:56 - 000000086 _____ C:\Users\3lchamac0\.gitconfig
2019-08-04 22:29 - 2019-08-11 01:49 - 000000000 ____D C:\Users\3lchamac0\Desktop\legalizacion
2019-08-02 14:43 - 2019-08-21 08:52 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
 

royli

TS Rookie
2019-08-01 22:33 - 2019-08-11 01:27 - 000000000 ____D C:\Users\3lchamac0\Desktop\enviar
2019-08-01 22:09 - 2019-08-01 22:09 - 000000000 ____D C:\Users\3lchamac0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\simplewall
2019-08-01 22:09 - 2019-08-01 22:09 - 000000000 ____D C:\Users\3lchamac0\AppData\Roaming\Henry++
2019-08-01 22:09 - 2019-08-01 22:09 - 000000000 ____D C:\Program Files\simplewall
2019-08-01 21:47 - 2019-08-07 05:01 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-01 21:47 - 2019-08-02 14:54 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-08-01 21:47 - 2019-08-02 14:54 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-08-01 21:46 - 2019-08-16 15:35 - 000000000 ____D C:\Users\3lchamac0\AppData\Local\Google
2019-08-01 09:21 - 2019-08-01 09:21 - 000000000 ____D C:\Users\3lchamac0\.vsts
2019-08-01 09:15 - 2019-08-01 09:15 - 000000000 ____D C:\Users\3lchamac0\.Rider2019.1
2019-08-01 09:09 - 2019-08-01 09:09 - 000000000 ____D C:\Program Files\JetBrains
2019-07-24 15:33 - 2019-08-02 14:49 - 000000000 ____D C:\Users\CTAIMA_CAE\AppData\Local\CrashDumps
2019-07-24 15:33 - 2019-07-24 15:33 - 000000000 ____D C:\Users\CTAIMA_CAE\AppData\Local\DBG
2019-07-24 12:10 - 2019-07-24 12:10 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core Runtime Package Store
2019-07-24 12:10 - 2019-07-24 12:10 - 000000000 ____D C:\Program Files (x86)\dotnet
2019-07-24 11:52 - 2019-07-24 11:52 - 000000020 ___SH C:\Users\ACME Dotnet\ntuser.ini
2019-07-24 11:52 - 2019-07-24 11:52 - 000000000 ____D C:\Users\ACME Dotnet
2019-07-24 11:52 - 2019-06-04 15:16 - 000000000 ____D C:\Users\ACME Dotnet\AppData\Roaming\Macromedia
2019-07-24 11:52 - 2019-02-15 18:10 - 000000000 ____D C:\Users\ACME Dotnet\AppData\Roaming\Intel
2019-07-24 11:52 - 2018-09-15 03:29 - 000001105 _____ C:\Users\ACME Dotnet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-23 15:13 - 2019-07-23 17:10 - 000000000 ____D C:\Users\3lchamac0\Documents\dumps
2019-07-23 14:42 - 2019-07-23 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitvise Tunnelier
2019-07-22 08:45 - 2019-08-19 18:03 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-21 09:03 - 2019-01-31 11:27 - 000979372 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-21 09:03 - 2018-09-15 03:31 - 000000000 ____D C:\WINDOWS\INF
2019-08-21 08:57 - 2019-01-31 11:31 - 000004176 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F3F113EA-E643-454A-ABF7-54FD6C0CB4B8}
2019-08-21 08:53 - 2018-12-19 17:39 - 000000603 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2019-08-21 08:52 - 2019-07-08 08:44 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-08-21 08:52 - 2019-02-15 18:13 - 000000000 __SHD C:\Users\3lchamac0\IntelGraphicsProfiles
2019-08-21 08:52 - 2019-01-31 11:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-21 08:52 - 2019-01-26 23:48 - 000000166 _____ C:\Users\3lchamac0\AppData\Roaming\sp_data.sys
2019-08-21 08:52 - 2018-12-19 17:34 - 000000000 ____D C:\ProgramData\Docker
2019-08-21 08:52 - 2018-12-19 14:22 - 000000000 ____D C:\ProgramData\NVIDIA
2019-08-21 08:52 - 2018-12-19 14:16 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2019-08-21 08:52 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-20 18:44 - 2019-01-30 20:24 - 000000000 ____D C:\Users\3lchamac0\AppData\Roaming\Everything
2019-08-20 18:44 - 2018-09-15 02:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-08-20 18:43 - 2018-12-19 18:30 - 000000000 ____D C:\Users\3lchamac0\AppData\Roaming\Code
2019-08-20 15:21 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-20 15:19 - 2018-09-15 03:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-20 14:57 - 2018-12-19 13:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-08-20 14:57 - 2018-09-15 03:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-08-20 14:55 - 2019-02-15 18:49 - 000000000 ____D C:\Users\3lchamac0\AppData\Local\PlaceholderTileLogoFolder
2019-08-20 14:16 - 2019-01-31 11:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-20 13:56 - 2018-12-19 18:37 - 000000000 ____D C:\Users\3lchamac0\AppData\Roaming\Postman
2019-08-20 12:33 - 2018-12-19 18:37 - 000000000 ____D C:\Users\3lchamac0\AppData\Local\Postman
2019-08-20 12:33 - 2018-12-19 15:07 - 000000000 ____D C:\Users\3lchamac0\AppData\Local\CrashDumps
2019-08-20 12:32 - 2018-12-19 14:31 - 000000000 ____D C:\Users\3lchamac0\AppData\Local\SquirrelTemp
2019-08-20 10:21 - 2018-12-19 13:56 - 000000000 ____D C:\Users\3lchamac0\AppData\Local\Packages
2019-08-20 09:29 - 2019-01-07 18:02 - 000000000 ____D C:\Users\3lchamac0\Documents\Visual Studio 2015
2019-08-19 18:03 - 2018-12-19 15:38 - 000000000 ____D C:\Users\3lchamac0\AppData\LocalLow\Mozilla
2019-08-19 18:01 - 2017-06-12 16:15 - 000274690 _____ C:\Users\3lchamac0\Desktop\work.txt
2019-08-19 16:21 - 2018-12-19 14:31 - 000000000 ____D C:\Users\3lchamac0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2019-08-19 16:01 - 2018-12-21 15:11 - 000000000 ____D C:\Program Files\KMSpico
2019-08-19 11:32 - 2019-01-11 10:13 - 000000690 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1278661410-3598136645-1859861107-1001.job
2019-08-19 11:32 - 2019-01-11 10:13 - 000000594 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1278661410-3598136645-1859861107-1001.job
