Como eliminar msiexec.exe

hola yo se que ustedes saben de estos temas una vez me ayudaron con un virus y hora vengo de nuevo, resulta que por error instale un programa, y se infecto mi pc con el virus msiexec.exe ya probé con Eset Online Scanner pero no funciono , he leído que SpyHunter lo puede eliminar pero con la versión de pago. Hay alguna otra forma de eliminar el virus ?

Hola @Rodvi_Julio

Por aquí no recomendamos Spyhunter.

Existen herramientas gratuitas con las que podemos desinfectar.


Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos con todos los programas cerrados incluido los navegadores

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.

  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

  • Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Personalizado marcando todas las unidades
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: [size=2]¿Como Pegar reportes en el Foro?[/size]

Nos comentas.

Salu2

1 me gusta
# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-08-09.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-09-2019
# Duration: 00:00:05
# OS:       Windows 7 Ultimate
# Cleaned:  24
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\AskTBar

***** [ Files ] *****

Deleted       C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
Deleted       C:\Users\HP\Downloads\SpyHunter-Installer.exe
Deleted       C:\Users\HP\Favorites\Mail.Ru.url
Deleted       C:\Users\HP\Favorites\?????? ? ?????????.url

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Google\Chrome\NativeMessagingHosts\ru.mail.go.ext_info_host
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Deleted       HKLM\Software\Classes\IESearchPlugin.MailRuBHO
Deleted       HKLM\Software\Wow6432Node\AskTBar
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EF758C50-5FA2-4B0A-86D3-8B65B176BC53}

***** [ Chromium (and derivatives) ] *****

Deleted       ikihefjapmkjipaiafghlnndpbcdoocc
Deleted       ???????? ???????? ? ????? ?? Mail.Ru
Deleted       ?????

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3733 octets] - [09/08/2019 11:44:24]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
~ ZHPCleaner v2019.8.7.118 by Nicolas Coolman (2019/08/07)
~ Run by HP (Administrator)  (09/08/2019 12:06:56)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scanner
~ Report : C:\Users\HP\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\HP\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (21)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Registro ( Claves, Valores, Datos) (1)
ENCONTRADOS clave: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet []  =>HackTool.WinActivator


---\\  Resumen de elementos en su estación de trabajo (1)
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/  =>HackTool.WinActivator


---\\ Resultado de la reparación.
~ ninguna reparación hecha
~ falta este navegador! (Mozilla Firefox)
~ falta este navegador! (Opera Software)


---\\ STATISTIQUES
~ Items escaneado : 73879
~ Items encontrado : 1
~ artículos cancelados : 0
~ Items opciones : 6/13
~ Ahorro de espacio (bytes) : 0


~ End of search in 00h04mn44s

---\\  Reporte (3)
ZHPCleaner-[R]-09082019-12_05_43.txt
ZHPCleaner-[S]-09082019-12_03_03.txt
ZHPCleaner-[S]-09082019-12_11_40.txt
Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 9/8/19
Hora del análisis: 12:15
Archivo de registro: 9a05cffb-bad1-11e9-beae-1803731d8e67.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.11936
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: SERVIDOR\HP

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 185373
Amenazas detectadas: 20
Amenazas en cuarentena: 20
Tiempo transcurrido: 1 hr, 41 min, 46 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 13
Trojan.CrthRazy, HKLM\SOFTWARE\WOW6432NODE\Machiner, Se eliminará al reiniciar, [3134], [676882],1.0.11936
Adware.ExtenBro.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\36509B8F624CE280E0C797F42F4A8F552A280313, Se eliminará al reiniciar, [6869], [707078],1.0.11936
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Se eliminará al reiniciar, [7035], [252393],1.0.11936
Adware.ExtenBro.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\36509B8F624CE280E0C797F42F4A8F552A280313, Se eliminará al reiniciar, [6869], [707078],1.0.11936
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\beliehdniadoecbonbhlcgbdldccfigp, Se eliminará al reiniciar, [254], [678404],1.0.11936
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Se eliminará al reiniciar, [7035], [252393],1.0.11936
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\iepoegkaoeljnbhagabakjodgpfniimo, Se eliminará al reiniciar, [254], [655213],1.0.11936
Trojan.DNSChanger.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ehcwltxuhoiab, Se eliminará al reiniciar, [14590], [711378],1.0.11936
Trojan.DNSChanger.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F2BC84C2-B1F7-44C5-B29B-405ED598EB6B}, Se eliminará al reiniciar, [14590], [711378],1.0.11936
Trojan.DNSChanger.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F2BC84C2-B1F7-44C5-B29B-405ED598EB6B}, Se eliminará al reiniciar, [14590], [711378],1.0.11936
Trojan.DNSChanger.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\yshnjvimbjpfxqg, Se eliminará al reiniciar, [14590], [711378],1.0.11936
Trojan.DNSChanger.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{404B1866-CE62-4C2B-B3B1-3B405632635D}, Se eliminará al reiniciar, [14590], [711378],1.0.11936
Trojan.DNSChanger.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{404B1866-CE62-4C2B-B3B1-3B405632635D}, Se eliminará al reiniciar, [14590], [711378],1.0.11936

Valor del registro: 4
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Se eliminará al reiniciar, [7035], [252393],1.0.11936
PUP.Optional.MailRu, HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|BELIEHDNIADOECBONBHLCGBDLDCCFIGP, Se eliminará al reiniciar, [254], [678404],1.0.11936
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Se eliminará al reiniciar, [7035], [252393],1.0.11936
PUP.Optional.MailRu, HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|IEPOEGKAOELJNBHAGABAKJODGPFNIIMO, Se eliminará al reiniciar, [254], [655213],1.0.11936

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 3
Trojan.DNSChanger.BrwsrFlsh, C:\WINDOWS\SYSTEM32\TASKS\ehcwltxuhoiab, Se eliminará al reiniciar, [14590], [711378],1.0.11936
Trojan.DNSChanger.BrwsrFlsh, C:\WINDOWS\SYSTEM32\TASKS\yshnjvimbjpfxqg, Se eliminará al reiniciar, [14590], [711378],1.0.11936
PUP.Optional.MailRu, C:\ADWCLEANER\QUARANTINE\V1\20190809.114552\15\MAIL.RU.LNK#9D18CF5BE526F636, Se eliminará al reiniciar, [254], [511420],1.0.11936

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Hola @Rodvi_Julio

Y como continuo el problema?


Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

1 me gusta

hola, por ahora todo va bien, si continua haré el siguiente paso que me recomiendas

Hola @Rodvi_Julio

Te recomiendo que lo hagas igual, ya que el virus que tienes deja claves escondidas, y puede multiplicarse en los reinicios.

Salu2.

