AppData/Local/Temp con varias carpetas con el mismo nombre, el disco duro se llena en menos de 20 minutos


#1

Buenas tardes amigos de Foro Spyware, una vez más pidiendo su apoyo para este problema que tengo con mi equipo, resulta que dentro de la carpeta AppData/Local/Temp se han generado varias carpetas con el mismo nombre ocasionando que mi disco duro de 250 Gb se llene a tope en menos de 20 minutos.

He seguido los pasos de la guía de eliminación y sigo sin conseguir resolver el problema, adjunto reportes de RKill y Eset, el Malwarebytes no detecto nada. eset3.txt (980 Bytes) Rkill.txt (1,5 KB)

Ya corrí el Ccleaner también.

Pd. caber mencionar que si ejecuto windows en modo seguro la carpeta no se llena y me permite eliminar manualmente todos los archivos dentro de Temp. y vuelvo a tener espacio en mi disco duro, pero una vez que inicio windows en modo normal, comienza a llenarse el disco duro con los mismos archivos y carpetas.


#2

Hola Scabury, [email protected] al nuevo ForoSpyware :handshake:

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

  • Realiza un Análisis de amenazas, actualizando si te lo pide.
  • Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
  • En el apartado del manual Informes >> Informe de análisis encontrarás el reporte de MBAM, clic en Exportar >> Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

  • Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
  • Cierra también todos los programas que tengas abiertos.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
  • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

  • Instala Ccleaner
  • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine >> clic en ejecutar limpiador
  • Clic en la pestaña Registro >> clic en buscar problemas esperas que termine >> clic en Reparar Seleccionadas y haces una copia de seguridad
  • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

¿Cómo pegar reportes en el foro?

Un saludo


#3

Hola Daniela, te dejo el reporte de Malwarebytes

¨¨Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 10/3/19
Hora del análisis: 13:48
Archivo de registro: 73547fff-436d-11e9-b3b5-fcaa1466525c.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.538
Versión del paquete de actualización: 1.0.9622
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: \u00c3\u0093ptica-PC\\u00c3\u0093ptica

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 238735
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 10 min, 0 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)¨¨¨

Te comento que no pude instalar el AdwCleaner ya que al instalar me aparece un mensaje que dice “No es una aplicación Win32 válida”

El Ccleaner solo detectó 3 errores en el registro, mismos que fueron corregidos.

Te comento que mientras se ejecutó el Malware, cheque la carpeta y ya no estaba generando nuevas carpetas, pero en cuanto deshabilité el antivirus nuevamente comenzaron a generarse nuevas carpetas ocupando casi 5Gb de espacio en menos de 5 minutos.


#4

Hola

Vuelve a descargar de nuevo AdwCleaner, puede que no se hiciera correctamente la descarga.

Analiza con EsetOnline como se indica en el manual.

Trae los reportes y comenta como sigue el problema.

un saludo


#5

Hola

Descargue varias veces el AdwCleaner y se sigue apareciendo el error.

Adjunto Imagen.

Y dejo el reporte de EsetOnline


10/03/2019 18:14:18 p.m.
Archivos explorados: 173774
Archivos infectados: 0
Amenazas eliminadas: 0
Tiempo total de exploración: 01:20:28
Estado de la exploración: Finalizado

#6

Hola

Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo


#7

Hola te dejo los reportes.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.03.2019 01
Ran by Óptica (administrator) on ÓPTICA-PC (15-03-2019 15:24:16)
Running from C:\Users\Óptica\Desktop
Loaded Profiles: Óptica (Available Profiles: Óptica)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Motorola Mobility Inc. -> Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Motorola) [File not signed] C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Motorola Mobility Inc. -> Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Intuit, Inc. -> Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Star Micronics Co., Ltd.) [File not signed] C:\Program Files (x86)\StarMicronics\PrinterSoftware\StarMicronicsCloudUploader.exe
() [File not signed] C:\Program Files (x86)\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Marimba Inc.) [File not signed] C:\Windows\SysWOW64\mrtmngr.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\Install\{8C75D878-566A-4B18-BE1D-5155B088957F}\DropboxClient_69.3.96.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client_69.3.96\Dropbox.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-03-11] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [StarMicronicsCloudUploader_PSA] => C:\Program Files (x86)\StarMicronics\PrinterSoftware\StarMicronicsCloudUploader.exe [82432 2018-05-31] (Star Micronics Co., Ltd.) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2018-12-15] (Intuit, Inc. -> Intuit Inc. All rights reserved.)
HKU\S-1-5-21-426471426-2224108224-834335560-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-426471426-2224108224-834335560-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22458328 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-04] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2019-03-10]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Delivery Agent.lnk [2018-11-05]
ShortcutTarget: QuickBooks Delivery Agent.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2019-03-10]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2019-03-10]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 189.198.222.137 200.77.146.137
Tcpip\..\Interfaces\{A6B5EA49-8A87-4F58-B246-F2EF7955BFC3}: [DhcpNameServer] 189.198.222.137 200.77.146.137