2019-08-19 09:01 - 2019-03-05 12:22 - 000000000 ____D C:\Users\3lchamac0\Desktop\doc auip
2019-08-19 08:53 - 2018-12-21 14:53 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-08-19 08:42 - 2019-01-31 11:31 - 000003868 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-1278661410-3598136645-1859861107-1001
2019-08-19 08:42 - 2019-01-31 11:31 - 000003772 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1278661410-3598136645-1859861107-1001
2019-08-19 08:42 - 2019-01-11 10:13 - 000000000 ____D C:\Users\3lchamac0\AppData\Local\GoToMeeting
2019-08-19 08:37 - 2018-09-15 03:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-19 08:26 - 2018-09-15 02:09 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2019-08-19 08:18 - 2018-12-19 15:03 - 000000000 ____D C:\Program Files (x86)\Opera
2019-08-16 18:00 - 2019-01-31 11:28 - 000001527 _____ C:\WINDOWS\system32\config\VSMIDK
2019-08-16 16:23 - 2019-01-31 11:27 - 000000000 ____D C:\Users\3lchamac0
2019-08-16 16:04 - 2019-06-15 00:08 - 000000000 ____D C:\Users\3lchamac0\AppData\Roaming\MPC-HC
2019-08-16 16:04 - 2019-04-02 09:50 - 000000000 ____D C:\Users\3lchamac0\AppData\Roaming\FileZilla
2019-08-16 16:04 - 2019-01-31 02:02 - 000000000 ___DC C:\WINDOWS\Panther
2019-08-15 13:00 - 2019-01-31 11:26 - 000432448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-15 13:00 - 2018-12-19 13:56 - 000000000 ___RD C:\Users\3lchamac0\3D Objects
2019-08-15 00:46 - 2019-01-31 11:06 - 000000000 ____D C:\Program Files\Hyper-V
2019-08-15 00:46 - 2018-09-15 05:11 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-15 00:46 - 2018-09-15 03:33 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-08-15 00:46 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-08-15 00:46 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-15 00:46 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\Provisioning
2019-08-15 00:46 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-08-15 00:46 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-14 09:49 - 2019-02-14 21:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-14 09:44 - 2019-02-14 21:52 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-11 01:54 - 2019-04-23 10:33 - 000000000 ____D C:\Users\3lchamac0\Desktop\doc ecuador
2019-08-11 01:49 - 2019-03-06 00:46 - 000000000 ___RD C:\Users\3lchamac0\Documents\Scanned Documents
2019-08-11 01:39 - 2019-06-04 15:16 - 000000000 ____D C:\ProgramData\Adobe
2019-08-11 01:38 - 2019-06-04 15:16 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-08-11 01:38 - 2018-12-19 19:06 - 000000000 ____D C:\Users\3lchamac0\AppData\Local\Adobe
2019-08-11 01:38 - 2018-12-19 13:56 - 000000000 ____D C:\Users\3lchamac0\AppData\Roaming\Adobe
2019-08-10 05:52 - 2018-12-21 00:55 - 000000000 ____D C:\Users\3lchamac0\AppData\Roaming\vlc
2019-08-09 23:19 - 2018-12-26 21:39 - 000000000 ____D C:\KMPlayer
2019-08-09 18:07 - 2019-01-31 11:31 - 000003388 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1278661410-3598136645-1859861107-1001
2019-08-09 18:07 - 2019-01-31 11:27 - 000002379 _____ C:\Users\3lchamac0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-09 18:07 - 2018-12-19 13:58 - 000000000 ___RD C:\Users\3lchamac0\OneDrive
2019-08-09 13:42 - 2019-04-05 10:24 - 000000000 ____D C:\Users\3lchamac0\AppData\Roaming\StorageExplorer
2019-08-09 08:24 - 2019-01-31 11:31 - 000003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1545246236
2019-08-09 08:24 - 2018-12-19 15:10 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-08-07 11:01 - 2019-05-20 08:56 - 000000000 ____D C:\Users\3lchamac0\Desktop\doc chile
2019-08-06 10:41 - 2018-12-19 14:08 - 000000000 ____D C:\Users\3lchamac0\AppData\Local\Comms
2019-08-06 08:56 - 2019-02-15 13:58 - 000000707 _____ C:\Users\3lchamac0\.bash_history
2019-08-01 21:47 - 2018-12-19 14:40 - 000000000 ____D C:\Program Files (x86)\Google
2019-08-01 09:36 - 2019-02-20 11:13 - 000000000 ____D C:\Users\3lchamac0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains
2019-08-01 09:35 - 2019-02-20 11:13 - 000000000 ____D C:\Users\3lchamac0\AppData\Roaming\JetBrains
2019-08-01 09:29 - 2019-02-20 10:59 - 000000000 ____D C:\Users\3lchamac0\AppData\Local\JetBrains
2019-08-01 09:29 - 2018-12-19 18:34 - 000000000 ____D C:\Users\3lchamac0\AppData\Local\NuGet
2019-08-01 09:11 - 2019-02-21 16:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2019-07-31 08:31 - 2018-12-19 13:56 - 000000000 ____D C:\Users\3lchamac0\AppData\Local\ConnectedDevicesPlatform
2019-07-24 16:21 - 2017-11-06 17:13 - 000000000 ____D C:\Users\3lchamac0\Desktop\compartida
2019-07-24 14:25 - 2018-12-19 15:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-24 14:14 - 2018-12-19 14:28 - 000001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2019-07-24 12:10 - 2018-12-19 14:21 - 000000000 ____D C:\ProgramData\Package Cache
2019-07-24 12:09 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2019-07-24 12:09 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2019-07-24 11:26 - 2018-12-19 15:38 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-07-23 14:42 - 2019-01-09 17:18 - 000000000 ____D C:\Program Files (x86)\Bitvise Tunnelier
2019-07-23 14:24 - 2018-12-19 14:36 - 000000000 ____D C:\Users\3lchamac0\AppData\Local\D3DSCache
2019-07-22 08:41 - 2019-01-29 12:04 - 000000000 ____D C:\Users\3lchamac0\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories ================