1 me gusta
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-08-2019 02
Ran by HP (administrator) on SERVIDOR (Dell Inc. OptiPlex 790) (09-08-2019 15:32:35)
Running from C:\Users\HP\Downloads
Loaded Profiles: HP (Available Profiles: HP)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis, Inc -> Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ALWIL Software -> ALWIL Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(ALWIL Software -> ALWIL Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIURE.EXE
(win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13874392 2015-01-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Servicio de Acronis Scheduler2 ] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [390640 2010-12-20] (Acronis, Inc -> Acronis)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-01-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2568016 2010-11-16] (Acronis, Inc -> Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5575432 2010-12-20] (Acronis, Inc -> Acronis)
HKLM-x32\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [2756488 2010-02-11] (ALWIL Software -> ALWIL Software)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1308456 2018-06-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [665568 2018-08-07] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [870368 2018-08-07] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG -> Nero AG)
HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIURE.EXE [416896 2017-09-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\...\MountPoints2: {23065974-0e71-11e8-873a-e839353b2500} - D:\HiSuiteDownLoader.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-08] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B3F996D-9911-4ED1-8B0A-2288510F03CC} - System32\Tasks\{DA4915D0-6287-4810-8ED2-05C428DA9832} => C:\Windows\system32\pcalua.exe -a "E:\programas\nero7\N_ro 7 Pr_mi_um.exe" -d E:\programas\nero7
Task: {131358A7-F267-4BA2-988B-670DB2327F08} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {2E170E1E-3134-423D-B678-7096E74AB775} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {335D59BC-19E0-46BC-9E7C-9C7AAB8BFC99} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {41702A56-104B-41BD-BC51-B5BF7D94651E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2047368 2019-08-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {69DBE120-5DE4-4766-A486-FD67ABEDBE04} - System32\Tasks\EPSON L5190 Series Update {589E4742-D55D-4CE5-8434-6EEAA4B4B524} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSURE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {9023647A-A48E-4D8D-BE7D-8CEB06F82769} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {96049555-6354-4413-B94E-40689747ECB7} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\HP\Downloads\esetonlinescanner_esl.exe [7986200 2019-08-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {99591CFB-90EF-4220-A8D8-754CD5B86472} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-08] (Google Inc -> Google LLC)
Task: {A3708798-9ED3-49CF-97D8-A94BC070D3AB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A5899ED3-52BC-44F5-B7D4-E91276FFD013} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC800750-EA24-41F6-9E54-8E8127EAC1E1} - System32\Tasks\Avast Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2421864 2018-02-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {BAA18EA5-399F-41BE-975B-18657066151C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-08] (Google Inc -> Google LLC)
Task: {E3A7B2B6-9D0D-4FD4-A0A3-543850AC5A68} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\HP\Downloads\esetonlinescanner_esl.exe [7986200 2019-08-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {E9F0FEFE-20A2-4BE0-AAA8-791063049805} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON L5190 Series Update {589E4742-D55D-4CE5-8434-6EEAA4B4B524}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSURE.EXE:/EXE:{589E4742-D55D-4CE5-8434-6EEAA4B4B524} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3539255387-4219119725-3613937337-1000] => 192.168.1.1:80
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{87B6CE03-0297-4D43-8E66-E04B290FC976}: [DhcpNameServer] 10.7.255.102 10.8.255.101
Tcpip\..\Interfaces\{BFD9500F-151C-4320-ABCF-D16EF0D92A98}: [DhcpNameServer] 10.7.255.102 10.8.255.101
Tcpip\..\Interfaces\{FFEF3A9C-133E-45A0-AF99-25D67F4F46C7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-xl/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3539255387-4219119725-3613937337-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-08] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-08] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-06-10] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2019-08-09]
CHR Extension: (Presentaciones) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-08]
CHR Extension: (Documentos) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-08]
CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-08]
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-08]
CHR Extension: (Adobe Acrobat) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-08-08]
CHR Extension: (Hojas de cálculo) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-08]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-08]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-08-08]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-08]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-02-11] (ALWIL Software -> ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-02-11] (ALWIL Software -> ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-02-11] (ALWIL Software -> ALWIL Software)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [678328 2018-06-11] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2018-05-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2017-09-05] () [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG -> Nero AG)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2014-12-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate\Transfer\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [22096 2010-02-11] (ALWIL Software -> ALWIL Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [63568 2010-02-11] (ALWIL Software -> ALWIL Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-02-11] (ALWIL Software -> ALWIL Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [120912 2010-02-11] (ALWIL Software -> ALWIL Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-02-11] (ALWIL Software -> ALWIL Software)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [5020672 2009-07-13] (Microsoft Windows -> ATI Technologies Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-09 15:32 - 2019-08-09 15:33 - 000022146 _____ C:\Users\HP\Downloads\FRST.txt
2019-08-09 15:32 - 2019-08-09 15:32 - 000000000 ____D C:\FRST
2019-08-09 15:31 - 2019-08-09 15:31 - 002096640 _____ (Farbar) C:\Users\HP\Downloads\FRST64.exe
2019-08-09 15:16 - 2019-08-09 15:16 - 000000000 ____D C:\Users\HP\Desktop\otros
2019-08-09 14:42 - 2019-08-09 14:42 - 000000000 ____D C:\Users\HP\AppData\Local\ElevatedDiagnostics
2019-08-09 11:36 - 2019-08-09 11:37 - 020891464 _____ (Piriform Software Ltd) C:\Users\HP\Downloads\ccsetup560.exe
2019-08-09 11:35 - 2019-08-09 11:38 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-08-09 11:35 - 2019-08-09 11:35 - 000002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-08-09 11:34 - 2019-08-09 12:12 - 000000000 ____D C:\Users\HP\AppData\Roaming\ZHP