Internet Explorer:
==================
HKU\S-1-5-21-426471426-2224108224-834335560-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-mx/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2018-12-15] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems Incorporated -> Adobe Systems)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com.mx/
CHR StartupUrls: Default -> "hxxps://www.google.com.mx/"
CHR Profile: C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\Default [2019-03-15]
CHR Extension: (Presentaciones) - C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-05]
CHR Extension: (Documentos) - C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-05]
CHR Extension: (Google Drive) - C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-05]
CHR Extension: (YouTube) - C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-05]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-03-13]
CHR Extension: (Adobe Acrobat) - C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-11-05]
CHR Extension: (Hojas de cálculo) - C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-05]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-05]
CHR Extension: (AdBlock) - C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-02-24]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-03-15]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-05]
CHR Extension: (Gmail) - C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-09]
CHR Profile: C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\System Profile [2019-03-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129928 2019-03-01] (Microsoft Corporation -> Microsoft Corporation)
R2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-05] (Dropbox, Inc -> Dropbox, Inc.)
R3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-05] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-12-12] (Huawei Technologies Co., Ltd. -> ) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation - pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility Inc. -> Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2018-12-15] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2018-12-15] (Intuit Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-05-19] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [6144 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Inc)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-03-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-03-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [72864 2019-03-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-03-15] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [104784 2019-03-15] (Malwarebytes Corporation -> Malwarebytes)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [32768 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola)
S3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [8832 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola)
S3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [27648 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Mobility Inc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-15 15:25 - 2019-03-15 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-03-15 15:24 - 2019-03-15 15:27 - 000022928 _____ C:\Users\Óptica\Desktop\FRST.txt
2019-03-15 15:23 - 2019-03-15 15:24 - 000000000 ____D C:\FRST
2019-03-15 15:22 - 2019-03-15 15:22 - 002433536 _____ (Farbar) C:\Users\Óptica\Desktop\FRST64.exe
2019-03-15 15:17 - 2019-03-15 15:17 - 000072864 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-03-15 15:16 - 2019-03-15 15:16 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-03-15 15:16 - 2019-03-15 15:16 - 000104784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-03-15 10:11 - 2019-03-15 15:15 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-03-14 07:05 - 2019-03-14 07:05 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-03-14 07:05 - 2019-03-14 07:05 - 000047800 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-03-14 07:05 - 2019-03-14 07:05 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-03-14 07:05 - 2019-03-14 07:05 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-03-12 20:00 - 2019-03-12 20:00 - 000002583 _____ C:\Users\Óptica\Desktop\MUPA SAN JUAN - Acceso directo.lnk
2019-03-12 19:58 - 2019-03-15 10:11 - 000438018 _____ C:\Windows\ntbtlog.txt
2019-03-12 19:39 - 2019-03-15 15:18 - 000000000 ____D C:\Users\Óptica\Documents\OPTICA
2019-03-10 20:11 - 2019-03-10 20:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2019-03-10 20:09 - 2019-03-10 20:09 - 000000000 ____D C:\Users\Public\Documents\Intuit
2019-03-10 20:09 - 2019-03-10 20:09 - 000000000 ____D C:\ProgramData\Nuance
2019-03-10 19:55 - 2019-03-10 19:55 - 000544728 _____ C:\Users\Óptica\Downloads\Setup_QuickBooksPro2016 (1).exe
2019-03-10 19:10 - 2019-03-10 19:10 - 000544728 _____ C:\Users\Óptica\Downloads\Setup_QuickBooksPro2016.exe
2019-03-10 18:29 - 2019-03-15 10:11 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-03-10 16:39 - 2019-03-10 16:50 - 007666296 _____ (ESET spol. s r.o.) C:\Users\Óptica\Downloads\ESETOnlineScanner_ESL.exe
2019-03-10 15:54 - 2019-03-10 15:56 - 004214160 _____ C:\Users\Óptica\Downloads\adwcleaner.exe
2019-03-10 13:47 - 2019-03-10 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-10 13:47 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-03-10 13:43 - 2019-03-10 13:43 - 000002812 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-03-10 12:32 - 2019-03-10 13:40 - 000000300 ____H C:\Windows\Tasks\CCleaner Update.job
2019-03-10 12:32 - 2019-03-10 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-03-10 12:32 - 2019-03-10 12:32 - 000000000 ____D C:\Program Files\CCleaner
2019-03-09 15:47 - 2019-03-09 15:47 - 000003176 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-426471426-2224108224-834335560-1000
2019-03-09 12:03 - 2019-03-10 11:34 - 000000294 _____ C:\Windows\Tasks\EOSv3 Scheduler onTime.job
2019-03-09 12:03 - 2019-03-10 11:34 - 000000294 _____ C:\Windows\Tasks\EOSv3 Scheduler onLogOn.job
2019-03-08 19:18 - 2019-03-08 19:18 - 000000000 ____D C:\Users\Óptica\AppData\Local\ESET
