Ayuda para eliminar Virus

#1

Buen dia, solicito de su ayuda para eliminar virus o malwares. Se alenta mi pc y posteriormente se traba o se pone pasmado. y tengo que apagarlo desde la toma de corriente. Hice lo que dice la guia para eliminar virus pero me sigue fallando. aqui dejo el log del hijackthis y de Rkill.

Agradezco de su ayuda

HiJackThis.txt (19,6 KB)

Rkill.txt (4,1 KB)

0 me gusta

#2

Buenas @pasper31

Para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos Javier.

0 me gusta

#3

Que tal. Ya realice el procedimiento y si se detectaron algunos virus, pero aun sigue con el problema de lentitud de la pc y en momentos se llega a trabar o congelar la pc hasta unos 15 min.

Les pego aca mi informe de Malwarebytes:


Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 30/1/19
Hora del análisis: 10:13
Archivo de registro: 0465d3a4-24aa-11e9-b867-408d5c7fd08b.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.527
Versión del paquete de actualización: 1.0.9036
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: User-PC\User

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 251742
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 5 min, 38 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
0 me gusta

#4
# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2018-12-17.4 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-30-2019
# Duration: 00:00:17
# OS:       Windows 7 Ultimate
# Cleaned:  3
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1551 octets] - [30/01/2019 10:23:06]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
0 me gusta

#5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64 
Ran by User (Administrator) on 30/01/2019 at 10:35:37.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 17 

Successfully deleted: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86lhvs77.default\user.js (File) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\963WAGY5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV1M8L0X (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E11ODI0H (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G61R1N6C (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\963WAGY5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV1M8L0X (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E11ODI0H (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G61R1N6C (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 



Registry: 0 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/01/2019 at 10:43:23.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
0 me gusta