2019-08-09 11:34 - 2019-08-09 11:35 - 000000000 ____D C:\Program Files\CCleaner
2019-08-09 11:34 - 2019-08-09 11:34 - 000000000 ____D C:\Users\HP\AppData\Local\ZHP
2019-08-09 11:34 - 2019-08-09 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-08-09 11:32 - 2019-08-09 11:45 - 000000000 ____D C:\AdwCleaner
2019-08-09 11:28 - 2019-08-09 11:28 - 000000000 ____D C:\Users\HP\AppData\Local\mbam
2019-08-09 11:27 - 2019-08-09 11:27 - 000000000 ____D C:\Users\HP\AppData\Local\mbamtray
2019-08-09 11:27 - 2019-08-09 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-09 11:27 - 2019-08-09 11:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-09 11:27 - 2019-08-09 11:27 - 000000000 ____D C:\Program Files\Malwarebytes
2019-08-09 11:27 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-08-09 11:21 - 2019-08-09 11:22 - 020638704 _____ (Piriform Software Ltd) C:\Users\HP\Downloads\ccsetup558.exe
2019-08-09 11:20 - 2019-08-09 11:20 - 003118464 _____ (Nicolas Coolman) C:\Users\HP\Downloads\ZHPCleaner.exe
2019-08-09 11:18 - 2019-08-09 11:18 - 007623880 _____ (Malwarebytes) C:\Users\HP\Downloads\adwcleaner_7.4.exe
2019-08-09 11:13 - 2019-08-09 11:15 - 064925856 _____ (Malwarebytes ) C:\Users\HP\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11912.exe
2019-08-08 18:25 - 2019-08-08 19:42 - 000000000 ____D C:\Users\HP\Desktop\musica
2019-08-08 14:54 - 2019-08-08 14:54 - 000002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-08 14:54 - 2019-08-08 14:54 - 000002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-08-08 14:52 - 2019-08-08 14:52 - 000003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-08-08 14:52 - 2019-08-08 14:52 - 000003342 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-08-07 20:31 - 2019-08-07 20:31 - 000003704 _____ C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn
2019-08-07 20:31 - 2019-08-07 20:31 - 000003264 _____ C:\Windows\System32\Tasks\EOSv3 Scheduler onTime
2019-08-07 19:40 - 2019-08-09 11:40 - 000000000 ____D C:\ProgramData\TmpLoog
2019-08-07 19:01 - 2019-08-08 12:40 - 000000787 _____ C:\Users\HP\Desktop\ESET Online Scanner.lnk
2019-08-07 19:01 - 2019-08-07 19:01 - 000000000 ____D C:\Users\HP\AppData\Local\ESET
2019-08-07 19:00 - 2019-08-07 19:00 - 007986200 _____ (ESET spol. s r.o.) C:\Users\HP\Downloads\esetonlinescanner_esl.exe
2019-08-07 18:51 - 2019-08-07 18:52 - 000000000 ____D C:\Users\HP\AppData\Local\Mail.Ru
2019-08-07 18:51 - 2019-08-07 18:51 - 000000000 ____D C:\Users\HP\AppData\Roaming\ugxjguppnkud
2019-08-07 18:50 - 2019-08-07 18:51 - 000000000 ____D C:\ProgramData\Mail.Ru
2019-08-06 17:37 - 2019-08-06 17:37 - 000000000 ____D C:\Users\HP\Documents\Plantillas personalizadas de Office
2019-08-06 17:17 - 2019-08-06 17:17 - 000032167 _____ C:\Users\HP\Downloads\P0172DXQCalcomania.pdf
2019-08-05 15:49 - 2019-08-05 15:49 - 000001504 _____ C:\Users\HP\Desktop\servidor - Acceso directo.lnk
2019-08-05 15:48 - 2019-08-05 15:48 - 000000000 ____D C:\Program Files (x86)\CIBER SIN PUBLICIDAD
2019-08-05 15:17 - 2019-08-05 15:17 - 000000000 _____ C:\Windows\EEventManager.INI
2019-08-05 15:09 - 2019-08-05 15:09 - 000025107 _____ C:\Users\HP\Documents\img20190805_15093008.pdf
2019-08-05 15:00 - 2019-08-05 15:00 - 000000000 ____D C:\Users\HP\AppData\Roaming\Leadertech
2019-08-05 14:51 - 2019-08-05 14:51 - 000002171 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2019-08-05 14:51 - 2019-08-05 14:51 - 000000000 ____D C:\ProgramData\UDL
2019-08-05 14:51 - 2019-08-05 14:51 - 000000000 ____D C:\ProgramData\Sony Corporation
2019-08-05 14:48 - 2019-08-05 15:10 - 000000000 ____D C:\Users\HP\AppData\Roaming\Epson
2019-08-05 14:47 - 2019-08-05 14:47 - 000000000 ____D C:\Program Files\EPSON
2019-08-05 14:46 - 2019-08-05 14:51 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-08-05 14:45 - 2019-08-05 14:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2019-08-05 14:45 - 2019-08-05 14:52 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2019-08-05 14:45 - 2019-08-05 14:45 - 000000000 ____D C:\Program Files\EpsonNet
2019-08-05 14:44 - 2019-08-09 14:44 - 000000911 _____ C:\Windows\Tasks\EPSON L5190 Series Update {589E4742-D55D-4CE5-8434-6EEAA4B4B524}.job
2019-08-05 14:44 - 2019-08-05 14:50 - 000000000 ____D C:\Program Files (x86)\epson
2019-08-05 14:44 - 2019-08-05 14:44 - 000003978 _____ C:\Windows\System32\Tasks\EPSON L5190 Series Update {589E4742-D55D-4CE5-8434-6EEAA4B4B524}
2019-08-05 14:44 - 2019-08-05 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2019-08-05 14:44 - 2019-08-05 14:44 - 000000000 ____D C:\Program Files\Common Files\EPSON
2019-08-05 14:44 - 2018-05-11 10:52 - 000147472 _____ (TWAIN Working Group) C:\Windows\SysWOW64\twaindsm.dll
2019-08-05 14:44 - 2018-05-11 10:51 - 000771072 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2u2.dll
2019-08-05 14:44 - 2018-05-11 10:51 - 000145224 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2019-08-05 14:43 - 2019-08-05 15:06 - 000000000 ____D C:\ProgramData\EPSON
2019-08-05 14:43 - 2017-07-14 04:13 - 000184832 _____ (Seiko Epson Corporation) C:\Windows\system32\E_YLMBURE.DLL
2019-08-05 14:43 - 2013-06-17 14:34 - 001795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2019-08-05 14:43 - 2013-06-17 14:34 - 001002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2019-08-05 14:43 - 2011-03-15 03:03 - 000083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BURE.DLL
2019-08-05 13:29 - 2011-02-23 15:11 - 000061440 _____ C:\Users\Public\Documents\instalador.exe
2019-08-05 13:28 - 2019-08-05 13:28 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-08-05 13:28 - 2019-08-05 13:28 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2019-07-25 22:10 - 2019-07-25 22:10 - 000000363 _____ C:\Users\HP\Equipo - Acceso directo.lnk
2019-07-25 22:10 - 2017-09-05 16:05 - 000001852 _____ C:\Users\HP\avast! Free Antivirus.lnk
2019-07-25 22:04 - 2019-08-07 18:51 - 000001060 _____ C:\Users\HP\ntuser.pol
2019-07-25 22:04 - 2019-08-07 18:51 - 000000814 __RSH C:\ProgramData\ntuser.pol
2019-07-25 22:01 - 2010-12-05 20:16 - 000090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-09 14:47 - 2009-07-13 22:45 - 000016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-08-09 14:47 - 2009-07-13 22:45 - 000016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-08-09 14:42 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\system32\NDF
2019-08-09 14:40 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-08-09 11:46 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2019-08-09 11:41 - 2017-09-05 07:59 - 000000000 ____D C:\Windows\Panther
2019-08-08 16:43 - 2018-12-05 15:10 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-08-08 16:43 - 2018-12-05 15:08 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-08 14:54 - 2018-02-07 16:18 - 000000000 ____D C:\Users\HP\AppData\Local\Google
2019-08-08 14:54 - 2018-02-07 16:17 - 000000000 ____D C:\Program Files (x86)\Google
2019-08-07 19:48 - 2019-02-01 08:54 - 000000000 ____D C:\Users\HP\Documents\Activador
2019-08-07 18:51 - 2017-09-05 15:06 - 000000000 ____D C:\Users\HP
2019-08-07 18:51 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2019-08-05 15:01 - 2009-07-13 23:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-08-04 18:58 - 2018-12-05 15:05 - 000000034 _____ C:\Windows\AvEmUpdate.ini
2019-08-04 17:58 - 2018-02-08 16:40 - 000004180 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-07-25 22:03 - 2009-07-13 21:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy

==================== Files in the root of some directories ================

2019-03-06 08:20 - 2019-03-06 08:20 - 000000000 _____ () C:\Users\HP\AppData\Local\{26707669-E821-41CF-A207-2467DC6D7246}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-05 14:26
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-08-2019 02
Ran by HP (09-08-2019 15:34:05)
Running from C:\Users\HP\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2017-09-05 21:06:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3539255387-4219119725-3613937337-500 - Administrator - Disabled)
HP (S-1-5-21-3539255387-4219119725-3613937337-1000 - Administrator - Enabled) => C:\Users\HP
Invitado (S-1-5-21-3539255387-4219119725-3613937337-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: avast! Antivirus (Disabled - Up to date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6597 - Acronis)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM-x32\...\avast5) (Version: 5.0.418.0 - Alwil Software)
Barra de búsqueda de Encarta (64 bits) (HKLM\...\{08144040-959A-4B0D-8825-2C533F0DDB19}) (Version: 1.0.0 - Microsoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
Desinstalar impresora EPSON L5190 Series (HKLM\...\EPSON L5190 Series) (Version:  - Seiko Epson Corporation)
Easy Photo Scan (HKLM-x32\...\{9C366320-A91D-423A-A6D5-38CB1A90CC47}) (Version: 1.00.0013 - Seiko Epson Corporation)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{71038C40-8258-44D2-BBF4-B6312338172C}) (Version: 2.8.3.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{6DBFDAF8-20AE-46AE-940E-4F769ACDF4BB}) (Version: 3.11.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.50.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.4 - Intel)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Encarta 2009 Biblioteca Premium (HKLM-x32\...\{09140081-2C94-4A67-8E55-8483C019C7D2}) (Version: 2009 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Nero 7 Premium (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Paquete de idioma de Microsoft .NET Framework 4.5 ESN (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50709 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7443 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3539255387-4219119725-3613937337-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\Windows\system32\igfxEM.exe" => No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2010-02-11] (ALWIL Software) [File not signed]
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG -> Nero AG)
ContextMenuHandlers1: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2010-12-20] (Acronis, Inc -> Acronis)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-01-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2010-02-11] (ALWIL Software) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2010-12-20] (Acronis, Inc -> Acronis)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-05 16:04 - 2010-02-11 12:40 - 000088064 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\3082\Base.dll
2017-09-05 16:04 - 2010-02-11 12:40 - 000155136 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\3082\UILangRes.dll
2017-09-05 16:04 - 2010-02-11 12:44 - 000195584 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
2017-09-05 16:04 - 2010-02-11 12:39 - 000041984 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
2017-09-05 16:04 - 2010-02-11 12:46 - 000012800 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\AhResBhv.dll
2017-09-05 16:04 - 2010-02-11 12:45 - 000040448 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\AhResMai.dll
2017-09-05 16:04 - 2010-02-11 12:45 - 000029184 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ahResMes.dll
2017-09-05 16:04 - 2010-02-11 12:45 - 000038400 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\AhResNS.dll
2017-09-05 16:04 - 2010-02-11 12:45 - 000030720 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ahResP2P.dll
2017-09-05 16:04 - 2010-02-11 12:45 - 000047616 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\AhResStd.dll
2017-09-05 16:04 - 2010-02-11 12:45 - 000048640 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\AhResWS.dll
2017-09-05 16:04 - 2010-02-11 12:42 - 000155136 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ashBase.dll
2017-09-05 16:04 - 2010-02-11 12:46 - 000895488 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll
2017-09-05 16:04 - 2010-02-11 12:46 - 000107008 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ashServ.dll
2017-09-05 16:04 - 2010-02-11 12:47 - 000080896 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ashShA64.dll
2017-09-05 16:04 - 2010-02-11 12:44 - 000100864 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ashTask.dll
2017-09-05 16:04 - 2010-02-11 12:45 - 000048640 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
2017-09-05 16:04 - 2010-02-11 12:45 - 000339456 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ashWebSv.dll
2017-09-05 16:04 - 2010-02-11 12:39 - 000669696 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswAux.dll
2017-09-05 16:04 - 2010-02-11 12:37 - 000198144 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll
2017-09-05 16:04 - 2010-02-11 12:37 - 000110080 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll
2017-09-05 16:04 - 2010-02-11 12:37 - 000079360 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll
2017-09-05 16:04 - 2010-02-11 12:46 - 000096768 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswData.dll
2017-09-05 16:04 - 2010-02-11 12:39 - 000034816 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
2017-09-05 16:04 - 2010-02-11 12:39 - 000005120 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswIdle.dll
2017-09-05 16:04 - 2010-02-11 12:44 - 000157696 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswLog.dll
2017-09-05 16:04 - 2010-02-11 12:43 - 000035840 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswProperty.dll
2017-09-05 16:04 - 2010-02-11 12:37 - 000387584 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
2017-09-05 16:04 - 2010-02-11 12:44 - 000015872 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswUtil.dll
2017-09-05 16:04 - 2010-02-11 12:39 - 001254400 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\CommonRes.dll
2003-03-19 07:14 - 2003-03-19 07:14 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCP71.dll
2003-02-21 15:42 - 2003-02-21 15:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCR71.dll
2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000096768 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000212992 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUADRFIL.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000282624 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCFG.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000446464 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCSR.DLL
2019-08-05 14:47 - 2018-08-07 01:00 - 000389120 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXLDB.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000536576 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXTIF.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000421888 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUIMGCDC.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000278528 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSTMMSG.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000065536 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000258048 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUVERDLG.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000069632 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll
2019-08-05 14:47 - 2018-08-06 10:00 - 000086016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
2019-08-05 14:47 - 2018-08-06 10:00 - 000090112 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll
2019-08-05 14:47 - 2018-08-06 10:00 - 000245760 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
2019-08-05 14:47 - 2018-08-06 10:00 - 000110592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll
2019-08-05 14:47 - 2018-08-06 10:00 - 000022016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
2019-08-05 14:47 - 2018-08-06 10:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000786432 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENCM.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000278528 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENNW.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000299008 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENUTIL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{2255594A-475B-4D00-998E-FBA2E3B8A07E}F:\programas\sdi_update\sdi_r166.exe] => (Allow) F:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [UDP Query User{35CAA506-CF68-45F8-B918-C44608314A3A}F:\programas\sdi_update\sdi_r166.exe] => (Allow) F:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [TCP Query User{C991CAA1-7791-4931-B342-F7FBCA6A05E2}E:\programas\sdi_update\sdi_r166.exe] => (Allow) E:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [UDP Query User{5995667D-BEC1-4684-A161-AE42DCF2E680}E:\programas\sdi_update\sdi_r166.exe] => (Allow) E:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [TCP Query User{FC2416CC-7F82-4CA3-B676-8A24D10F4019}D:\programas\sdi_update\sdi_r166.exe] => (Allow) D:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [UDP Query User{3DFEB26F-1FBB-4A55-81F1-2195B257E323}D:\programas\sdi_update\sdi_r166.exe] => (Allow) D:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [{C1658B94-329C-431A-B49F-59AA8E941B95}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A93FF824-C4DC-4552-B011-08B457F95B4F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CFB23CE7-B495-47F1-8ADB-9EFA13A1F8AB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AA0190AD-03B8-416F-BB3F-D1E5B11EAD67}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E71B3530-A43A-4600-AC9B-1A883BB85056}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{A46825F3-B03B-410A-8FCA-81908C82E82E}C:\program files (x86)\servidor\servidor.exe] => (Allow) C:\program files (x86)\servidor\servidor.exe No File
FirewallRules: [UDP Query User{23D29C6B-B44B-496D-B269-F2BE58C0BEAB}C:\program files (x86)\servidor\servidor.exe] => (Allow) C:\program files (x86)\servidor\servidor.exe No File
FirewallRules: [{CEFBF7C1-DFB3-4469-8193-7507D188448C}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{0C4A9E8F-CEE2-4C57-B7FB-F82EAA40760B}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{5658D879-E339-4516-AB00-B7A89D1C4A9D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