2019-03-08 19:10 - 2019-03-10 13:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-08 19:10 - 2019-03-08 19:10 - 000000000 ____D C:\Users\Óptica\AppData\Local\mbamtray
2019-03-08 19:10 - 2019-03-08 19:10 - 000000000 ____D C:\Users\Óptica\AppData\Local\mbam
2019-03-08 19:10 - 2019-03-08 19:10 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-08 17:27 - 2019-03-08 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-03-07 18:48 - 2019-03-07 18:48 - 000000000 ____D C:\Users\Óptica\Documents\Adobe
2019-03-07 18:44 - 2019-03-07 18:44 - 000000000 ____D C:\Users\Public\Documents\Adobe
2019-03-07 18:42 - 2019-03-07 18:42 - 000000000 ____D C:\Program Files (x86)\My Company Name
2019-03-07 18:42 - 2011-11-03 03:01 - 000056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2019-03-07 18:42 - 2011-10-17 03:00 - 000010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2019-03-07 18:42 - 2011-10-17 03:00 - 000010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2019-02-24 14:37 - 2019-02-24 14:38 - 000000000 ____D C:\Users\Óptica\AppData\Roaming\vlc
2019-02-24 14:37 - 2019-02-24 14:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-02-24 14:36 - 2019-02-24 14:36 - 000000000 ____D C:\Program Files\VideoLAN
2019-02-24 14:06 - 2019-02-24 14:06 - 000001001 _____ C:\Users\Public\Desktop\HiSuite.lnk
2019-02-24 14:06 - 2019-02-24 14:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2019-02-24 14:06 - 2019-02-24 14:06 - 000000000 ____D C:\Program Files (x86)\HiSuite
2019-02-24 14:05 - 2019-02-24 14:05 - 000000000 ____D C:\Users\Óptica\Documents\HiSuite
2019-02-24 14:05 - 2018-12-12 04:32 - 002152176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFUpdate_01009.dll
2019-02-24 14:05 - 2018-12-12 04:32 - 001721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01009.dll
2019-02-24 14:05 - 2018-12-12 04:32 - 001002728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusbcoinstaller2.dll
2019-02-24 14:05 - 2018-12-12 04:32 - 000127360 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_cdcacm.sys
2019-02-24 14:05 - 2018-12-12 04:32 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2019-02-24 14:05 - 2018-12-12 04:32 - 000018944 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbccgpfilter.sys
2019-02-24 14:03 - 2019-02-24 14:07 - 000000000 ____D C:\Users\Óptica\AppData\Local\Hisuite
2019-02-24 14:03 - 2017-08-09 04:23 - 025892504 _____ C:\Users\Óptica\Desktop\HiSuite_5.0.2.301_OVE.exe
2019-02-24 14:00 - 2019-02-24 14:00 - 000000000 ____D C:\Users\Óptica\AppData\Local\worstenbrood
2019-02-24 13:50 - 2019-02-24 13:50 - 000000000 ____D C:\Program Files (x86)\Handset WinDriver
2019-02-24 13:50 - 2018-12-12 04:32 - 000287232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbnet.sys
2019-02-24 13:50 - 2018-12-12 04:32 - 000226560 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbmdm.sys
2019-02-24 13:50 - 2018-12-12 04:32 - 000116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_usbdev.sys
2019-02-24 13:50 - 2010-02-18 17:00 - 001533512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFUpdate_01007.dll
2019-02-24 13:50 - 2010-02-18 17:00 - 001490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2019-02-24 13:50 - 2010-02-18 17:00 - 001490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2019-02-24 13:50 - 2010-02-18 17:00 - 000708168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WinUSBCoInstaller.dll
2019-02-24 13:49 - 2019-02-24 14:00 - 000000000 ____D C:\Users\Óptica\Desktop\adb
2019-02-24 13:49 - 2019-02-24 13:49 - 000002737 _____ C:\Users\Public\Desktop\HuaweiUpdateExtractor.lnk
2019-02-24 13:49 - 2019-02-24 13:49 - 000000000 ____D C:\Users\Óptica\AppData\Local\Downloaded Installations
2019-02-24 13:49 - 2019-02-24 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HuaweiUpdateExtractor
2019-02-24 13:49 - 2019-02-24 13:49 - 000000000 ____D C:\Program Files (x86)\HuaweiUpdateExtractor
2019-02-24 13:48 - 2019-02-24 14:15 - 000000204 _____ C:\Users\Óptica\Desktop\comandos para recuperar g play mini.txt
2019-02-24 13:46 - 2019-02-24 13:46 - 000000000 ____D C:\Users\Óptica\Desktop\dload
2019-02-16 14:06 - 2019-02-16 14:06 - 000000000 ____D C:\Users\Óptica\Documents\NckDongle
2019-02-16 12:56 - 2019-02-16 12:56 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_motoandroid_01009.Wdf
2019-02-16 12:56 - 2019-02-16 12:56 - 000000000 ____D C:\Users\Óptica\.android
2019-02-16 12:55 - 2019-02-16 12:55 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Motousbnet_01009.Wdf
2019-02-16 12:55 - 2019-02-16 12:55 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_motfilt_01009.Wdf
2019-02-16 12:54 - 2019-02-16 12:54 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2019-02-16 12:49 - 2019-03-15 15:13 - 000000000 ____D C:\Temp
2019-02-16 12:49 - 2019-02-16 12:49 - 000003488 _____ C:\Windows\System32\Tasks\Motorola Device Manager Update
2019-02-16 12:49 - 2019-02-16 12:49 - 000003296 _____ C:\Windows\System32\Tasks\Motorola Device Manager Initial Update
2019-02-16 12:49 - 2019-02-16 12:49 - 000000000 ____D C:\Users\Óptica\AppData\Roaming\Motorola Mobility
2019-02-16 12:49 - 2019-02-16 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
2019-02-16 12:49 - 2019-02-16 12:49 - 000000000 ____D C:\Program Files (x86)\Motorola Mobility
2019-02-16 12:49 - 2019-02-16 12:49 - 000000000 ____D C:\Program Files (x86)\Motorola
2019-02-16 12:48 - 2019-02-16 12:48 - 000000000 ____D C:\Program Files\Motorola Mobility LLC
2019-02-16 12:48 - 2019-02-16 12:48 - 000000000 ____D C:\Program Files\Common Files\Motorola Shared
2019-02-16 12:47 - 2019-02-16 12:47 - 000000000 ____D C:\Users\Óptica\AppData\Roaming\Motorola
2019-02-15 19:14 - 2019-02-24 15:24 - 000000000 ____D C:\Users\Óptica\AppData\LocalLow\uTorrent
2019-02-15 19:13 - 2019-03-10 12:35 - 000000000 ____D C:\Users\Óptica\AppData\Roaming\uTorrent
2019-02-15 19:13 - 2019-02-15 19:13 - 000000853 _____ C:\Users\Óptica\Desktop\µTorrent.lnk
2019-02-15 19:13 - 2019-02-15 19:13 - 000000833 _____ C:\Users\Óptica\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2019-02-13 18:27 - 2019-02-13 19:51 - 000000220 _____ C:\Users\Óptica\Desktop\Set list.txt