#6
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2019
Ran by User (administrator) on USER-PC (30-01-2019 10:46:05)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-11-29] (ESET)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-03-05] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [83240 2008-03-20] (Cyberlink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\Run: [MegaDownloader] => C:\Users\User\Desktop\MegaDownloader.exe [2165541 2015-11-30] ()
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd)
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATISME.EXE [418000 2016-07-14] (Seiko Epson Corporation)
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: E - E:\LGAutoRun.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {1ae1988d-a35e-11e6-8289-408d5c7fd08b} - E:\autorun.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {1ea3dc9f-46ff-11e8-87ae-408d5c7fd08b} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {23498c9f-fb99-11e7-94d7-408d5c7fd08b} - J:\HiSuiteDownLoader.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {26e22867-1301-11e7-9e8b-408d5c7fd08b} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {26e228ac-1301-11e7-9e8b-408d5c7fd08b} - E:\.\Driver\DriverInstaller.exe -eject
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {36a9528a-bedb-11e6-84d6-408d5c7fd08b} - E:\autorun.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {36a9528e-bedb-11e6-84d6-408d5c7fd08b} - E:\autorun.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {36a95294-bedb-11e6-84d6-408d5c7fd08b} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {5a921732-15b0-11e9-8032-408d5c7fd08b} - E:\LGAutoRun.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {695c4647-d14a-11e8-9c66-408d5c7fd08b} - E:\LaunchU3.exe -a
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {6a95b0ff-c882-11e7-adb8-408d5c7fd08b} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {6e5f663a-358d-11e7-926c-408d5c7fd08b} - E:\InstalarOffice.bat
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {7f4d646d-5041-11e7-8f8c-408d5c7fd08b} - E:\USBNB.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {80041a6c-58d5-11e7-8172-408d5c7fd08b} - E:\InstalarOffice.bat
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {93a9dfe5-6156-11e6-bbfe-408d5c7fd08b} - J:\LaunchU3.exe -a
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {a4b9573a-8fdc-11e7-ab4a-408d5c7fd08b} - E:\Startme.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {bbd6cd5f-7756-11e6-979f-408d5c7fd08b} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {bbd6cd9c-7756-11e6-979f-408d5c7fd08b} - J:\LaunchU3.exe -a
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {bd7c849d-a861-11e8-a2ae-408d5c7fd08b} - E:\InstalarOffice.bat
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {d8d68af0-1ee3-11e8-b2f8-408d5c7fd08b} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {ea1569ab-9d61-11e8-b94a-408d5c7fd08b} - E:\browsercall.exe MovimientoVa por mi Cuenta.mov
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {f8408acc-de1f-11e5-9409-806e6f6e6963} - D:\Run.exe
HKLM\...\Drivers32-x32: [VIDC.DIVX] => C:\Windows\SysWOW64\divx.dll [682496 2008-03-31] (DivX, Inc.)
HKLM\...\Drivers32-x32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [5120 2006-05-26] ()
HKLM\...\Drivers32-x32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [159839 2008-01-10] ()
HKLM\...\Drivers32-x32: [VIDC.YV12] => C:\Windows\SysWOW64\yv12vfw.dll [217088 2004-01-25] (www.helixcommunity.org)
HKLM\...\Drivers32-x32: [msacm.ac3acm] => ac3acm.acm
HKLM\...\Drivers32-x32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [389120 2006-09-24] (hxxp://www.mp3dev.org/)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.2.9.2 10.2.9.68
Tcpip\..\Interfaces\{157DBD45-4763-4C74-93DC-BB9817E03C41}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{29BB553B-9631-4970-805C-6EF775F30E97}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{56B9997D-8EB7-4E7E-8348-34CDA13C4B51}: [DhcpNameServer] 10.2.9.2 10.3.9.2
Tcpip\..\Interfaces\{9D463F7B-9E4F-4390-910B-4E2A88209030}: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{CDE47458-A521-4230-8C3B-99BEB972C9F1}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{D061EA5D-9B19-44A7-B56A-F86FD1744EA2}: [DhcpNameServer] 10.2.9.2 10.2.9.68
Tcpip\..\Interfaces\{D56F17E3-5922-4802-88F2-5CA6887B1C78}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{DE3AF6B1-2400-4A49-851E-1B8E437D8841}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{FE337156-44D7-410A-B230-1D76AF3FEC91}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www2.savemax.store/
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-mx/?ocid=iehp
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKU\S-1-5-21-238190202-3643189478-1238637981-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Toolbar: HKU\S-1-5-21-238190202-3643189478-1238637981-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF DefaultProfile: 86lhvs77.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86lhvs77.default [2019-01-30]
FF Homepage: Mozilla\Firefox\Profiles\86lhvs77.default -> hxxps://www.malwarebytes.org/restorebrowser//search.php?q=
FF Extension: (SaveFrom.net helper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86lhvs77.default\Extensions\[email protected] [2018-02-24]
FF Extension: (Avast Online Security) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86lhvs77.default\Extensions\[email protected] [2018-11-05]
FF Extension: (Video DownloadHelper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86lhvs77.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-07]
FF Extension: (Telemetry coverage) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86lhvs77.default\features\{445c82a9-72da-4275-8f50-3cb4f6508a04}\[email protected] [2018-10-20] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFPlgn => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files (x86)\Haihaisoft Universal Player\Codec\Plugins\nprpjplug.dll [2006-10-18] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-01-30]
CHR Extension: (Presentaciones) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documentos) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Hojas de cálculo) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-01-21]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-18]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-01-30]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2019-01-30]
CHR HKU\S-1-5-21-238190202-3643189478-1238637981-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [681400 2018-11-29] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-03-10] (Seiko Epson Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [143448 2018-11-29] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107896 2018-11-29] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [188832 2018-10-17] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50144 2018-10-17] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82304 2018-10-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61528 2018-10-17] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [109864 2018-10-17] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-01-28] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [126624 2019-01-30] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [72536 2019-01-30] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2019-01-30] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [103760 2019-01-30] (Malwarebytes)