26-07-2019 00:35:41 Punto de control programado
05-08-2019 14:33:12 Punto de control programado
05-08-2019 14:47:29 Instalado FAX Utility
05-08-2019 14:48:32 Installed EPSON Scan OCR Component
05-08-2019 14:50:19 Installed EPSON Scan PDF Extensions
05-08-2019 14:50:33 Instalado Microsoft Visual C++ 2005 Redistributable
09-08-2019 12:12:17 ZHPcleaner

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2019 02:43:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: El valor de cadena de nombre del contador de rendimiento del Registro tiene un formato incorrecto. La cadena incorrecta es . El primer valor DWORD de la sección de datos contiene el valor del índice de la cadena incorrecta, mientras que el segundo y tercer valor DWORD de la sección de datos contienen los últimos valores del índice válidos.

Error: (08/09/2019 12:15:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamtray.exe, versión: 3.1.0.1838, marca de tiempo: 0x5d13b12f
Nombre del módulo con errores: Qt5Core.dll, versión: 5.11.1.0, marca de tiempo: 0x5cba0161
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0018dc19
Id. del proceso con errores: 0xe10
Hora de inicio de la aplicación con errores: 0x01d54eda9a61ebf9
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Id. del informe: 99942ac0-bad1-11e9-aa9e-1803731d8e67

Error: (08/09/2019 11:48:18 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: No se puede inicializar el índice.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/09/2019 11:48:18 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: No se puede inicializar la aplicación.

Contexto: aplicación Windows

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/09/2019 11:48:18 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: No se puede inicializar el objeto Recopilador.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/09/2019 11:48:18 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.TripoliIndexer>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	No se ha encontrado el elemento.  (HRESULT : 0x80070490) (0x80070490)

Error: (08/09/2019 11:48:17 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.JetPropStore>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/09/2019 11:48:17 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: El servicio Windows Search no puede cargar la información del almacén de propiedades.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	La base de datos del índice de contenido está dañada.  (HRESULT : 0xc0041800) (0xc0041800)


System errors:
=============
Error: (08/09/2019 02:43:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Adaptador de rendimiento de WMI se cerró con el siguiente error: 
Error no especificado

Error: (08/09/2019 02:40:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Service KMSELDI no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (08/09/2019 11:48:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (08/09/2019 11:48:19 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Windows Search se cerró con el error específico de servicio %%-1073473535.

Error: (08/09/2019 11:47:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Service KMSELDI no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (08/09/2019 11:46:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio debido a un error en el inicio de sesión.

Error: (08/09/2019 11:46:24 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: El servicio WMPNetworkSvc no se pudo iniciarse como NT AUTHORITY\NetworkService con la contraseña configurada actualmente debido al siguiente error: 
Solicitud no compatible.


Para asegurarse de que el servicio esté correctamente configurado, use el complemento Servicios en Microsoft Management Console (MMC).

Error: (08/09/2019 11:45:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.


==================== Memory info =========================== 

BIOS: Dell Inc. A15 07/17/2012
Motherboard: Dell Inc. 0D28YY
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 92%
Total physical RAM: 3977.06 MB
Available physical RAM: 299.97 MB
Total Virtual: 7952.32 MB
Available Virtual: 3507.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.73 GB) (Free:197.33 GB) NTFS

\\?\Volume{3200971a-927d-11e7-8b01-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.8 GB) (Disk ID: 8AEA5D6C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Hola @Rodvi_Julio

Ejecutaste FRST desde un lugar incorrecto:

  • Running from C:\Users\HP\Downloads

Corta el ejecutable y pegalo en tu escritorio <<< Esto es Muy Importante.