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-15 15:26 - 2018-11-05 13:33 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-03-15 15:24 - 2018-11-05 13:24 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-03-15 15:24 - 2018-11-05 13:24 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-15 15:24 - 2018-11-05 13:24 - 000004504 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-03-15 15:24 - 2018-11-05 13:24 - 000004332 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-03-15 15:24 - 2018-11-05 13:24 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-03-15 15:24 - 2018-11-05 13:24 - 000000000 ____D C:\Windows\system32\Macromed
2019-03-15 15:24 - 2018-11-05 13:24 - 000000000 ____D C:\Users\Óptica\AppData\Local\Adobe
2019-03-15 15:18 - 2018-11-05 13:38 - 000000000 ___RD C:\Users\Óptica\Dropbox
2019-03-15 15:15 - 2018-11-05 15:00 - 000000000 __SHD C:\Users\Óptica\IntelGraphicsProfiles
2019-03-15 15:12 - 2018-11-05 13:33 - 000000946 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-03-15 15:12 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-12 19:57 - 2009-07-13 22:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-03-12 19:57 - 2009-07-13 22:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-03-12 19:56 - 2018-11-05 13:33 - 000000950 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-03-12 19:40 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2019-03-12 14:18 - 2018-11-05 13:30 - 001654280 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-03-12 14:18 - 2011-04-12 03:10 - 000749228 _____ C:\Windows\system32\perfh00A.dat
2019-03-12 14:18 - 2011-04-12 03:10 - 000159580 _____ C:\Windows\system32\perfc00A.dat
2019-03-12 14:18 - 2009-07-13 23:13 - 001654280 _____ C:\Windows\system32\PerfStringBackup.INI
2019-03-12 10:26 - 2018-11-05 13:25 - 000000000 ____D C:\Windows\system32\MRT
2019-03-12 10:13 - 2018-11-05 13:25 - 129330784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-03-10 20:23 - 2009-07-13 22:45 - 005082024 _____ C:\Windows\system32\FNTCACHE.DAT
2019-03-10 20:16 - 2018-11-05 13:19 - 000122008 _____ C:\Users\Óptica\AppData\Local\GDIPFONTCACHEV1.DAT
2019-03-10 20:14 - 2018-11-05 19:01 - 000000000 ____D C:\Users\Óptica\AppData\Local\Intuit
2019-03-10 20:12 - 2018-11-05 18:55 - 000000090 _____ C:\Windows\QBChanUtil_Trigger.ini
2019-03-10 20:09 - 2018-11-05 18:56 - 000000000 ____D C:\ProgramData\Intuit
2019-03-10 20:09 - 2018-11-05 16:44 - 000000000 ____D C:\Program Files (x86)\Intuit
2019-03-10 20:04 - 2018-11-05 18:32 - 000000000 ____D C:\Users\Óptica\AppData\Roaming\Download Manager
2019-03-10 19:54 - 2018-11-05 12:18 - 000000000 ____D C:\Users\Óptica\AppData\Roaming\Adobe
2019-03-10 12:34 - 2018-11-05 05:09 - 000000000 ____D C:\Windows\Panther
2019-03-09 15:47 - 2018-11-07 11:56 - 000002194 _____ C:\Users\Óptica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2019-03-09 15:47 - 2018-11-07 11:56 - 000000000 ___RD C:\Users\Óptica\OneDrive
2019-03-08 19:43 - 2018-11-05 12:24 - 000000000 ____D C:\Users\Óptica\Documents\Programas
2019-03-08 17:30 - 2018-11-07 11:50 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-08 17:27 - 2018-11-18 15:05 - 000002513 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-03-08 17:27 - 2018-11-18 15:05 - 000002464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-03-08 17:27 - 2018-11-18 15:05 - 000002427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-03-08 17:27 - 2018-11-18 15:05 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-03-08 17:27 - 2018-11-18 15:05 - 000002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-03-08 17:27 - 2018-11-08 10:43 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-03-08 17:27 - 2018-11-08 10:43 - 000002420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-03-08 17:27 - 2018-11-08 10:43 - 000002376 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-03-08 17:27 - 2018-11-07 11:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-03-08 17:06 - 2018-11-05 13:27 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-03-07 18:44 - 2018-12-09 14:33 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2019-03-07 18:43 - 2019-01-04 17:35 - 000001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2019-03-07 18:38 - 2019-02-09 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PymeFree
2019-03-04 15:32 - 2018-11-05 13:21 - 000002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-27 16:44 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\system32\NDF
2019-02-24 16:57 - 2018-11-13 11:50 - 000000431 _____ C:\Windows\BRWMARK.INI
2019-02-24 16:57 - 2018-11-13 11:50 - 000000027 _____ C:\Windows\BRPP2KA.INI
2019-02-23 17:23 - 2018-11-05 13:28 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-16 12:56 - 2018-11-05 12:17 - 000000000 ____D C:\Users\Óptica
2019-02-16 12:49 - 2018-11-05 16:39 - 000000000 ____D C:\Program Files (x86)\MSXML 4.0
2019-02-16 12:48 - 2018-11-05 12:51 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-02-14 13:04 - 2018-11-05 13:28 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2018-12-09 19:15 - 2019-02-01 18:30 - 000000132 _____ () C:\Users\Óptica\AppData\Roaming\Prefs. de formato PNG de Adobe CS6