S3 TXEIx64; C:\Windows\System32\DRIVERS\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-30 10:46 - 2019-01-30 10:46 - 000020735 _____ C:\Users\User\Desktop\FRST.txt
2019-01-30 10:45 - 2019-01-30 10:46 - 000000000 ____D C:\FRST
2019-01-30 10:45 - 2019-01-29 16:54 - 002428416 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2019-01-30 10:43 - 2019-01-30 10:43 - 000003277 _____ C:\Users\User\Desktop\JRT.txt
2019-01-30 10:35 - 2019-01-29 16:48 - 001790024 _____ (Malwarebytes) C:\Users\User\Desktop\JRT.exe
2019-01-30 10:34 - 2019-01-30 10:34 - 000001681 _____ C:\Users\User\Desktop\AdwCleaner[C00].txt
2019-01-30 10:29 - 2019-01-30 10:29 - 000126624 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-01-30 10:29 - 2019-01-30 10:29 - 000103760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-01-30 10:29 - 2019-01-30 10:29 - 000072536 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-01-30 10:28 - 2019-01-30 10:28 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-01-30 10:27 - 2019-01-30 10:27 - 000000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2019-01-30 10:22 - 2019-01-30 10:24 - 000000000 ____D C:\AdwCleaner
2019-01-30 10:21 - 2019-01-30 10:21 - 000001535 _____ C:\Users\User\Desktop\MALWAREBITES.txt
2019-01-30 10:11 - 2019-01-30 10:12 - 000190534 _____ C:\Users\User\Desktop\cc_20190130_101128-REGISTRO CLEANER.reg
2019-01-29 17:40 - 2019-01-29 17:40 - 002665701 _____ C:\Users\User\Downloads\fut2011.pdf
2019-01-29 17:37 - 2019-01-29 17:37 - 000911650 _____ C:\Users\User\Downloads\1998-04-26_recogiendo_con_el_septimo_sello.pdf
2019-01-29 17:35 - 2019-01-29 17:29 - 000275945 _____ C:\Users\User\Desktop\2010-09-24_el_evangelismo_del_tiempo_del_fin .pdf
2019-01-29 17:31 - 2019-01-29 17:31 - 000440246 _____ C:\Users\User\Downloads\Direccion-El-Evangelismo-del-tiempo-del-fin-Internacional.pdf
2019-01-29 17:29 - 2019-01-29 17:29 - 000275945 _____ C:\Users\User\Downloads\2010-09-24_el_evangelismo_del_tiempo_del_fin (1)
2019-01-29 17:29 - 2019-01-29 17:29 - 000275945 _____ C:\Users\User\Downloads\2010-09-24_el_evangelismo_del_tiempo_del_fin
2019-01-29 17:27 - 2019-01-29 17:27 - 000573742 _____ C:\Users\User\Downloads\2010-09-24-El-evangelismo-del-tiempo-del-fin-1.pdf
2019-01-29 17:02 - 2019-01-29 17:02 - 001790024 _____ (Malwarebytes) C:\Users\User\Downloads\JRT.exe
2019-01-29 16:50 - 2019-01-29 16:51 - 001790024 _____ (Malwarebytes) C:\Users\User\Downloads\JRT (1).exe
2019-01-29 15:22 - 2019-01-29 15:22 - 000081325 _____ C:\Users\User\Downloads\WhatsApp Image 2019-01-17 at 21.08.12.jpeg
2019-01-29 15:22 - 2019-01-29 15:22 - 000056139 _____ C:\Users\User\Downloads\WhatsApp Image 2019-01-24 at 13.05.22.jpeg
2019-01-29 15:22 - 2019-01-29 15:22 - 000045165 _____ C:\Users\User\Downloads\WhatsApp Image 2019-01-21 at 15.35.53.jpeg
2019-01-29 15:21 - 2019-01-29 15:21 - 000141358 _____ C:\Users\User\Downloads\WhatsApp Image 2019-01-03 at 16.50.59.jpeg
2019-01-29 15:21 - 2019-01-29 15:21 - 000090225 _____ C:\Users\User\Downloads\WhatsApp Image 2019-01-02 at 10.03.49.jpeg
2019-01-29 15:20 - 2019-01-29 15:20 - 000048990 _____ C:\Users\User\Downloads\WhatsApp Image 2018-12-27 at 14.35.30.jpeg
2019-01-29 14:33 - 2019-01-29 14:33 - 000068819 _____ C:\Users\User\Downloads\WhatsApp Image 2018-12-21 at 15.57.50.jpeg
2019-01-29 14:33 - 2019-01-29 14:33 - 000065350 _____ C:\Users\User\Downloads\WhatsApp Image 2018-12-21 at 15.59.27.jpeg
2019-01-29 14:33 - 2019-01-29 14:33 - 000056581 _____ C:\Users\User\Downloads\WhatsApp Image 2018-12-20 at 09.20.55.jpeg
2019-01-29 14:32 - 2019-01-29 14:33 - 000072956 _____ C:\Users\User\Downloads\WhatsApp Image 2018-12-14 at 10.45.49.jpeg
2019-01-29 14:32 - 2019-01-29 14:32 - 000119201 _____ C:\Users\User\Downloads\WhatsApp Image 2018-12-04 at 11.03.57.jpeg
2019-01-29 14:32 - 2019-01-29 14:32 - 000100233 _____ C:\Users\User\Downloads\WhatsApp Image 2018-12-10 at 15.20.48.jpeg
2019-01-29 14:32 - 2019-01-29 14:32 - 000090070 _____ C:\Users\User\Downloads\WhatsApp Image 2018-12-06 at 12.35.22.jpeg
2019-01-29 14:32 - 2019-01-29 14:32 - 000083833 _____ C:\Users\User\Downloads\WhatsApp Image 2018-11-28 at 11.22.00.jpeg
2019-01-29 14:32 - 2019-01-29 14:32 - 000077226 _____ C:\Users\User\Downloads\WhatsApp Image 2018-12-06 at 14.37.37.jpeg
2019-01-29 14:32 - 2019-01-29 14:32 - 000022216 _____ C:\Users\User\Downloads\WhatsApp Image 2018-12-10 at 15.44.11.jpeg
2019-01-29 14:31 - 2019-01-29 14:31 - 000088051 _____ C:\Users\User\Downloads\WhatsApp Image 2018-11-13 at 17.58.58.jpeg
2019-01-29 14:31 - 2019-01-29 14:31 - 000082886 _____ C:\Users\User\Downloads\WhatsApp Image 2018-11-15 at 11.35.10.jpeg
2019-01-29 14:31 - 2019-01-29 14:31 - 000073015 _____ C:\Users\User\Downloads\WhatsApp Image 2018-11-23 at 16.11.21.jpeg
2019-01-29 14:31 - 2019-01-29 14:31 - 000019444 _____ C:\Users\User\Downloads\WhatsApp Image 2018-11-14 at 16.53.35.jpeg
2019-01-29 14:30 - 2019-01-29 14:30 - 000079445 _____ C:\Users\User\Downloads\WhatsApp Image 2018-11-05 at 10.47.44.jpeg
2019-01-29 14:29 - 2019-01-29 14:29 - 000118699 _____ C:\Users\User\Downloads\WhatsApp Image 2018-11-01 at 13.10.35.jpeg
2019-01-29 14:29 - 2019-01-29 14:29 - 000081818 _____ C:\Users\User\Downloads\WhatsApp Image 2018-11-05 at 10.41.37.jpeg
2019-01-29 14:29 - 2019-01-29 14:29 - 000029161 _____ C:\Users\User\Downloads\WhatsApp Image 2018-11-01 at 13.10.34.jpeg
2019-01-29 14:29 - 2019-01-29 14:29 - 000024563 _____ C:\Users\User\Downloads\WhatsApp Image 2018-11-01 at 13.10.34 (1).jpeg
2019-01-29 14:28 - 2019-01-29 14:28 - 000087564 _____ C:\Users\User\Downloads\WhatsApp Image 2018-10-26 at 14.25.51.jpeg
2019-01-29 14:27 - 2019-01-29 14:27 - 000090411 _____ C:\Users\User\Downloads\WhatsApp Image 2018-10-18 at 13.18.23.jpeg
2019-01-29 14:26 - 2019-01-29 14:26 - 000117281 _____ C:\Users\User\Downloads\WhatsApp Image 2018-10-18 at 12.35.13.jpeg
2019-01-29 14:26 - 2019-01-29 14:26 - 000094224 _____ C:\Users\User\Downloads\WhatsApp Image 2018-10-12 at 16.28.43.jpeg
2019-01-29 14:26 - 2019-01-29 14:26 - 000084790 _____ C:\Users\User\Downloads\WhatsApp Image 2018-10-10 at 15.22.31.jpeg
2019-01-29 14:26 - 2019-01-29 14:26 - 000082081 _____ C:\Users\User\Downloads\WhatsApp Image 2018-10-11 at 12.38.01.jpeg
2019-01-29 14:25 - 2019-01-29 14:25 - 000112991 _____ C:\Users\User\Downloads\WhatsApp Image 2018-09-27 at 15.17.46.jpeg
2019-01-29 14:25 - 2019-01-29 14:25 - 000112215 _____ C:\Users\User\Downloads\WhatsApp Image 2018-09-27 at 13.56.22.jpeg
2019-01-29 14:25 - 2019-01-29 14:25 - 000084242 _____ C:\Users\User\Downloads\WhatsApp Image 2018-09-21 at 08.27.45.jpeg
2019-01-29 14:25 - 2019-01-29 14:25 - 000074308 _____ C:\Users\User\Downloads\WhatsApp Image 2018-09-17 at 10.50.42.jpeg
2019-01-29 14:25 - 2019-01-29 14:25 - 000068360 _____ C:\Users\User\Downloads\WhatsApp Image 2018-10-04 at 16.31.25.jpeg
2019-01-29 14:25 - 2019-01-29 14:25 - 000065235 _____ C:\Users\User\Downloads\WhatsApp Image 2018-10-04 at 16.30.49.jpeg
2019-01-29 14:25 - 2019-01-29 14:25 - 000058419 _____ C:\Users\User\Downloads\WhatsApp Image 2018-09-21 at 08.29.58.jpeg
2019-01-29 14:25 - 2019-01-29 14:25 - 000057028 _____ C:\Users\User\Downloads\WhatsApp Image 2018-09-21 at 08.28.27.jpeg
2019-01-29 14:25 - 2019-01-29 14:25 - 000056281 _____ C:\Users\User\Downloads\WhatsApp Image 2018-09-21 at 08.29.08.jpeg