Luego sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\...\MountPoints2: {23065974-0e71-11e8-873a-e839353b2500} - D:\HiSuiteDownLoader.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0B3F996D-9911-4ED1-8B0A-2288510F03CC} - System32\Tasks\{DA4915D0-6287-4810-8ED2-05C428DA9832} => C:\Windows\system32\pcalua.exe -a "E:\programas\nero7\N_ro 7 Pr_mi_um.exe" -d E:\programas\nero7
Task: {96049555-6354-4413-B94E-40689747ECB7} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\HP\Downloads\esetonlinescanner_esl.exe [7986200 2019-08-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {E3A7B2B6-9D0D-4FD4-A0A3-543850AC5A68} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\HP\Downloads\esetonlinescanner_esl.exe [7986200 2019-08-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-xl/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3539255387-4219119725-3613937337-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate\Transfer\DriverInstall.exe" [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-08-07 19:01 - 2019-08-08 12:40 - 000000787 _____ C:\Users\HP\Desktop\ESET Online Scanner.lnk
2019-08-07 19:01 - 2019-08-07 19:01 - 000000000 ____D C:\Users\HP\AppData\Local\ESET
2019-08-07 19:00 - 2019-08-07 19:00 - 007986200 _____ (ESET spol. s r.o.) C:\Users\HP\Downloads\esetonlinescanner_esl.exe
2019-08-07 18:51 - 2019-08-07 18:52 - 000000000 ____D C:\Users\HP\AppData\Local\Mail.Ru
2019-08-07 18:51 - 2019-08-07 18:51 - 000000000 ____D C:\Users\HP\AppData\Roaming\ugxjguppnkud
2019-08-07 18:50 - 2019-08-07 18:51 - 000000000 ____D C:\ProgramData\Mail.Ru
CustomCLSID: HKU\S-1-5-21-3539255387-4219119725-3613937337-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\Windows\system32\igfxEM.exe" => No File
FirewallRules: [TCP Query User{2255594A-475B-4D00-998E-FBA2E3B8A07E}F:\programas\sdi_update\sdi_r166.exe] => (Allow) F:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [UDP Query User{35CAA506-CF68-45F8-B918-C44608314A3A}F:\programas\sdi_update\sdi_r166.exe] => (Allow) F:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [TCP Query User{C991CAA1-7791-4931-B342-F7FBCA6A05E2}E:\programas\sdi_update\sdi_r166.exe] => (Allow) E:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [UDP Query User{5995667D-BEC1-4684-A161-AE42DCF2E680}E:\programas\sdi_update\sdi_r166.exe] => (Allow) E:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [TCP Query User{FC2416CC-7F82-4CA3-B676-8A24D10F4019}D:\programas\sdi_update\sdi_r166.exe] => (Allow) D:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [UDP Query User{3DFEB26F-1FBB-4A55-81F1-2195B257E323}D:\programas\sdi_update\sdi_r166.exe] => (Allow) D:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [TCP Query User{A46825F3-B03B-410A-8FCA-81908C82E82E}C:\program files (x86)\servidor\servidor.exe] => (Allow) C:\program files (x86)\servidor\servidor.exe No File
FirewallRules: [UDP Query User{23D29C6B-B44B-496D-B269-F2BE58C0BEAB}C:\program files (x86)\servidor\servidor.exe] => (Allow) C:\program files (x86)\servidor\servidor.exe No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-08-2019 02
Ran by HP (09-08-2019 16:42:19) Run:1
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available Profiles: HP)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\...\MountPoints2: {23065974-0e71-11e8-873a-e839353b2500} - D:\HiSuiteDownLoader.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0B3F996D-9911-4ED1-8B0A-2288510F03CC} - System32\Tasks\{DA4915D0-6287-4810-8ED2-05C428DA9832} => C:\Windows\system32\pcalua.exe -a "E:\programas\nero7\N_ro 7 Pr_mi_um.exe" -d E:\programas\nero7
Task: {96049555-6354-4413-B94E-40689747ECB7} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\HP\Downloads\esetonlinescanner_esl.exe [7986200 2019-08-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {E3A7B2B6-9D0D-4FD4-A0A3-543850AC5A68} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\HP\Downloads\esetonlinescanner_esl.exe [7986200 2019-08-07] (ESET, spol. s r.o. -> ESET spol. s r.o.)
HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-xl/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3539255387-4219119725-3613937337-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate\Transfer\DriverInstall.exe" [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-08-07 19:01 - 2019-08-08 12:40 - 000000787 _____ C:\Users\HP\Desktop\ESET Online Scanner.lnk
2019-08-07 19:01 - 2019-08-07 19:01 - 000000000 ____D C:\Users\HP\AppData\Local\ESET
2019-08-07 19:00 - 2019-08-07 19:00 - 007986200 _____ (ESET spol. s r.o.) C:\Users\HP\Downloads\esetonlinescanner_esl.exe
2019-08-07 18:51 - 2019-08-07 18:52 - 000000000 ____D C:\Users\HP\AppData\Local\Mail.Ru
2019-08-07 18:51 - 2019-08-07 18:51 - 000000000 ____D C:\Users\HP\AppData\Roaming\ugxjguppnkud
2019-08-07 18:50 - 2019-08-07 18:51 - 000000000 ____D C:\ProgramData\Mail.Ru
CustomCLSID: HKU\S-1-5-21-3539255387-4219119725-3613937337-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\Windows\system32\igfxEM.exe" => No File
FirewallRules: [TCP Query User{2255594A-475B-4D00-998E-FBA2E3B8A07E}F:\programas\sdi_update\sdi_r166.exe] => (Allow) F:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [UDP Query User{35CAA506-CF68-45F8-B918-C44608314A3A}F:\programas\sdi_update\sdi_r166.exe] => (Allow) F:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [TCP Query User{C991CAA1-7791-4931-B342-F7FBCA6A05E2}E:\programas\sdi_update\sdi_r166.exe] => (Allow) E:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [UDP Query User{5995667D-BEC1-4684-A161-AE42DCF2E680}E:\programas\sdi_update\sdi_r166.exe] => (Allow) E:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [TCP Query User{FC2416CC-7F82-4CA3-B676-8A24D10F4019}D:\programas\sdi_update\sdi_r166.exe] => (Allow) D:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [UDP Query User{3DFEB26F-1FBB-4A55-81F1-2195B257E323}D:\programas\sdi_update\sdi_r166.exe] => (Allow) D:\programas\sdi_update\sdi_r166.exe No File
FirewallRules: [TCP Query User{A46825F3-B03B-410A-8FCA-81908C82E82E}C:\program files (x86)\servidor\servidor.exe] => (Allow) C:\program files (x86)\servidor\servidor.exe No File
FirewallRules: [UDP Query User{23D29C6B-B44B-496D-B269-F2BE58C0BEAB}C:\program files (x86)\servidor\servidor.exe] => (Allow) C:\program files (x86)\servidor\servidor.exe No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23065974-0e71-11e8-873a-e839353b2500} => removed successfully
HKLM\Software\Classes\CLSID\{23065974-0e71-11e8-873a-e839353b2500} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B3F996D-9911-4ED1-8B0A-2288510F03CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B3F996D-9911-4ED1-8B0A-2288510F03CC}" => removed successfully
C:\Windows\System32\Tasks\{DA4915D0-6287-4810-8ED2-05C428DA9832} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DA4915D0-6287-4810-8ED2-05C428DA9832}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{96049555-6354-4413-B94E-40689747ECB7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96049555-6354-4413-B94E-40689747ECB7}" => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3A7B2B6-9D0D-4FD4-A0A3-543850AC5A68}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3A7B2B6-9D0D-4FD4-A0A3-543850AC5A68}" => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache" => removed successfully
"HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
HKLM\System\CurrentControlSet\Services\Service KMSELDI => removed successfully
Service KMSELDI => service removed successfully
HKLM\System\CurrentControlSet\Services\WsDrvInst => removed successfully
WsDrvInst => service removed successfully
HKLM\System\CurrentControlSet\Services\Synth3dVsc => removed successfully
Synth3dVsc => service removed successfully
HKLM\System\CurrentControlSet\Services\tsusbhub => removed successfully
tsusbhub => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
C:\Users\HP\Desktop\ESET Online Scanner.lnk => moved successfully
C:\Users\HP\AppData\Local\ESET => moved successfully
C:\Users\HP\Downloads\esetonlinescanner_esl.exe => moved successfully
C:\Users\HP\AppData\Local\Mail.Ru => moved successfully
C:\Users\HP\AppData\Roaming\ugxjguppnkud => moved successfully
C:\ProgramData\Mail.Ru => moved successfully
HKU\S-1-5-21-3539255387-4219119725-3613937337-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2255594A-475B-4D00-998E-FBA2E3B8A07E}F:\programas\sdi_update\sdi_r166.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{35CAA506-CF68-45F8-B918-C44608314A3A}F:\programas\sdi_update\sdi_r166.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C991CAA1-7791-4931-B342-F7FBCA6A05E2}E:\programas\sdi_update\sdi_r166.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5995667D-BEC1-4684-A161-AE42DCF2E680}E:\programas\sdi_update\sdi_r166.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FC2416CC-7F82-4CA3-B676-8A24D10F4019}D:\programas\sdi_update\sdi_r166.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3DFEB26F-1FBB-4A55-81F1-2195B257E323}D:\programas\sdi_update\sdi_r166.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A46825F3-B03B-410A-8FCA-81908C82E82E}C:\program files (x86)\servidor\servidor.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{23D29C6B-B44B-496D-B269-F2BE58C0BEAB}C:\program files (x86)\servidor\servidor.exe" => removed successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local 14:

   Sufijo DNS espec¡fico para la conexi¢n. . : claro.local
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.9
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11479072 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 10105547 B
Edge => 0 B
Chrome => 51649923 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 49575 B
systemprofile32 => 66228 B
LocalService => 132244 B
NetworkService => 33125 B
HP => 89577995 B

RecycleBin => 0 B
EmptyTemp: => 163.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:42:50 ====

Hola @Rodvi_Julio

Prueba el equipo, reinicia un par de veces y vuelves a comentar como sigue el problema.

Salu2

Hola, gracias por toda la ayuda, la Pc está bien, solo aparece un bloc de notas con un menaje extraño cada vez que se inicia

Hola @Rodvi_Julio

Puedes subirme una imagen?

Salu2

1 me gusta

Hola @Rodvi_Julio

Ejecuta nuevamente FRST tal cual ya lo hiciste la primera vez y coloca sus nuevos reportes.

Salu2

1 me gusta
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2019
Ran by HP (administrator) on SERVIDOR (Dell Inc. OptiPlex 790) (18-08-2019 14:38:09)
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available Profiles: HP)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\CIBER SIN PUBLICIDAD\C de C sin Publicidad by CM26\SERVIDOR\servidor.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ALWIL Software -> ALWIL Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(ALWIL Software -> ALWIL Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13874392 2015-01-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Servicio de Acronis Scheduler2 ] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [390640 2010-12-20] (Acronis, Inc -> Acronis)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-01-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2568016 2010-11-16] (Acronis, Inc -> Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5575432 2010-12-20] (Acronis, Inc -> Acronis)
HKLM-x32\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [2756488 2010-02-11] (ALWIL Software -> ALWIL Software)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1308456 2018-06-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [665568 2018-08-07] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [870368 2018-08-07] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG -> Nero AG)
HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIURE.EXE [416896 2017-09-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-08] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {131358A7-F267-4BA2-988B-670DB2327F08} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {2E170E1E-3134-423D-B678-7096E74AB775} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {41702A56-104B-41BD-BC51-B5BF7D94651E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2047368 2019-08-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {69DBE120-5DE4-4766-A486-FD67ABEDBE04} - System32\Tasks\EPSON L5190 Series Update {589E4742-D55D-4CE5-8434-6EEAA4B4B524} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSURE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {9023647A-A48E-4D8D-BE7D-8CEB06F82769} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {99591CFB-90EF-4220-A8D8-754CD5B86472} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-08] (Google Inc -> Google LLC)
Task: {A3708798-9ED3-49CF-97D8-A94BC070D3AB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A5899ED3-52BC-44F5-B7D4-E91276FFD013} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC800750-EA24-41F6-9E54-8E8127EAC1E1} - System32\Tasks\Avast Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2421864 2018-02-08] (AVAST Software s.r.o. -> AVAST Software)
Task: {BAA18EA5-399F-41BE-975B-18657066151C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-08] (Google Inc -> Google LLC)
Task: {D95B3A67-E523-4E84-891B-7C788D0DD799} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {E9F0FEFE-20A2-4BE0-AAA8-791063049805} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON L5190 Series Update {589E4742-D55D-4CE5-8434-6EEAA4B4B524}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSURE.EXE:/EXE:{589E4742-D55D-4CE5-8434-6EEAA4B4B524} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{87B6CE03-0297-4D43-8E66-E04B290FC976}: [DhcpNameServer] 10.7.255.102 10.8.255.101
Tcpip\..\Interfaces\{BFD9500F-151C-4320-ABCF-D16EF0D92A98}: [DhcpNameServer] 10.7.255.102 10.8.255.101
Tcpip\..\Interfaces\{FFEF3A9C-133E-45A0-AF99-25D67F4F46C7}: [NameServer] 192.168.1.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-08] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-08] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2019-08-18]
CHR Extension: (Presentaciones) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-08]
CHR Extension: (Documentos) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-08]
CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-08]
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-08]
CHR Extension: (Adobe Acrobat) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-08-15]
CHR Extension: (Hojas de cálculo) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-08]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-08]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-08-08]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-08]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-02-11] (ALWIL Software -> ALWIL Software)
R3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-02-11] (ALWIL Software -> ALWIL Software)
R3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-02-11] (ALWIL Software -> ALWIL Software)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [678328 2018-06-11] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2018-05-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2017-09-05] () [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG -> Nero AG)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2014-12-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [22096 2010-02-11] (ALWIL Software -> ALWIL Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [63568 2010-02-11] (ALWIL Software -> ALWIL Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-02-11] (ALWIL Software -> ALWIL Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [120912 2010-02-11] (ALWIL Software -> ALWIL Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-02-11] (ALWIL Software -> ALWIL Software)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [5020672 2009-07-13] (Microsoft Windows -> ATI Technologies Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-18 14:38 - 2019-08-18 14:39 - 000018814 _____ C:\Users\HP\Desktop\FRST.txt