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-03-04 15:29

==================== End of FRST.txt ============================

Te dejo el otro reporte en otro mensaje ya que me excedo del limite de caracteres permitidos


#8

Aquí el otro reporte.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
Ran by Óptica (15-03-2019 15:28:37)
Running from C:\Users\Óptica\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2018-11-05 18:17:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-426471426-2224108224-834335560-500 - Administrator - Disabled)
Invitado (S-1-5-21-426471426-2224108224-834335560-501 - Limited - Enabled)
Óptica (S-1-5-21-426471426-2224108224-834335560-1000 - Administrator - Enabled) => C:\Users\Óptica

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-426471426-2224108224-834335560-1000\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.156 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.54 - Piriform)
Dropbox (HKLM-x32\...\Dropbox) (Version: 69.3.96 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.191.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Handset WinDriver 1.03.02.00 (HKLM-x32\...\Handset WinDriver) (Version: 1.03.02.00 - Huawei technologies Co., Ltd.)
Herramienta de descarga USB/DVD de Windows 7 (HKLM-x32\...\{266F443F-A296-406F-9EE8-DF4A1061C6CE}) (Version: 1.0.30 - Microsoft Corporation)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 9.0.3.300 - Huawei Technologies Co.,Ltd)
HuaweiUpdateExtractor (HKLM-x32\...\{DA8738CA-93A6-4910-A264-53DF7686F397}) (Version: 0.9.9.3 - worstenbrood)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-426471426-2224108224-834335560-1000\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
QuickBooks (HKLM-x32\...\{2B0E1E07-2F3D-4E7D-AD0A-1C74A8881B9B}) (Version: 26.0.4016.2607 - Intuit Inc.) Hidden
QuickBooks Pro 2000 (HKLM-x32\...\QuickBooks 2000) (Version:  - )
QuickBooks Pro 2016 (HKLM-x32\...\{4338BDE2-0035-41BC-87BE-EE0AD5D48042}) (Version: 26.0.4016.2607 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{262e9c1d-e509-4e2a-86e8-0abb312ac2e9}) (Version: 10.1.17765.8094 - Intel(R) Corporation) Hidden
Star Micronics Printer Software Ver3.6.0 (HKLM\...\{06E7A4AD-D50D-402E-B0A6-401950C8984E}) (Version: 3.6.0 - Star Micronics Co., Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WarCraft III versión 1.26a (HKLM-x32\...\WarCraft III_is1) (Version: 1.26a - Blizzard Entertainment)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-426471426-2224108224-834335560-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-14] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {101E61C6-2006-4AFC-8EBF-C72673ECC258} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {12A6FA16-DF08-480C-AD35-EAB135D8E94A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {13737F40-0B21-4766-9DE6-002C3DF005A9} - System32\Tasks\AdobeAAMUpdater-1.0-Óptica-PC-Óptica => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {23B1A714-C984-48D2-9BE8-EF3A829F83CE} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe (Motorola Mobility Inc. -> )
Task: {4398086C-145B-41F2-8705-138E295CBD40} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4B3BE441-3914-47CA-A8EA-7FA2C62C83A4} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {527B950D-3786-44C4-B5D8-9BC1C3CEF3F0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {58A91CF7-ACBB-433E-8352-1C9BF8505223} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {5A3BF4A3-147D-4850-8021-202A4FD157DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {5EA2B67F-9C9E-4CDE-850B-76DD0E42BD47} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {86539D6C-0F92-44BE-89BE-220D3F9A2F25} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {9367893B-2BDE-4E9E-A893-388643A2E05C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {9F061B62-8C82-4C7C-B08C-B091C067A27C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A92599C4-796B-45DA-B28F-8164BD718447} - System32\Tasks\AdobeGCInvoker-1.0-Óptica-PC-Óptica => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {ACCA3F82-9853-4A6B-8586-FAD7358DD57A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {AFA0BE47-2489-40AD-A8FD-CD5778211183} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {CB05CAF0-477F-4AA7-9482-89390244E6FE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DE91B739-C312-4473-978F-169C969FCF3C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F1E49895-1AF3-4480-9826-A1E2A01FD322} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F208721E-C930-42E9-B84E-E011C9EACD73} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {F66C6675-1715-4F6A-8982-F205950D4320} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe (Motorola Mobility Inc. -> )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EOSv3 Scheduler onLogOn.job => C:\Users\Óptica\Desktop\ESETOnlineScanner_ESL.exe
Task: C:\Windows\Tasks\EOSv3 Scheduler onTime.job => C:\Users\Óptica\Desktop\ESETOnlineScanner_ESL.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2018-05-24 15:14 - 2018-05-24 15:14 - 000480256 _____ (Star Micronics Co., Ltd.) [File not signed] C:\Program Files\StarMicronics\PrinterSoftware\WindowsPrintingController.dll