2019-01-29 14:24 - 2019-01-29 14:24 - 000103364 _____ C:\Users\User\Downloads\WhatsApp Image 2018-09-07 at 15.52.42.jpeg
2019-01-29 14:24 - 2019-01-29 14:24 - 000085943 _____ C:\Users\User\Downloads\WhatsApp Image 2018-09-07 at 15.54.59.jpeg
2019-01-29 14:24 - 2019-01-29 14:24 - 000083418 _____ C:\Users\User\Downloads\WhatsApp Image 2018-08-24 at 08.04.31.jpeg
2019-01-29 14:24 - 2019-01-29 14:24 - 000062731 _____ C:\Users\User\Downloads\WhatsApp Image 2018-08-31 at 08.07.39.jpeg
2019-01-29 14:24 - 2019-01-29 14:24 - 000062658 _____ C:\Users\User\Downloads\WhatsApp Image 2018-08-31 at 10.07.30.jpeg
2019-01-29 14:24 - 2019-01-29 14:24 - 000056034 _____ C:\Users\User\Downloads\WhatsApp Image 2018-08-16 at 17.03.51.jpeg
2019-01-29 14:24 - 2019-01-29 14:24 - 000049171 _____ C:\Users\User\Downloads\WhatsApp Image 2018-08-09 at 14.18.36.jpeg
2019-01-29 14:23 - 2019-01-29 14:23 - 000061166 _____ C:\Users\User\Downloads\WhatsApp Image 2018-08-08 at 14.43.39.jpeg
2019-01-29 14:23 - 2019-01-29 14:23 - 000043827 _____ C:\Users\User\Downloads\WhatsApp Image 2018-08-02 at 14.18.44.jpeg
2019-01-29 14:22 - 2019-01-29 14:22 - 000049989 _____ C:\Users\User\Downloads\WhatsApp Image 2018-06-28 at 14.15.37.jpeg
2019-01-29 14:21 - 2019-01-29 14:21 - 000144914 _____ C:\Users\User\Downloads\WhatsApp Image 2018-06-07 at 12.46.29.jpeg
2019-01-29 14:20 - 2019-01-29 14:20 - 000127499 _____ C:\Users\User\Downloads\WhatsApp Image 2018-05-25 at 10.24.28.jpeg
2019-01-29 14:20 - 2019-01-29 14:20 - 000110840 _____ C:\Users\User\Downloads\WhatsApp Image 2018-06-01 at 11.55.19.jpeg
2019-01-29 10:47 - 2019-01-29 10:48 - 007320272 _____ (Malwarebytes) C:\Users\User\Desktop\adwcleaner_7.2.6.0.exe
2019-01-28 16:09 - 2019-01-28 16:09 - 000000000 ____D C:\Users\User\Desktop\rkill
2019-01-28 15:19 - 2019-01-28 15:41 - 1476629231 _____ C:\Users\User\Desktop\el grinch.mp4
2019-01-28 13:27 - 2019-01-21 16:44 - 007241296 _____ (Stanislav Polshyn & Trend Micro Inc.) C:\Users\User\Desktop\HiJackThis.exe
2019-01-28 13:25 - 2019-01-29 17:00 - 000000000 ____D C:\Users\User\Desktop\ANTIVIRUS
2019-01-28 11:50 - 2019-01-28 11:50 - 000000000 ____D C:\Users\User\AppData\Local\mbamtray
2019-01-28 11:50 - 2019-01-28 11:50 - 000000000 ____D C:\Users\User\AppData\Local\mbam
2019-01-28 11:48 - 2019-01-28 11:48 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-01-28 11:46 - 2019-01-28 11:46 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-28 11:45 - 2019-01-28 11:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-28 11:45 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-01-28 11:44 - 2019-01-28 11:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-28 11:44 - 2019-01-28 11:44 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-28 11:30 - 2019-01-28 11:31 - 000084095 _____ C:\Users\User\Downloads\cfdi_FECE620201MM5_BE3775E2-7F40-4B0C-B29E-635609B99D32.zip
2019-01-28 11:11 - 2019-01-28 11:11 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\User\Downloads\rkill.exe
2019-01-28 11:11 - 2019-01-28 11:11 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\User\Desktop\iExplore.exe.exe
2019-01-28 10:26 - 2019-01-28 10:27 - 072992160 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.527-1.0.8982.exe
2019-01-26 16:48 - 2019-01-26 17:14 - 1760884657 _____ C:\Users\User\Downloads\Searching.2018.1080p-dual-lat-cinecalidad.to.mp4
2019-01-26 14:41 - 2019-01-26 15:57 - 2045326611 _____ C:\Users\User\Desktop\Polar.mp4
2019-01-25 13:58 - 2019-01-25 13:58 - 002505754 _____ C:\Users\User\Downloads\SECUNDARIA_Escuela_ Exploración-Habilidades.pdf
2019-01-24 21:52 - 2013-10-14 18:00 - 000028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2019-01-24 18:57 - 2014-06-30 16:24 - 000008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2019-01-24 18:57 - 2014-06-30 16:14 - 000008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2019-01-24 18:57 - 2014-03-09 15:48 - 001389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2019-01-24 18:57 - 2014-03-09 15:48 - 000171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2019-01-24 18:57 - 2014-03-09 15:47 - 000619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2019-01-24 18:57 - 2014-03-09 15:47 - 000099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2019-01-24 18:56 - 2014-06-06 00:16 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2019-01-24 18:56 - 2014-06-06 00:12 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2019-01-24 11:27 - 2016-07-22 08:58 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-01-24 11:27 - 2016-07-22 08:51 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2019-01-24 10:36 - 2019-01-24 10:36 - 000000000 __SHD C:\found.002
2019-01-24 09:42 - 2019-01-24 09:42 - 000001943 _____ C:\Users\Public\Desktop\ESET Protección de banca y pagos en línea.lnk
2019-01-24 09:24 - 2019-01-24 09:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2019-01-24 09:24 - 2019-01-24 09:24 - 000000000 ____D C:\ProgramData\ESET
2019-01-24 09:24 - 2019-01-24 09:24 - 000000000 ____D C:\Program Files\ESET
2019-01-24 09:19 - 2015-02-03 21:16 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2019-01-24 09:19 - 2015-02-03 20:54 - 000318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2019-01-24 09:12 - 2019-01-24 09:14 - 005455480 _____ (ESET) C:\Users\User\Downloads\eset_smart_security_premium_live_installer.exe
2019-01-21 16:44 - 2019-01-21 16:44 - 007241296 _____ (Stanislav Polshyn & Trend Micro Inc.) C:\Users\User\Downloads\HiJackThis.exe
2019-01-21 16:04 - 2019-01-21 16:04 - 000003512 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA
2019-01-21 16:04 - 2019-01-21 16:04 - 000003384 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore
2019-01-21 16:03 - 2019-01-21 16:03 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2019-01-21 15:35 - 2019-01-21 15:35 - 007450264 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup_online_a3a.exe
2019-01-21 12:59 - 2019-01-21 16:03 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2019-01-21 09:39 - 2019-01-16 14:07 - 001772079 _____ C:\Users\User\Desktop\Make_Plastic_Milk1.pdf
2019-01-21 09:21 - 2019-01-21 09:31 - 000000000 ____D C:\Users\User\Desktop\ACUPUNTURA
2019-01-17 11:37 - 2019-01-17 11:37 - 000050430 _____ C:\Users\User\Downloads\FACTURA XTREME COPSA COMPRAS.zip
2019-01-16 14:07 - 2019-01-16 14:07 - 001772079 _____ C:\Users\User\Downloads\Make_Plastic_Milk1.pdf
2019-01-15 12:56 - 2019-01-29 09:47 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2019-01-11 14:03 - 2019-01-11 14:03 - 000084252 _____ C:\Users\User\Downloads\cfdi_ESA981209QV6_AE1984AD-4FDA-4B16-9AAD-54114C1E9ECC.zip
2019-01-11 12:54 - 2019-01-11 12:54 - 001912296 _____ C:\Users\User\Downloads\GuiaEXANI-2-SUPERIOR.pdf
2019-01-09 13:33 - 2019-01-21 15:34 - 000000000 ___SD C:\Users\User\AppData\LocalLow\Temp
2019-01-08 14:08 - 2019-01-11 11:48 - 000000000 ____D C:\Users\User\Desktop\jorge laguna
2019-01-07 16:41 - 2019-01-07 16:41 - 000084256 _____ C:\Users\User\Downloads\cfdi_ECM081106NV8_5E448E23-C7BB-4793-B28D-5401EBD08C58.zip
2019-01-07 16:08 - 2019-01-07 16:08 - 000084864 _____ C:\Users\User\Desktop\ASIGNACION.pdf
2019-01-03 10:59 - 2019-01-03 11:07 - 000210567 _____ C:\Users\User\Desktop\exel bitacora.pdf
2019-01-02 16:34 - 2019-01-02 16:34 - 000084251 _____ C:\Users\User\Downloads\cfdi_ESA950912KH3_802921E3-F742-4C04-83FC-0BEF4F416ACC.zip
2019-01-02 10:28 - 2019-01-02 10:28 - 000035972 _____ C:\Users\User\Downloads\GAS MES DE DICIEMBRE 2018.xlsx