1601-01-03 22:26 - 1601-01-03 22:26 - 000059904 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\ulYTbAyuC.exe
2019-01-26 23:48 - 2019-08-21 08:52 - 000000166 _____ () C:\Users\3lchamac0\AppData\Roaming\sp_data.sys
2019-01-09 17:39 - 2019-05-24 20:16 - 000000600 _____ () C:\Users\3lchamac0\AppData\Roaming\winscp.rnd
1601-01-03 22:26 - 1601-01-03 22:26 - 000059904 _____ (Microsoft Corporation) C:\Users\3lchamac0\AppData\Local\cUGVII.exe
2019-01-09 17:35 - 2019-05-24 17:20 - 000000600 _____ () C:\Users\3lchamac0\AppData\Local\PUTTY.RND
2019-01-30 21:45 - 2019-01-30 21:45 - 000000003 _____ () C:\Users\3lchamac0\AppData\Local\wbem.ini

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
 

royli

TS Rookie
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by 3lchamac0 (21-08-2019 09:07:51)
Running from C:\Users\3lchamac0\Desktop
Windows 10 Pro Version 1809 17763.678 (X64) (2019-01-31 15:33:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

3lchamac0 (S-1-5-21-1278661410-3598136645-1859861107-1001 - Administrator - Enabled) => C:\Users\3lchamac0
Administrator (S-1-5-21-1278661410-3598136645-1859861107-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1278661410-3598136645-1859861107-503 - Limited - Disabled)
Guest (S-1-5-21-1278661410-3598136645-1859861107-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1278661410-3598136645-1859861107-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Endpoint Security 10 for Windows (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Endpoint Security 10 for Windows (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Endpoint Security 10 for Windows (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Core SDK 1.1.11 (x64) (HKLM\...\{9A20501C-247F-4AD7-B5FF-DF9778D8C207}) (Version: 4.18.54446 - Microsoft Corporation) Hidden
.NET Core SDK 1.1.11 (x64) (HKLM-x32\...\{c700c348-4138-4c4d-84b9-2e098dc72103}) (Version: 1.1.11 - Microsoft Corporation)
Active Directory Authentication Library for SQL Server (HKLM\...\{4EE99065-01C6-49DD-9EC6-E08AA5B13491}) (Version: 14.0.1000.169 - Microsoft Corporation)
AddDeskModule version 1.0.0 (HKLM-x32\...\AddDeskModule_is1) (Version: 1.0.0 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.14.0006 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS)
Balsamiq Mockups 3 (HKLM-x32\...\{DD3D206D-0E2A-13E1-C0CE-DC751907F1D4}) (Version: 3.5.15 - Balsamiq SRL) Hidden
Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.5.15 - Balsamiq SRL)
Bitvise Tunnelier 4.39 (remove only) (HKLM-x32\...\Tunnelier) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.95.52 - Conexant)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
Docker for Windows (HKLM\...\Docker for Windows) (Version: 18.06.1-ce-win73 - Docker Inc.)
Entity Framework 6.2.0 Tools for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
Everything 1.3.3.658b (x86) (HKLM-x32\...\Everything) (Version: - )
FileZilla Client 3.39.0 (HKLM-x32\...\FileZilla Client) (Version: 3.39.0 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.2.413 - Foxit Corporation)
Git version 2.22.0.windows.1 (HKLM\...\Git_is1) (Version: 2.22.0.windows.1 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{D144D2C2-4F96-48B7-BB2A-E9185050B619}) (Version: 1.0.491 - LogMeIn, Inc.)
GoToMeeting 8.47.0.14074 (HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\GoToMeeting) (Version: 8.47.0.14074 - LogMeIn, Inc.)
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{0961a92c-ad83-40dd-a0fc-29ba41e5349d}) (Version: 20.50.3 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java SE Development Kit 8 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
JetBrains dotCover 2019.1.2 (HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\{9b20a6a1-4ec1-5fab-8019-4fe689be1aaa}) (Version: 2019.1.2 - JetBrains s.r.o.)
JetBrains dotPeek 2019.1.2 (HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\{57f20c38-00ce-5595-bda3-5eb71dd556c5}) (Version: 2019.1.2 - JetBrains s.r.o.)
JetBrains dotTrace 2019.1.2 (HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\{62db652d-c5a3-54c9-877a-b38aca7e4870}) (Version: 2019.1.2 - JetBrains s.r.o.)
JetBrains PhpStorm 2016.1 (HKLM-x32\...\PhpStorm 2016.1) (Version: 145.258.2 - JetBrains s.r.o.)
JetBrains ReSharper Ultimate in Visual Studio Enterprise 2017 (HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\{31ccdb81-2b6d-5400-9a62-4ae1d03a57b0}) (Version: 2019.1.2 - JetBrains s.r.o.)
JetBrains Rider 2019.1.1 (HKLM-x32\...\JetBrains Rider 2019.1.1) (Version: 191.6733.985 - JetBrains s.r.o.)
Kaspersky Endpoint Security 10 para Windows (HKLM-x32\...\{7A4192A1-84C4-4E90-A31B-B4847CA8E23A}) (Version: 10.2.6.3733 - Kaspersky Lab)
Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden
K-Lite Codec Pack 11.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.6.5 - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.0.0 - PandoraTV)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Microsoft .NET Core 2.0.8 - Windows Server Hosting (HKLM-x32\...\{5939a8e2-457f-458c-aa64-aee5af512564}) (Version: 2.0.40426.10026 - Microsoft Corporation)