2018-06-11 17:51 - 2018-06-11 17:51 - 000437248 _____ (Star Micronics Co., Ltd.) [File not signed] C:\Program Files\StarMicronics\PrinterSoftware\StarIOPort_LM_PSA.dll
2018-05-31 15:17 - 2018-05-31 15:17 - 000139264 _____ (Star Micronics Co., Ltd.) [File not signed] C:\Program Files\StarMicronics\PrinterSoftware\StarMicronicsCloudNativeLibrary_PSA.dll
2018-12-12 04:32 - 2018-12-12 04:32 - 000190784 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2013-08-27 14:32 - 2013-08-27 14:32 - 000747520 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2019-02-16 12:49 - 2011-09-02 16:06 - 000065657 _____ (Motorola) [File not signed] C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
2018-05-31 15:16 - 2018-05-31 15:16 - 000082432 _____ (Star Micronics Co., Ltd.) [File not signed] C:\Program Files (x86)\StarMicronics\PrinterSoftware\StarMicronicsCloudUploader.exe
2018-11-05 16:44 - 2000-05-15 10:28 - 000118784 _____ () [File not signed] C:\Program Files (x86)\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
2018-12-15 02:57 - 2018-12-15 02:57 - 001248256 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
2018-11-05 16:44 - 1999-12-02 08:55 - 000065024 _____ (Marimba Inc.) [File not signed] C:\Windows\SysWOW64\mrtMngr.EXE
2014-04-07 08:31 - 2014-04-07 08:31 - 000172032 _____ () [File not signed] C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2018-11-05 16:39 - 2018-11-05 16:39 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2018-05-31 15:16 - 2018-05-31 15:16 - 000117760 _____ (Star Micronics Co., Ltd.) [File not signed] C:\Program Files (x86)\StarMicronics\PrinterSoftware\StarMicronicsCloudNativeLibrary_PSA.dll
2018-11-05 16:44 - 1999-07-13 14:54 - 000057344 _____ (Intuit) [File not signed] C:\Windows\ICG32.dll
2018-11-05 16:44 - 1999-12-02 08:55 - 000057856 _____ (Marimba Inc.) [File not signed] C:\Program Files (x86)\Intuit\QuickBooks Pro\Components\QBAgent\mrtProc.dll
2018-11-05 16:44 - 1999-12-02 08:55 - 000102400 _____ (Marimba, Inc.) [File not signed] C:\Program Files (x86)\Intuit\QuickBooks Pro\Components\QBAgent\mrbupd.dll
2018-11-05 16:44 - 2000-05-16 02:12 - 000045056 _____ (Intuit Inc.) [File not signed] C:\Program Files (x86)\Intuit\QuickBooks Pro\Components\QBAgent\CHANNEL.dll
2018-11-05 16:44 - 2000-05-16 02:13 - 000049152 _____ () [File not signed] C:\Program Files (x86)\Intuit\QuickBooks Pro\components\qbagent\QBDInstallMgr.dll
2018-11-05 16:44 - 1999-07-13 14:58 - 000126976 _____ (Intuit) [File not signed] C:\Windows\Intuit\shared\iccnfg32.dll
2018-11-05 16:44 - 1999-07-13 15:06 - 000167936 _____ (Intuit) [File not signed] C:\Windows\Intuit\shared\ics32.dll
2006-01-19 04:36 - 2006-01-19 04:36 - 001017856 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll
2018-11-05 16:40 - 2018-11-05 16:40 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2019-03-08 19:10 - 2019-02-01 09:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-08 19:10 - 2019-02-01 09:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-08 19:10 - 2019-02-01 09:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-08 19:10 - 2019-02-01 09:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-08 19:10 - 2019-02-01 09:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-08 19:10 - 2019-02-01 09:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-08 19:10 - 2019-02-01 09:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-10 13:47 - 2019-02-01 09:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-10 13:47 - 2019-02-01 09:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-10 13:47 - 2019-02-01 09:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-10 13:47 - 2019-02-01 09:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-08 19:10 - 2019-02-01 09:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-10 13:47 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-10 13:47 - 2019-02-01 09:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-10 13:47 - 2019-02-01 09:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-10 13:47 - 2019-02-01 09:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-10 13:47 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-10 13:47 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-10 13:47 - 2019-02-01 09:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2018-11-07 11:50 - 2018-11-07 11:50 - 000000000 ____LMicrosoft Corporation C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\AppVIsvSubsystems32.dll
2018-11-07 11:50 - 2018-11-07 11:50 - 000000000 ____LMicrosoft Corporation C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\c2r32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Óptica\Documents\Carnet San Juan.xlsx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Óptica\Documents\Carnet San Juan.xlsx:com.dropbox.attrs [58]
AlternateDataStreams: C:\Users\Óptica\Documents\Respaldo:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Óptica\Documents\SAT.rar:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Óptica\Documents\SAT.rar:com.dropbox.attrs [58]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-426471426-2224108224-834335560-1000\...\hola.org -> hxxp://hola.org