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-30 10:36 - 2018-11-05 09:58 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-01-30 10:29 - 2016-03-08 18:17 - 000001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d17999195e6983.job
2019-01-30 10:27 - 2018-04-11 11:08 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-01-30 10:26 - 2016-02-27 17:58 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-01-30 10:26 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-30 10:24 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2019-01-30 10:22 - 2016-03-08 18:17 - 000001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2019-01-29 13:50 - 2016-03-07 20:31 - 000000000 ____D C:\Users\User\Desktop\ESCANER NUEVOS
2019-01-29 13:01 - 2010-11-21 01:09 - 069698888 _____ C:\Windows\system32\perfh00A.dat
2019-01-29 13:01 - 2010-11-21 01:09 - 023276208 _____ C:\Windows\system32\perfc00A.dat
2019-01-29 13:01 - 2009-07-13 23:13 - 000006212 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-28 15:19 - 2018-07-24 14:25 - 000000000 ____D C:\Users\User\AppData\Roaming\Psiphon3
2019-01-28 15:17 - 2016-04-26 16:59 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2019-01-28 12:26 - 2016-02-29 10:13 - 000000000 ____D C:\Users\User\AppData\Local\ESET
2019-01-28 12:24 - 2016-05-19 08:33 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-01-26 14:08 - 2018-03-01 12:44 - 004597550 _____ C:\Users\User\Desktop\LOS ARCOS-BAR.cdr
2019-01-24 08:59 - 2018-11-05 10:01 - 000000000 ____D C:\Users\User\AppData\Local\AVAST Software
2019-01-24 08:59 - 2017-10-28 10:21 - 000000000 ____D C:\ProgramData\AVAST Software
2019-01-23 17:35 - 2009-07-13 22:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-23 17:35 - 2009-07-13 22:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-23 16:01 - 2018-11-05 09:59 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-01-23 16:01 - 2018-05-16 09:16 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-01-23 16:01 - 2016-07-28 16:24 - 000003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1e91ec6785ec9
2019-01-23 16:01 - 2016-05-19 08:33 - 000002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-01-23 16:01 - 2016-03-08 18:17 - 000004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-01-23 16:01 - 2016-03-08 18:17 - 000004042 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d17999195e6983
2019-01-23 16:01 - 2016-03-08 18:17 - 000003342 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-01-23 16:01 - 2016-02-29 12:11 - 000003030 _____ C:\Windows\System32\Tasks\{878B7C65-BBC2-4DFF-B32B-29E7179E7F25}
2019-01-21 17:06 - 2018-12-07 11:48 - 000000000 ____D C:\ProgramData\Norton
2019-01-21 17:06 - 2018-12-07 11:48 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2019-01-21 16:34 - 2017-10-28 14:58 - 000040179 _____ C:\usbfix-debug.txt
2019-01-15 18:16 - 2016-10-03 13:27 - 000000000 ____D C:\Users\User\Desktop\LOS ARCOS
2019-01-15 12:20 - 2018-07-24 14:30 - 006115952 _____ C:\Users\User\Desktop\psiphon3.exe
2019-01-08 15:30 - 2017-05-30 09:07 - 000000000 ____D C:\Users\User\Desktop\PASS
2019-01-08 14:18 - 2016-03-03 10:31 - 000000000 ____D C:\Program Files\Common Files\AV
2019-01-07 09:28 - 2018-05-16 09:15 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-01-04 11:42 - 2018-02-21 18:07 - 000000000 ____D C:\Users\User\Desktop\colchones
2019-01-02 12:51 - 2017-05-30 08:54 - 000000000 ____D C:\Users\User\Desktop\peliculas nuevas