Microsoft .NET Core Runtime - 2.0.7 (x64) (HKLM-x32\...\{b7cb6538-e06d-4f16-ae77-f9d8b79960f5}) (Version: 2.0.7.26407 - Microsoft Corporation)
Microsoft .NET Core Runtime - 2.0.7 (x86) (HKLM-x32\...\{d09bc647-8032-4711-bfe8-7359c73580f1}) (Version: 2.0.7.26407 - Microsoft Corporation)
Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.300 - Preview (x64) (HKLM-x32\...\{dc6f6ae4-e3d7-47b4-b55a-8e8eb0b09947}) (Version: 2.1.300.8533 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.302 (x64) (HKLM-x32\...\{95c3ca27-1151-4c19-be0f-2c4dbdb382f9}) (Version: 2.1.302 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.500 (x64) (HKLM-x32\...\{d83984c4-b4ab-41e1-8d62-84f151ca642b}) (Version: 2.1.500 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.603 (x64) (HKLM-x32\...\{c57339fb-49cd-4dbe-a676-54a64f5c4bf1}) (Version: 2.1.603 - Microsoft Corporation)
Microsoft .NET Core SDK 2.2.102 (x64) (HKLM-x32\...\{56a2b388-78a6-43dd-a23e-0d25691f4338}) (Version: 2.2.102 - Microsoft Corporation)
Microsoft .NET Core SDK 2.2.203 (x64) (HKLM-x32\...\{04f9c4c9-b2db-4e7c-808a-5a1c63feca5a}) (Version: 2.2.203 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.5.3 (HKLM\...\{086C537B-DE1A-4A11-8441-6AAF076174B8}) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.5.3 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.3) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation)
Microsoft Azure PowerShell - April 2018 (HKLM\...\{3BA7CAA9-97BA-4528-B7E1-B640910BB149}) (Version: 5.7.0.18831 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation)
Microsoft Azure Storage Explorer version 1.7.0 (HKLM-x32\...\{8E14ADF3-1B18-4711-87BD-E3827D395466}_is1) (Version: 1.7.0 - Microsoft Corporation)
Microsoft Azure Storage Tools - v6.2.0 (HKLM-x32\...\{892953E3-13C3-4F61-8F8D-B0464C1A4B82}) (Version: 6.2.0.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{76CF9EF4-ABA0-484E-8042-12B99499AF5F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.11901.20218 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1278661410-3598136645-1859861107-1003\...\OneDriveSetup.exe) (Version: 18.143.0717.0002 - Microsoft Corporation)
Microsoft R Client (HKLM\...\{02EFEF35-C9D6-465D-BB0E-EB48B549B3AB}) (Version: 3.3.2.1988 - Microsoft)
Microsoft SQL Server 2012 Native Client (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft SQL Server 2017 LocalDB (HKLM\...\{216778FC-CC9A-4D47-AF5E-8223A37626D4}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server 2017 Policies (HKLM-x32\...\{256EDCB9-A64D-433C-A1DC-C76F02475915}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft SQL Server 2017 T-SQL Language Service (HKLM\...\{F19EAF2B-3405-47FE-B918-92C8A2C62008}) (Version: 14.0.17224.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{F13867E5-6039-44C7-9569-77A6E7CD560E}) (Version: 14.0.3953.4 - Microsoft Corporation)
Microsoft SQL Server Management Studio - 17.5 (HKLM-x32\...\{240f5a1a-97f3-41f3-bc7a-f5817f00f3e4}) (Version: 14.0.17224.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 (HKLM\...\{9D78F5D4-79D2-4FC6-AC56-F364A0ABC54F}) (Version: 14.0.1000.169 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM\...\{98DD6908-C582-452A-954D-E79E6DF0310A}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP1.6 (HKLM-x32\...\{640EECB8-1962-4D23-ACB2-310107EC7ED9}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\Teams) (Version: 1.2.00.21068 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27012 (HKLM-x32\...\{67f67547-9693-4937-aa13-56e296bd40f6}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM-x32\...\{F8A2A208-72B3-4D61-95FC-8A65D340689B}_is1) (Version: 1.36.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1080.1029 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation)
Microsoft Web Platform Installer 5.1 (HKLM\...\{4D38C3A3-B685-4AB5-BD6D-FD88BCED5805}) (Version: 5.1.51515.0 - Microsoft Corporation)
Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0 - Mozilla)
MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
MySQL Connector/ODBC 5.1 (HKLM\...\{DD4937E6-77BF-4173-AD69-18D5B1C6D284}) (Version: 5.1.13 - Oracle Corporation)
MySQL Workbench 6.3 CE (HKLM\...\{CD8C5EC0-56A3-4F6E-BB22-E230059DF1F2}) (Version: 6.3.9 - Oracle Corporation)
Node.js (HKLM\...\{33927164-9E67-47F2-8EC9-0E2E10F6B1FE}) (Version: 10.14.2 - Node.js Foundation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.57 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11901.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11901.20218 - Microsoft Corporation) Hidden
OpenVPN 2.4.4-I601 (HKLM\...\OpenVPN) (Version: 2.4.4-I601 - OpenVPN Technologies, Inc.)
Opera Stable 62.0.3331.116 (HKLM-x32\...\Opera 62.0.3331.116) (Version: 62.0.3331.116 - Opera Software)
Postman-win64-7.5.0 (HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\Postman) (Version: 7.5.0 - Postman)
PremiumSoft Navicat Premium 11.1 (HKLM\...\PremiumSoft Navicat Premium_is1) (Version: 11.1.10 - PremiumSoft CyberTech Ltd.)
PrtScr 1.7 (HKLM-x32\...\PrtScr_is1) (Version: - FireStarter)
Python 2.7.13 (Anaconda2 4.3.1 64-bit) (HKLM\...\Python 2.7.13 (Anaconda2 4.3.1 64-bit)) (Version: 4.3.1 - Continuum Analytics, Inc.)