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Intuit\QBPOSSDKRuntime
HKU\S-1-5-21-426471426-2224108224-834335560-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Óptica\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 189.198.222.137 - 200.77.146.137
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1F5A0246-288B-4808-9E24-A49E01D37EBB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7E3D918E-4CA4-4DC4-A464-4819B1D3EEBF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7E92FF72-A703-4F8D-A157-A59FEE2AD9A9}] => (Allow) C:\Users\Óptica\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EADF8ACC-491D-4631-83AD-0A57FCAC1B66}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{95F36764-E3E8-4BD9-B12B-0327EAC8DAA3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{524A3A6A-E3BC-4D09-A538-8F3C2DF8C93B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{666E5043-7D78-4816-A4A6-D8C743736950}] => (Allow) C:\Users\Óptica\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{64981797-F5B6-46CA-9829-90182DA48C14}] => (Allow) C:\Users\Óptica\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{DE1494E9-C81B-48C4-9FC1-64E076C488DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{216BEDAD-6125-420C-BE87-BEA11509153F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================

11-03-2019 10:46:28 Punto de control programado
12-03-2019 10:11:36 Windows Update
12-03-2019 14:13:29 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/15/2019 03:31:57 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) No puede encontrar el objeto o propiedad

Error: (03/15/2019 03:30:46 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) No puede encontrar el objeto o propiedad

Error: (03/15/2019 03:30:46 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) No puede encontrar el objeto o propiedad

Error: (03/15/2019 03:26:28 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) No puede encontrar el objeto o propiedad

Error: (03/15/2019 03:25:35 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) No puede encontrar el objeto o propiedad

Error: (03/15/2019 03:25:35 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) No puede encontrar el objeto o propiedad

Error: (03/15/2019 03:18:09 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) No puede encontrar el objeto o propiedad

Error: (03/15/2019 03:15:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


System errors:
=============
Error: (03/15/2019 03:20:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio Windows Update no respondió después de iniciar.

Error: (03/15/2019 03:16:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Servicio de Actualización de Dropbox (dbupdate) no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (03/15/2019 03:16:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Servicio de Actualización de Dropbox (dbupdate).

Error: (03/15/2019 03:14:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
cdrom

Error: (03/15/2019 03:12:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: El cierre anterior del sistema a las 10:47:23 a.m. del ‎15/‎03/‎2019 resultó inesperado.

Error: (03/15/2019 10:40:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (03/15/2019 10:40:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (03/15/2019 10:40:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.


Windows Defender:
===================================
Date: 2018-11-05 15:09:03.461
Description: 
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15400.4
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:NT AUTHORITY\SYSTEM
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2018-11-05 15:06:16.525
Description: 
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15400.4
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:NT AUTHORITY\SYSTEM
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2018-11-05 14:31:09.783
Description: 
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15400.4
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:Óptica-PC\Óptica
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2018-11-05 14:16:28.366
Description: 
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15400.4
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:NT AUTHORITY\SYSTEM
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2018-11-05 13:25:33.431
Description: 
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15400.4
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:Óptica-PC\Óptica
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 75%
Total physical RAM: 6039.39 MB
Available physical RAM: 1508.4 MB
Total Virtual: 12076.93 MB
Available Virtual: 7963.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:125.03 GB) NTFS

\\?\Volume{0cd4ee79-e126-11e8-b7ad-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 94112B22)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Perdón por la demora, tuve unos días de mucho trabajo.