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-20 21:24] - [2014-12-23 17:13] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-20 21:24] - [2014-12-23 17:13] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-24 17:43

==================== End of FRST.txt ============================
0 me gusta

#7
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2019
Ran by User (30-01-2019 10:47:29)
Running from C:\Users\User\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-12-23 23:06:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-238190202-3643189478-1238637981-500 - Administrator - Disabled)
Invitado (S-1-5-21-238190202-3643189478-1238637981-501 - Limited - Disabled)
User (S-1-5-21-238190202-3643189478-1238637981-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{3B4AE1A9-C026-4D08-8004-DA9A85A411A4}) (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X3 (HKLM-x32\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.0 - Corel Corporation)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1531 - CyberLink Corp.)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{71038C40-8258-44D2-BBF4-B6312338172C}) (Version: 2.8.3.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{AB8BE3EA-01D3-44B7-8E77-A9601CBDEBDE}) (Version: 3.10.0085 - Seiko Epson Corporation)
EPSON L4160 Series Printer Uninstall (HKLM\...\EPSON L4160 Series) (Version:  - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
ES (HKLM-x32\...\{CBFAD664-763E-4A7D-BF92-BB0E493F3C66}) (Version: 13.0 - Corel Corporation) Hidden
ESET Security (HKLM\...\{F1544F11-BFCC-43CC-9D0C-169A7E99369E}) (Version: 12.0.31.0 - ESET, spol. s r.o.)
FontNav (HKLM-x32\...\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}) (Version: 5.0 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Haihaisoft Universal Player (HKLM-x32\...\Haihaisoft Universal Player) (Version: 1.0.7.1 - Haihaisoft)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.19 - Intel Corporation)
IZArc 3.81 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 3.81 Build 1550 - Ivan Zahariev)
K-Lite Mega Codec Pack 3.7.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 3.7.5 - )
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Manual Epson L4160 (HKLM-x32\...\UsersGuideManual Epson L4160_is1) (Version: 1.0 - Epson America, Inc.)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Nero 7 Premium (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
OEM Application Profile (HKLM-x32\...\{FCCF4B77-432F-EA83-4289-40C1DFA14C85}) (Version: 1.00.0000 - Nombre de su organización) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.7 - Frank Heindörfer, Philip Chinery)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Update Manager (HKLM-x32\...\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}) (Version: 4.60 - Corel Corporation) Hidden
UsbFix (HKLM-x32\...\Usbfix) (Version: 9.001 - www.SOSVirus.Net)
VBA (HKLM-x32\...\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}) (Version: 6.2 - Corel Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG)
ContextMenuHandlers1-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET)
ContextMenuHandlers1-x32-x32: [IZArcCM] -> {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} => C:\Program Files (x86)\IZArc\IZArcCM.dll [2007-06-02] ()
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4-x32: [IZArcCM] -> {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} => C:\Program Files (x86)\IZArc\IZArcCM.dll [2007-06-02] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-15] (Intel Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {094469D3-B12D-46EF-9E8F-77D2162A9A48} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe
Task: {151D215D-85AF-430E-B07D-49DB267ECC50} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {2BF659C7-7306-4123-8D4A-BB992C5DB58D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {4574DF52-4560-44A3-A16A-21A3599C5F7E} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {4977486F-C3EF-48C7-B03E-1241CD8EF28E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-01-10] (Piriform Ltd)
Task: {57218742-EBFF-439D-8BD9-EDF82F695A59} - System32\Tasks\GoogleUpdateTaskMachineUA1d17999195e6983 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-08] (Google Inc.)
Task: {60B04391-B6B7-49B3-B100-50E5A2F92C3F} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe
Task: {6228EA58-42C2-4083-9D3A-1E3C39F913F6} - System32\Tasks\{878B7C65-BBC2-4DFF-B32B-29E7179E7F25} => C:\Windows\system32\pcalua.exe -a D:\一键安全检测.exe -d D:\
Task: {895DFF89-2237-4462-AA3C-97EC6921AD77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-08] (Google Inc.)
Task: {A5A91C25-FB66-40EA-BC1B-53E7078D3354} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e91ec6785ec9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-08] (Google Inc.)
Task: {B3B2B407-6710-41E3-8079-DAB06F0C800D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd)
Task: {C2ACDC74-170F-47D7-B869-5258026FE425} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2019-01-16] (AVAST Software)
Task: {CBEC4A66-E5E8-4235-9C2C-2183C012637B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-08] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d17999195e6983.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":
WMI:subscription\__EventFilter->BVTFilter:
WMI:subscription\CommandLineEventConsumer->BVTConsumer:

ShortcutWithArgument: C:\Users\User\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://www2.savemax.store/"
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2016-04-01 11:00 - 2005-03-12 00:07 - 000087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-12-23 17:36 - 2013-05-07 01:45 - 000936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2019-01-28 11:45 - 2018-11-21 11:07 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2019-01-28 11:45 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2019-01-10 04:01 - 2019-01-10 04:01 - 000103560 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
2014-12-23 17:36 - 2014-12-23 18:38 - 000009216 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-12-23 17:36 - 2013-05-07 01:45 - 000104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2018-11-15 09:51 - 000000826 ____N C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %C_EM64T_REDIST11%bin\Intel64;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{885A36FC-C743-4AB6-AFCA-3CD4F6EACE4C}C:\users\user\desktop\pdfedit.exe] => (Allow) C:\users\user\desktop\pdfedit.exe (Foxit Software Company)
FirewallRules: [UDP Query User{5B11F298-A220-40B0-B39F-E338DB15041E}C:\users\user\desktop\pdfedit.exe] => (Allow) C:\users\user\desktop\pdfedit.exe (Foxit Software Company)
FirewallRules: [{C9852499-B43B-4D24-A72B-BCF3EAECEA48}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE (CyberLink Corp.)
FirewallRules: [TCP Query User{B93168F0-31A8-471A-B0E4-0B128D3AA66A}C:\users\user\desktop\pdfedit.exe] => (Allow) C:\users\user\desktop\pdfedit.exe (Foxit Software Company)
FirewallRules: [UDP Query User{0B1AA479-5BBD-473E-B901-6EA43BAEA363}C:\users\user\desktop\pdfedit.exe] => (Allow) C:\users\user\desktop\pdfedit.exe (Foxit Software Company)
FirewallRules: [TCP Query User{386F53FF-EB09-4DC9-A052-D8312A072815}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation)
FirewallRules: [UDP Query User{33227A13-0594-4FDF-86DB-5051ADB4DE15}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation)
FirewallRules: [{664B7D02-4393-40AD-83B7-58A2B1A25424}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{EE26497C-4F9C-4558-8AD1-2BBACCDC6059}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
FirewallRules: [{6257F2E2-1B8A-455B-8B66-3C69695C1780}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [{C4922F5B-992E-4E08-B3B6-636F64A66252}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
FirewallRules: [TCP Query User{8E70B6D1-E8A5-4F0D-BC48-37F1604E7DCD}C:\users\user\desktop\megadownloader.exe] => (Allow) C:\users\user\desktop\megadownloader.exe ()
FirewallRules: [UDP Query User{88DFA84D-4FAE-4C55-9E7B-6BF53F2B712E}C:\users\user\desktop\megadownloader.exe] => (Allow) C:\users\user\desktop\megadownloader.exe ()
FirewallRules: [{386CA564-C29E-4B8C-A910-74037F26A380}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
FirewallRules: [{975EEDF8-3911-4CCB-984D-2A0C89988905}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
FirewallRules: [{28C58410-0FBE-4276-A2AE-A5ED4A793BB9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{EE1883E6-559D-411D-8B6A-BFABA4DCB2EB}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{1B06B13A-AE2C-487C-9610-CA313C3776D2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)

==================== Restore Points =========================

30-01-2019 10:35:41 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2019 10:28:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (01/30/2019 10:26:59 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x80070005.

Error: (01/30/2019 10:25:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.2.0.704, marca de tiempo: 0x5b9acf90
Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17514, marca de tiempo: 0x4ce7c8f9
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000004e4b4
Id. del proceso con errores: 0xb40
Hora de inicio de la aplicación con errores: 0x01d4b8affc42c598
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll
Id. del informe: a47adc20-24ab-11e9-b31f-408d5c7fd08b

Error: (01/30/2019 09:26:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (01/30/2019 09:24:50 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x80070005.

Error: (01/29/2019 03:07:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (01/29/2019 03:05:42 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x80070005.

Error: (01/29/2019 01:01:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.


System errors:
=============
Error: (01/30/2019 10:24:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/30/2019 10:24:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Adobe Acrobat Update Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/30/2019 10:24:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio ASUS Com Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/30/2019 10:24:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Epson Scanner Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/30/2019 10:24:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio AMD External Events Utility se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/30/2019 10:24:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Intel(R) Capability Licensing Service Interface terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (01/30/2019 10:24:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio EpsonCustomerResearchParticipation se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (01/30/2019 10:24:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio NMIndexingService se terminó de manera inesperada. Esto ha sucedido 1 veces.