Python 3.6.5 (Anaconda3 5.2.0 64-bit) (HKLM\...\Python 3.6.5 (Anaconda3 5.2.0 64-bit)) (Version: 5.2.0 - Anaconda, Inc.)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
simplewall (HKLM\...\simplewall) (Version: 2.3.13 - Henry++)
SmartGit (HKLM\...\SmartGit c:/program files/smartgit_is1) (Version: - syntevo GmbH)
SmartGit (HKLM-x32\...\SmartGit c:/program files (x86)/smartgit_is1) (Version: - syntevo GmbH)
SoapUI 5.5.0 (HKLM-x32\...\5517-2803-0637-4585) (Version: 5.5.0 - SmartBear Software)
SQL Server 2017 Batch Parser (HKLM\...\{2C6E8311-28BD-4615-9545-6E39E8E83A4B}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools Extensions (HKLM\...\{06324A5D-66BB-4FAC-8D0B-9FEC1B230FFF}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Client Tools Extensions (HKLM\...\{200F38B2-1492-4576-B08C-78F2C2C953FC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM-x32\...\{6CE9A8AA-C478-4706-BD28-95993D52B5A1}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Common Files (HKLM-x32\...\{D17B5D3D-3BC7-4AFA-AD90-600B5453826E}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{89A7644F-E056-4EC1-BFDE-9D1A531D6855}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Connection Info (HKLM\...\{A9A443F5-56E1-4FC6-937C-5F481345A843}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{B9998A13-5563-496C-B95E-597FFC70B670}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 DMF (HKLM\...\{D7D28BBF-3B0E-43F0-A457-331F1CD9E9EB}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Integration Services Scale Out Management Portal (HKLM\...\{6BD8D100-B16C-409E-B0EA-BF508D7874EC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Integration Services Scale Out Management Portal (HKLM\...\{91C5EE43-29D1-4720-AB65-5E2E0FE25990}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Management Studio Extensions (HKLM-x32\...\{6492E746-1C5D-48C2-A92A-97D431F74664}) (Version: 14.0.3006.16 - Microsoft Corporation) Hidden
SQL Server 2017 Management Studio Extensions (HKLM-x32\...\{70C24F35-7E36-45FC-B289-3D2849E5556B}) (Version: 14.0.3006.16 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{10855B1A-F7F2-4D8A-A725-9287C73BED5A}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects (HKLM\...\{6CBBF624-696C-499E-948D-ADBAFFA2F548}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{8C515C22-BE07-4908-985C-0AA9349E1ED4}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 Shared Management Objects Extensions (HKLM\...\{C6D92730-3EC0-47B1-8F6C-6F5635D1EFAC}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server 2017 SQL Diagnostics (HKLM\...\{DFA6A906-3024-49DE-87AD-750EAED2FA49}) (Version: 14.0.1000.169 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{2505505B-176A-41B3-91CA-99F2D59DAC4F}) (Version: 14.0.17224.0 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{9BBE717B-128F-4470-9032-F373273DD237}) (Version: 14.0.17224.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Analysis Services (HKLM\...\{6680F55E-0564-4B8E-BC77-46F860C21EB0}) (Version: 14.0.17224.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Reporting Services (HKLM\...\{91B14D7B-3242-47E2-B5E9-87DE45FA564F}) (Version: 14.0.17224.0 - Microsoft Corporation) Hidden
SSMS Post Install Tasks (HKLM\...\{C1241E94-FCC4-4C40-A3F3-5FD7F79CB0D1}) (Version: 14.0.17224.0 - Microsoft Corporation) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Taurus (HKLM\...\Taurus) (Version: 1.13.6 - CA BlazeMeter)
TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Visual Studio Enterprise 2017 (HKLM-x32\...\89142961) (Version: 15.9.28307.145 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_codecoveragemsi (HKLM-x32\...\{B2DB38F7-4225-4EA6-A7B2-F9A0E089DD89}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_codeduitestframeworkmsi (HKLM-x32\...\{4379D9C7-B16D-486C-BC6D-43550A4C55EE}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_cuitcommoncoremsi (HKLM-x32\...\{060D7518-16AC-41F1-9956-38CA636FCF7B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_cuitextensionmsi (HKLM-x32\...\{88484E59-774D-4947-AF0E-4524D6C3147D}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_cuitextensionmsi_x64 (HKLM-x32\...\{184D5702-3AD2-4F0D-95E6-11E1C75A9298}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_labtestagentdeployermsi (HKLM-x32\...\{C1F64628-8804-401F-B2F2-FB47B6B0DF14}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_microsofttestmanagermsi (HKLM-x32\...\{29A2EA09-97A9-4555-89A5-E396994F4642}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_networkemulationmsi_x64 (HKLM-x32\...\{674BB892-7904-4B94-8077-9DA3D2CBFC70}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WhiteClick (HKLM-x32\...\{AFBD847D-108D-4A33-BA7E-2BC8DC102E30}) (Version: 4.1.6 - White Click LLC) <==== ATTENTION
WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22514 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusSGDrv) Mouse (10/06/2015 8.0.0.23) (HKLM\...\DA2E0A005E6CD7900733D89DA6D9F31585E338DF) (Version: 10/06/2015 8.0.0.23 - ASUS)
Windows SDK AddOn (HKLM-x32\...\{1E76DFA7-96F3-4281-8E41-8A226C3E42EE}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden

Packages:
=========
Avast Online Security -> C:\Program Files\WindowsApps\51CA791E.AvastOnlineSecurity_19.2.289.0_neutral__s1d0xtrs8dx04 [2019-08-19] (AVAST Software)
EdgeDevtoolsPlugin -> C:\WINDOWS\SystemApps\Microsoft.EdgeDevtoolsPlugin_cw5n1h2txyewy [2019-02-14] (Microsoft Corporation)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-17] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-22] (Microsoft Corporation) [MS Ad]
Ubuntu -> C:\Program Files\WindowsApps\CanonicalGroupLimited.UbuntuonWindows_1804.2019.521.0_x64__79rhkp1fndgsc [2019-05-27] (Canonical Group Limited)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1278661410-3598136645-1859861107-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\3lchamac0\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19178.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1278661410-3598136645-1859861107-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\3lchamac0\AppData\Local\GoToMeeting\11282\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-1278661410-3598136645-1859861107-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\3lchamac0\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19178.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_05.dll [2012-06-18] () [File not signed]
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2013-04-06] (Foxit Corporation -> Foxit Corporation)
ContextMenuHandlers1: [Kaspersky Anti-Virus] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\x64\ShellEx.dll [2015-11-10] (Kaspersky Lab -> Kaspersky Lab ZAO)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\x64\ShellEx.dll [2015-11-10] (Kaspersky Lab -> Kaspersky Lab ZAO)
ContextMenuHandlers4: [Kaspersky Anti-Virus] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\x64\ShellEx.dll [2015-11-10] (Kaspersky Lab -> Kaspersky Lab ZAO)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\x64\ShellEx.dll [2015-11-10] (Kaspersky Lab -> Kaspersky Lab ZAO)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-28] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-12-02 19:01 - 2015-12-02 19:01 - 000124928 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 000027648 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 000029184 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2018-12-19 14:28 - 2018-12-19 14:28 - 000790528 _____ () [File not signed] c:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\commonextensions\microsoft\managedlanguages\vbcsharp\languageservices\x86\e_sqlite3.dll
2018-12-19 14:28 - 2018-12-19 14:28 - 000790528 _____ () [File not signed] C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\ServiceHub\Services\Microsoft.Developer.Settings\e_sqlite3.DLL
2018-12-19 14:30 - 2013-06-06 18:44 - 018730496 _____ () [File not signed] C:\Program Files (x86)\PrtScr\dsp_ipp.dll
2018-12-19 14:30 - 2013-04-06 13:26 - 000487424 _____ () [File not signed] C:\Program Files (x86)\PrtScr\freetype.dll
2018-12-19 14:30 - 2013-04-11 06:18 - 000509440 _____ () [File not signed] C:\Program Files (x86)\PrtScr\QuickFontCache.dll
2019-07-29 12:03 - 2019-07-29 12:03 - 000119808 _____ (AO Kaspersky Lab) [File not signed] C:\ProgramData\Kaspersky Lab\KES10SP1\Bases\Cache\rar_win_x86_01.ppl
2015-12-02 19:01 - 2015-12-02 19:01 - 001676288 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ApplyLUT.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 000178176 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\GenLUT.dll
2015-12-02 19:01 - 2015-12-02 19:01 - 000164864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll
2019-06-28 10:10 - 2018-03-13 10:21 - 001173504 _____ (Conexant Systems, Inc.) [File not signed] C:\Program Files\Conexant\SAII\CxHDAudioAPI.dll
2019-08-21 08:53 - 2019-08-21 08:53 - 000139264 ____N (Eclipse Foundation) [File not signed] C:\Users\3lchamac0\AppData\Roaming\syntevo\SmartGit\18.2\swt.tmp\swt-gdip-win32-4922r22.dll
2019-08-21 08:53 - 2019-08-21 08:53 - 000564736 ____N (Eclipse Foundation) [File not signed] C:\Users\3lchamac0\AppData\Roaming\syntevo\SmartGit\18.2\swt.tmp\swt-win32-4922r22.dll
2019-08-21 08:53 - 2019-08-21 08:53 - 000246272 _____ (Java(TM) Native Access (JNA)) [File not signed] C:\Users\3lchamac0\AppData\Roaming\syntevo\SmartGit\18.2\jna-tmp\com\sun\jna\win32-x86-64\jnidispatch.dll
2019-07-02 12:52 - 2019-02-04 20:45 - 000143360 _____ (Oracle Corporation) [File not signed] c:\program files\smartgit\jre\bin\java.dll
2019-07-02 12:52 - 2019-02-04 20:45 - 000019968 _____ (Oracle Corporation) [File not signed] c:\program files\smartgit\jre\bin\jimage.dll
2019-07-02 12:52 - 2019-02-04 20:45 - 000015360 _____ (Oracle Corporation) [File not signed] C:\Program Files\SmartGit\jre\bin\management.dll
2019-07-02 12:52 - 2019-02-04 20:45 - 000022528 _____ (Oracle Corporation) [File not signed] C:\Program Files\SmartGit\jre\bin\management_ext.dll
2019-07-02 12:52 - 2019-02-04 20:45 - 000090112 _____ (Oracle Corporation) [File not signed] C:\Program Files\SmartGit\jre\bin\net.dll
2019-07-02 12:52 - 2019-02-04 20:45 - 000053760 _____ (Oracle Corporation) [File not signed] C:\Program Files\SmartGit\jre\bin\nio.dll
2019-07-02 12:52 - 2019-02-04 20:45 - 010611712 _____ (Oracle Corporation) [File not signed] c:\program files\smartgit\jre\bin\server\jvm.dll
2019-07-02 12:52 - 2019-02-04 20:45 - 000130048 _____ (Oracle Corporation) [File not signed] C:\Program Files\SmartGit\jre\bin\sunec.dll
2019-07-02 12:52 - 2019-02-04 20:45 - 000043008 _____ (Oracle Corporation) [File not signed] c:\program files\smartgit\jre\bin\verify.dll
2019-07-02 12:52 - 2019-02-04 20:45 - 000070144 _____ (Oracle Corporation) [File not signed] c:\program files\smartgit\jre\bin\zip.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\sharepoint.com -> hxxps://acctaima-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 19:38 - 2019-08-20 14:46 - 000001116 _____ C:\WINDOWS\system32\drivers\etc\hosts