#9

Hola

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación inicia tu equipo desde el Modo Seguro de Windows con función de red

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM-x32\...\Run: [StarMicronicsCloudUploader_PSA] => C:\Program Files (x86)\StarMicronics\PrinterSoftware\StarMicronicsCloudUploader.exe [82432 2018-05-31] (Star Micronics Co., Ltd.) [File not signed]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKU\S-1-5-21-426471426-2224108224-834335560-1000\...\Run: [AdobeBridge] => [X]
ShortcutTarget: QuickBooks Delivery Agent.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe () [File not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-03-15]
CHR Extension: (Chrome Media Router) - C:\Users\Óptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-09]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-03-09 12:03 - 2019-03-10 11:34 - 000000294 _____ C:\Windows\Tasks\EOSv3 Scheduler onTime.job
2019-03-09 12:03 - 2019-03-10 11:34 - 000000294 _____ C:\Windows\Tasks\EOSv3 Scheduler onLogOn.job
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\Users\Óptica\Documents\Carnet San Juan.xlsx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Óptica\Documents\Carnet San Juan.xlsx:com.dropbox.attrs [58]
AlternateDataStreams: C:\Users\Óptica\Documents\Respaldo:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Óptica\Documents\SAT.rar:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Óptica\Documents\SAT.rar:com.dropbox.attrs [58]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo


#10

Hola

Dejo el reporte Fixlog…

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
Ran by Óptica (16-03-2019 18:16:39) Run:1
Running from C:\Users\Óptica\Desktop
Loaded Profiles: Óptica (Available Profiles: Óptica)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM-x32\...\Run: [StarMicronicsCloudUploader_PSA] => C:\Program Files (x86)\StarMicronics\PrinterSoftware\StarMicronicsCloudUploader.exe [82432 2018-05-31] (Star Micronics Co., Ltd.) [File not signed]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKU\S-1-5-21-426471426-2224108224-834335560-1000\...\Run: [AdobeBridge] => [X]
ShortcutTarget: QuickBooks Delivery Agent.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe () [File not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\�ptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-03-15]
CHR Extension: (Chrome Media Router) - C:\Users\�ptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-09]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-03-09 12:03 - 2019-03-10 11:34 - 000000294 _____ C:\Windows\Tasks\EOSv3 Scheduler onTime.job
2019-03-09 12:03 - 2019-03-10 11:34 - 000000294 _____ C:\Windows\Tasks\EOSv3 Scheduler onLogOn.job
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\Users\�ptica\Documents\Carnet San Juan.xlsx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\�ptica\Documents\Carnet San Juan.xlsx:com.dropbox.attrs [58]
AlternateDataStreams: C:\Users\�ptica\Documents\Respaldo:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\�ptica\Documents\SAT.rar:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\�ptica\Documents\SAT.rar:com.dropbox.attrs [58]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\StarMicronicsCloudUploader_PSA" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard" => removed successfully
"HKU\S-1-5-21-426471426-2224108224-834335560-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
C:\Program Files (x86)\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe => moved successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\�ptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-03-15] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\�ptica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-09] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\AndNetDiag => removed successfully
AndNetDiag => service removed successfully
HKLM\System\CurrentControlSet\Services\ANDNetModem => removed successfully
ANDNetModem => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
C:\Windows\Tasks\EOSv3 Scheduler onTime.job => moved successfully
C:\Windows\Tasks\EOSv3 Scheduler onLogOn.job => moved successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\DropboxExt => removed successfully
HKLM\Software\Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\DropboxExt => removed successfully
HKLM\Software\Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"C:\Users\�ptica\Documents\Carnet San Juan.xlsx" => ":com.dropbox.attributes" ADS not found.
"C:\Users\�ptica\Documents\Carnet San Juan.xlsx" => ":com.dropbox.attrs" ADS not found.
"C:\Users\�ptica\Documents\Respaldo" => ":com.dropbox.attributes" ADS not found.
"C:\Users\�ptica\Documents\SAT.rar" => ":com.dropbox.attributes" ADS not found.
"C:\Users\�ptica\Documents\SAT.rar" => ":com.dropbox.attrs" ADS not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-426471426-2224108224-834335560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-426471426-2224108224-834335560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::8040:86de:8979:e333%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.3
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

Adaptador de t£nel isatap.{A6B5EA49-8A87-4F58-B246-F2EF7955BFC3}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15973575 B
Java, Flash, Steam htmlcache => 510 B
Windows/system/drivers => 30224110 B
Edge => 0 B
Chrome => 374577169 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66399 B
LocalService => 0 B
NetworkService => 65164 B
Óptica => 124762578 B

RecycleBin => 748782114 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:17:23 ====

NOTA: Te comento que descubrí algo… El sistema corrió bien y el disco estuvo normal, pero cuando inicié el Software de nombre Quickbooks Pro 2016 (Software de contabilidad) volvieron a crearse las carpetas y a llenar mi disco duro nuevamente. No sé si este programa esté generando algún error …


#11

Hola

Desinstalalo con RevoUninstalle, utiliza el modo avanzado.

Después de reiniciar comprueba si se sigue llenando el disco y nos comentas.

Un saludo


#12

Hola

Desinstale el programa con Revo como me indicaste y todo marchaba bien, sin embargo al reinstalar el software volvió a hacer lo mismo…


#13

Hola

Entonces el causante del problema es Quickbooks Pro 2016 como has podido comprobar y mientras lo sigas teniendo instalado te ocurrirá lo mismo, tienes la versión de prueba, has comprado la licencia o lo lo has crackeado?

Un saludo