Windows Defender:
===================================
Date: 2019-01-23 17:32:26.191
Description: 
Windows Defender encontró un error al intentar actualizar el motor.
Nueva versión de motor:1.1.15600.4
Versión de motor anterior:1.1.6402.0
Origen de actualización:Usuario
Usuario:NT AUTHORITY\SYSTEM
Código de error:0x8050800c
Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 

==================== Memory info =========================== 

Processor: AMD A4-4000 APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 49%
Total physical RAM: 3272.4 MB
Available physical RAM: 1649.83 MB
Total Virtual: 6543 MB
Available Virtual: 4891.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.14 GB) (Free:67.06 GB) NTFS
Drive i: (Nuevo vol) (Fixed) (Total:221.27 GB) (Free:48.95 GB) NTFS

\\?\Volume{3fb977c4-8af7-11e4-89dc-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.35 GB) (Free:0.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=356 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
0 me gusta

#8

espero sus comentarios gracias buen dia

0 me gusta

#9

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {094469D3-B12D-46EF-9E8F-77D2162A9A48} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe
Task: {151D215D-85AF-430E-B07D-49DB267ECC50} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {4574DF52-4560-44A3-A16A-21A3599C5F7E} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
Task: {60B04391-B6B7-49B3-B100-50E5A2F92C3F} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe
Task: {6228EA58-42C2-4083-9D3A-1E3C39F913F6} - System32\Tasks\{878B7C65-BBC2-4DFF-B32B-29E7179E7F25} => C:\Windows\system32\pcalua.exe -a D:\??????.exe -d D:\
Task: {C2ACDC74-170F-47D7-B869-5258026FE425} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2019-01-16] (AVAST Software)
ShortcutWithArgument: C:\Users\User\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://www2.savemax.store/"
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: E - E:\LGAutoRun.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {1ae1988d-a35e-11e6-8289-408d5c7fd08b} - E:\autorun.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {1ea3dc9f-46ff-11e8-87ae-408d5c7fd08b} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {23498c9f-fb99-11e7-94d7-408d5c7fd08b} - J:\HiSuiteDownLoader.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {26e22867-1301-11e7-9e8b-408d5c7fd08b} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {26e228ac-1301-11e7-9e8b-408d5c7fd08b} - E:\.\Driver\DriverInstaller.exe -eject
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {36a9528a-bedb-11e6-84d6-408d5c7fd08b} - E:\autorun.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {36a9528e-bedb-11e6-84d6-408d5c7fd08b} - E:\autorun.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {36a95294-bedb-11e6-84d6-408d5c7fd08b} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {5a921732-15b0-11e9-8032-408d5c7fd08b} - E:\LGAutoRun.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {695c4647-d14a-11e8-9c66-408d5c7fd08b} - E:\LaunchU3.exe -a
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {6a95b0ff-c882-11e7-adb8-408d5c7fd08b} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {6e5f663a-358d-11e7-926c-408d5c7fd08b} - E:\InstalarOffice.bat
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {7f4d646d-5041-11e7-8f8c-408d5c7fd08b} - E:\USBNB.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {80041a6c-58d5-11e7-8172-408d5c7fd08b} - E:\InstalarOffice.bat
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {93a9dfe5-6156-11e6-bbfe-408d5c7fd08b} - J:\LaunchU3.exe -a
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {a4b9573a-8fdc-11e7-ab4a-408d5c7fd08b} - E:\Startme.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {bbd6cd5f-7756-11e6-979f-408d5c7fd08b} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {bbd6cd9c-7756-11e6-979f-408d5c7fd08b} - J:\LaunchU3.exe -a
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {bd7c849d-a861-11e8-a2ae-408d5c7fd08b} - E:\InstalarOffice.bat
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {d8d68af0-1ee3-11e8-b2f8-408d5c7fd08b} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {ea1569ab-9d61-11e8-b94a-408d5c7fd08b} - E:\browsercall.exe MovimientoVa por mi Cuenta.mov
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\...\MountPoints2: {f8408acc-de1f-11e5-9409-806e6f6e6963} - D:\Run.exe
GroupPolicy: Restriction ? <==== ATTENTION
HKU\S-1-5-21-238190202-3643189478-1238637981-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www2.savemax.store/
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
Toolbar: HKU\S-1-5-21-238190202-3643189478-1238637981-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
Toolbar: HKU\S-1-5-21-238190202-3643189478-1238637981-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Extension: (SaveFrom.net helper) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86lhvs77.default\Extensions\[email protected] [2018-02-24]
FF Extension: (Avast Online Security) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\86lhvs77.default\Extensions\[email protected] [2018-11-05]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFPlgn => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-01-23 16:01 - 2018-11-05 09:59 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-01-21 16:04 - 2019-01-21 16:04 - 000003512 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA
2019-01-21 16:04 - 2019-01-21 16:04 - 000003384 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore
2019-01-21 16:03 - 2019-01-21 16:03 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2019-01-24 08:59 - 2018-11-05 10:01 - 000000000 ____D C:\Users\User\AppData\Local\AVAST Software
2019-01-24 08:59 - 2017-10-28 10:21 - 000000000 ____D C:\ProgramData\AVAST Software
2019-01-21 17:06 - 2018-12-07 11:48 - 000000000 ____D C:\ProgramData\Norton
2019-01-21 17:06 - 2018-12-07 11:48 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora inicia tu equipo desde el :arrow_forward: Modo Seguro – con funciones de Red, de Windows

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Ademas… nos dices que otros antivirus has tenido instalado en ese ordenador, y como los eliminaste en su momento.??

Saludos.

0 me gusta