192.168.0.109 host.docker.internal
192.168.0.109 gateway.docker.internal
127.0.0.1 gonlinetrip.test
127.0.0.1 prueba.test
0.0.0.0 account.jetbrains.com
0.0.0.0 www.jetbrains.com
127.0.0.1 license.piriform.com

2018-12-19 17:39 - 2019-08-21 08:53 - 000000603 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

192.168.200.193 DESKTOP-A247604.mshome.net # 2024 8 1 19 12 53 58 326
18 930
6 37 585

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Docker\Docker\Resources\bin;C:\Program Files\Microsoft MPI\Bin\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\nodejs\;C:\Program Files (x86)\Microsoft VS Code\bin;C:\Program Files (x86)\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Bitvise Tunnelier;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\ProgramData\Anaconda2;C:\ProgramData\Anaconda2\Scripts;C:\ProgramData\Anaconda2\Library\bin;C:\Program Files\Taurus\bin;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Git\cmd;C:\Program Files (x86)\dotnet\
HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\3lchamac0\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\31331-1360x768.jpg
HKU\S-1-5-21-1278661410-3598136645-1859861107-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-82-2325601586-2736651707-184426384-2820633745-1097891582\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-82-271721585-897601226-2024613209-625570482-296978595\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-82-3682073875-1643277370-2842298652-3532359455-2406259117\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-82-3876422241-1344743610-1729199087-774402673-2621913236\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-82-4035669369-1394164305-1342763263-319680832-1071764339\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-82-4068219030-1673637257-3279585211-533386110-4122969689\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 45.86.180.227 - 185.162.93.213
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\StartupApproved\Run: => "Docker for Windows"
HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_80CF4017427F42F0A1A4CCCD3B22993B"
HKU\S-1-5-21-1278661410-3598136645-1859861107-1001\...\StartupApproved\Run: => "OPENVPN-GUI"
 

royli

TS Rookie
==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe (Microsoft Windows -> )
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNS Server Forward Rule - TCP - CA8DB0AC-7690-46DE-B799-106659EBE000 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - CA8DB0AC-7690-46DE-B799-106659EBE000 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - D453E284-28B1-43B5-8587-2EB65BE6A899 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - D453E284-28B1-43B5-8587-2EB65BE6A899 - 0] => (Allow) LPort=53
FirewallRules: [{3A6750A4-D2D4-4913-8A84-CB2110080C26}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{047CC4F6-76F2-4FF4-8262-AD44A188F7A3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [DNS Server Forward Rule - TCP - 1846B4DF-4654-4483-9039-BEB06BB28D90 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 1846B4DF-4654-4483-9039-BEB06BB28D90 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 5FDBD2B7-2022-4580-A65D-FF09D7A70BEA - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 5FDBD2B7-2022-4580-A65D-FF09D7A70BEA - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 9E9B1692-7A76-4BF8-B8EC-BAF8412BAF02 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 9E9B1692-7A76-4BF8-B8EC-BAF8412BAF02 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - FF4FD924-C96D-4D3F-A27D-D2D7ACF4570B - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - FF4FD924-C96D-4D3F-A27D-D2D7ACF4570B - 0] => (Allow) LPort=53
FirewallRules: [{2A543D6C-12B7-4462-AE93-9989295E79F4}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.99_0\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{4AB5F54B-2D1B-4613-B891-D49F59B0345D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{25200910-26CD-4B9E-BFDA-D8DB1497E894}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E8F6D4D8-AEE0-4B6F-9CD7-BDD6B06B2687}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9EF28237-3377-4207-9B3D-32009C8D041A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5964E16E-9F55-411D-B496-76F34156AD1D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E6B76029-8018-4589-B0F4-1ECB5E847123}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{FCD930A5-4CF6-4D33-AAA4-4F8F221A9C7B}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{0B3EF01B-A88E-4DD8-AF90-CE09A47B9E0E}C:\users\3lchamac0\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\3lchamac0\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{C193F479-DE0D-4588-9A79-9DCB956BF610}C:\users\3lchamac0\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\3lchamac0\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{F2551840-790D-482C-B6CB-208BA83C607C}C:\users\3lchamac0\appdata\local\packages\canonicalgrouplimited.ubuntuonwindows_79rhkp1fndgsc\localstate\rootfs\usr\sbin\apache2] => (Allow) C:\users\3lchamac0\appdata\local\packages\canonicalgrouplimited.ubuntuonwindows_79rhkp1fndgsc\localstate\rootfs\usr\sbin\apache2 () [File not signed]
FirewallRules: [UDP Query User{86351F46-6BB9-48D4-9DB5-E91193D1EF6E}C:\users\3lchamac0\appdata\local\packages\canonicalgrouplimited.ubuntuonwindows_79rhkp1fndgsc\localstate\rootfs\usr\sbin\apache2] => (Allow) C:\users\3lchamac0\appdata\local\packages\canonicalgrouplimited.ubuntuonwindows_79rhkp1fndgsc\localstate\rootfs\usr\sbin\apache2 () [File not signed]
FirewallRules: [TCP Query User{F33E9466-D198-41D3-9439-0A4EFC5FA142}D:\programas\jetbrains\licenceserver(v1.3)\intellijidealicenseserver_windows_amd64.exe] => (Allow) D:\programas\jetbrains\licenceserver(v1.3)\intellijidealicenseserver_windows_amd64.exe () [File not signed]
FirewallRules: [UDP Query User{6911C9DB-7229-4482-8C4B-05E2F8EF09E5}D:\programas\jetbrains\licenceserver(v1.3)\intellijidealicenseserver_windows_amd64.exe] => (Allow) D:\programas\jetbrains\licenceserver(v1.3)\intellijidealicenseserver_windows_amd64.exe () [File not signed]
FirewallRules: [DNS Server Forward Rule - TCP - 61EDEF5F-19D2-4E3C-9C35-FDCDAFFA7997 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 61EDEF5F-19D2-4E3C-9C35-FDCDAFFA7997 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - ECB99611-EBF7-47BB-B0D7-A8E755545231 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - ECB99611-EBF7-47BB-B0D7-A8E755545231 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - E7271962-4146-47A1-BDAA-D0E0C62355FA - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - E7271962-4146-47A1-BDAA-D0E0C62355FA - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 521110F4-4C04-423E-BF8F-D78415B551CF - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 521110F4-4C04-423E-BF8F-D78415B551CF - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 5BF8C00D-AE3D-4741-A1E5-DE03080DFC57 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 5BF8C00D-AE3D-4741-A1E5-DE03080DFC57 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 24BDB82F-F343-4531-B186-FBCE6C7C194B - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 24BDB82F-F343-4531-B186-FBCE6C7C194B - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 466FB3B8-1637-4BDB-88F8-27F75BB45A61 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 466FB3B8-1637-4BDB-88F8-27F75BB45A61 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 65F66AC5-D799-4180-A6D7-71E0CF6408DF - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 65F66AC5-D799-4180-A6D7-71E0CF6408DF - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - D0011F42-6FC8-4807-AD5A-50E4686B2BD1 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - D0011F42-6FC8-4807-AD5A-50E4686B2BD1 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 6FF97473-C6F9-4D5A-998B-B2EA956E8A90 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 6FF97473-C6F9-4D5A-998B-B2EA956E8A90 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - B5FABA20-D9DD-4CBD-8995-0F39FE145053 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - B5FABA20-D9DD-4CBD-8995-0F39FE145053 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 6771E402-8154-4A0F-A8D8-2BB89FDAD5E3 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 6771E402-8154-4A0F-A8D8-2BB89FDAD5E3 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - D7CDDFF0-6CAA-46E9-BE7A-11C31A0E7B72 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - D7CDDFF0-6CAA-46E9-BE7A-11C31A0E7B72 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - C550DCAA-3CE7-4C51-BF17-D1FAEE59A682 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - C550DCAA-3CE7-4C51-BF17-D1FAEE59A682 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - CD1CF27B-5543-47FB-8C70-5528CD5F824B - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - CD1CF27B-5543-47FB-8C70-5528CD5F824B - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - F965F7D3-B5C3-46B7-841D-57EF47B04FB2 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - F965F7D3-B5C3-46B7-841D-57EF47B04FB2 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 427ED60B-6594-45C7-8E09-AAD43F58BBF5 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 427ED60B-6594-45C7-8E09-AAD43F58BBF5 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 56631A85-432F-4220-98BA-6C9C213EBCE3 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 56631A85-432F-4220-98BA-6C9C213EBCE3 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 19F6145A-0149-486C-A524-7DFAC85B8F96 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 19F6145A-0149-486C-A524-7DFAC85B8F96 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 315E0B61-11C4-4BC4-9B9F-F734064E7122 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 315E0B61-11C4-4BC4-9B9F-F734064E7122 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - DC161DB0-A2C3-4E37-AC09-14C2F5E4EB95 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - DC161DB0-A2C3-4E37-AC09-14C2F5E4EB95 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - TCP - 677D949F-7974-4A83-A1C6-9A1B4F6B0E07 - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 677D949F-7974-4A83-A1C6-9A1B4F6B0E07 - 0] => (Allow) LPort=53

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/21/2019 08:54:11 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (08/21/2019 08:52:34 AM) (Source: docker) (EventID: 1) (User: )
Description: Error occurred when creating network could not find plugin internal in v1 plugin registry: plugin not found

Error: (08/20/2019 03:23:59 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (08/20/2019 03:22:20 PM) (Source: docker) (EventID: 1) (User: )
Description: Error occurred when creating network could not find plugin internal in v1 plugin registry: plugin not found

Error: (08/20/2019 02:59:13 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (08/20/2019 02:58:33 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/20/2019 02:58:03 PM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (16072,P,98) TILEREPOSITORYS-1-5-21-1278661410-3598136645-1859861107-1003: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (08/20/2019 02:57:36 PM) (Source: docker) (EventID: 1) (User: )
Description: Error occurred when creating network could not find plugin internal in v1 plugin registry: plugin not found


System errors:
=============
Error: (08/21/2019 08:54:56 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-A247604)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-A247604\3lchamac0 SID (S-1-5-21-1278661410-3598136645-1859861107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/21/2019 08:54:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/21/2019 08:54:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/21/2019 08:52:31 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-A247604)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-A247604\3lchamac0 SID (S-1-5-21-1278661410-3598136645-1859861107-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/21/2019 08:52:16 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{680E0D8C-9FEC-4987-AB28-E011D3305B50} because another computer on the network has the same name. The server could not start.

Error: (08/21/2019 08:52:16 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{E3CED0D0-8FE8-4483-8CC5-623149B65CB5} because another computer on the network has the same name. The server could not start.

Error: (08/21/2019 08:52:16 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{FE170F6A-AFFF-40E2-816A-4FDF337A487D} because another computer on the network has the same name. The server could not start.

Error: (08/21/2019 08:52:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2019-08-13 13:22:28.958
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-13 13:22:28.954
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-11 14:24:10.660
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-08-11 14:24:10.656
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. K501UW.301 09/13/2016
Motherboard: ASUSTeK COMPUTER INC. K501UW
Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 79%
Total physical RAM: 8056.07 MB
Available physical RAM: 1637.48 MB
Total Virtual: 15480.07 MB
Available Virtual: 8022.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:151.01 GB) (Free:35.66 GB) NTFS
Drive d: (DATOS) (Fixed) (Total:324.69 GB) (Free:16.11 GB) NTFS

\\?\Volume{275dcf2d-2ec3-4f83-a250-34732a16af54}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{f39c2c3e-c777-4976-93f5-ffd2b403d1e5}\ (RECOVERY) (Fixed) (Total:0.49 GB) (Free:0.19 GB) NTFS
\\?\Volume{4815d2f7-2b25-4489-80a4-944f72ccfb77}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 0B42F5A6)

Partition: GPT.

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Uninstall following unwanted program:

WhiteClick

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
Status
Not open for further replies.