2019-08-18 14:37 - 2019-08-18 14:37 - 000000000 ____D C:\Users\HP\Desktop\FRST-OlderVersion
2019-08-18 14:33 - 2019-08-18 14:33 - 000000000 ____D C:\Users\HP\AppData\Local\CEF
2019-08-18 14:30 - 2019-08-18 14:33 - 000000000 ____D C:\Users\HP\AppData\Roaming\.minecraft
2019-08-18 14:30 - 2019-08-18 14:33 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2019-08-18 14:30 - 2019-08-18 14:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2019-08-18 14:29 - 2019-08-18 14:29 - 002281472 _____ C:\Users\HP\Downloads\MinecraftInstaller.msi
2019-08-18 14:29 - 2019-08-18 14:29 - 002281472 _____ C:\Users\HP\Downloads\MinecraftInstaller (1).msi
2019-08-14 20:35 - 2019-08-14 20:35 - 000004096 _____ C:\20190814_200957 - Acceso directo.lnk
2019-08-14 19:46 - 2019-08-14 19:46 - 000102653 _____ C:\Users\HP\Downloads\WhatsApp Image 2019-08-14 at 7.44.42 PM (1).jpeg
2019-08-14 19:45 - 2019-08-14 19:45 - 000102653 _____ C:\Users\HP\Downloads\WhatsApp Image 2019-08-14 at 7.44.42 PM.jpeg
2019-08-14 17:49 - 2019-08-14 17:49 - 000144937 _____ C:\Users\HP\Downloads\Beechtown sports club.pdf
2019-08-12 20:21 - 2019-08-12 20:22 - 007924907 _____ C:\Users\HP\Downloads\BGN00CD-0_303_1947126100000000410.pdf
2019-08-09 16:42 - 2019-08-09 16:42 - 000013356 _____ C:\Users\HP\Desktop\Fixlog.txt
2019-08-09 16:36 - 2019-08-09 16:36 - 000000254 _____ C:\Users\HP\Desktop\DelFix.txt
2019-08-09 16:35 - 2019-08-09 16:35 - 000000254 _____ C:\DelFix.txt
2019-08-09 16:35 - 2019-08-09 16:35 - 000000000 ____D C:\Windows\ERUNT
2019-08-09 16:28 - 2019-08-09 16:28 - 000797760 _____ C:\Users\HP\Desktop\delfix.exe
2019-08-09 15:34 - 2019-08-09 15:36 - 000029685 _____ C:\Users\HP\Downloads\Addition.txt
2019-08-09 15:32 - 2019-08-18 14:38 - 000000000 ____D C:\FRST
2019-08-09 15:32 - 2019-08-09 15:36 - 000031839 _____ C:\Users\HP\Downloads\FRST.txt
2019-08-09 15:31 - 2019-08-18 14:37 - 001612800 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2019-08-09 15:16 - 2019-08-09 15:16 - 000000000 ____D C:\Users\HP\Desktop\otros
2019-08-09 14:42 - 2019-08-09 14:42 - 000000000 ____D C:\Users\HP\AppData\Local\ElevatedDiagnostics
2019-08-09 11:36 - 2019-08-09 11:37 - 020891464 _____ (Piriform Software Ltd) C:\Users\HP\Downloads\ccsetup560.exe
2019-08-09 11:35 - 2019-08-18 10:18 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-08-09 11:35 - 2019-08-09 11:35 - 000002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-08-09 11:34 - 2019-08-09 12:12 - 000000000 ____D C:\Users\HP\AppData\Roaming\ZHP
2019-08-09 11:34 - 2019-08-09 11:35 - 000000000 ____D C:\Program Files\CCleaner
2019-08-09 11:34 - 2019-08-09 11:34 - 000000000 ____D C:\Users\HP\AppData\Local\ZHP
2019-08-09 11:34 - 2019-08-09 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-08-09 11:32 - 2019-08-09 11:45 - 000000000 ____D C:\AdwCleaner
2019-08-09 11:28 - 2019-08-09 11:28 - 000000000 ____D C:\Users\HP\AppData\Local\mbam
2019-08-09 11:27 - 2019-08-09 11:27 - 000000000 ____D C:\Users\HP\AppData\Local\mbamtray
2019-08-09 11:27 - 2019-08-09 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-09 11:27 - 2019-08-09 11:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-09 11:27 - 2019-08-09 11:27 - 000000000 ____D C:\Program Files\Malwarebytes
2019-08-09 11:27 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-08-09 11:21 - 2019-08-09 11:22 - 020638704 _____ (Piriform Software Ltd) C:\Users\HP\Downloads\ccsetup558.exe
2019-08-09 11:20 - 2019-08-09 11:20 - 003118464 _____ (Nicolas Coolman) C:\Users\HP\Downloads\ZHPCleaner.exe
2019-08-09 11:18 - 2019-08-09 11:18 - 007623880 _____ (Malwarebytes) C:\Users\HP\Downloads\adwcleaner_7.4.exe
2019-08-09 11:13 - 2019-08-09 11:15 - 064925856 _____ (Malwarebytes ) C:\Users\HP\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11912.exe
2019-08-08 18:25 - 2019-08-08 19:42 - 000000000 ____D C:\Users\HP\Desktop\musica
2019-08-08 14:54 - 2019-08-08 14:54 - 000002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-08 14:54 - 2019-08-08 14:54 - 000002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-08-08 14:52 - 2019-08-08 14:52 - 000003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-08-08 14:52 - 2019-08-08 14:52 - 000003342 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-08-07 19:40 - 2019-08-09 11:40 - 000000000 ____D C:\ProgramData\TmpLoog
2019-08-06 17:37 - 2019-08-06 17:37 - 000000000 ____D C:\Users\HP\Documents\Plantillas personalizadas de Office
2019-08-06 17:17 - 2019-08-06 17:17 - 000032167 _____ C:\Users\HP\Downloads\P0172DXQCalcomania.pdf
2019-08-05 15:49 - 2019-08-05 15:49 - 000001504 _____ C:\Users\HP\Desktop\servidor - Acceso directo.lnk
2019-08-05 15:48 - 2019-08-05 15:48 - 000000000 ____D C:\Program Files (x86)\CIBER SIN PUBLICIDAD
2019-08-05 15:17 - 2019-08-05 15:17 - 000000000 _____ C:\Windows\EEventManager.INI
2019-08-05 15:09 - 2019-08-05 15:09 - 000025107 _____ C:\Users\HP\Documents\img20190805_15093008.pdf
2019-08-05 15:00 - 2019-08-05 15:00 - 000000000 ____D C:\Users\HP\AppData\Roaming\Leadertech
2019-08-05 14:51 - 2019-08-05 14:51 - 000002171 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2019-08-05 14:51 - 2019-08-05 14:51 - 000000000 ____D C:\ProgramData\UDL
2019-08-05 14:51 - 2019-08-05 14:51 - 000000000 ____D C:\ProgramData\Sony Corporation
2019-08-05 14:48 - 2019-08-05 15:10 - 000000000 ____D C:\Users\HP\AppData\Roaming\Epson
2019-08-05 14:47 - 2019-08-05 14:47 - 000000000 ____D C:\Program Files\EPSON
2019-08-05 14:46 - 2019-08-05 14:51 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-08-05 14:45 - 2019-08-05 14:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2019-08-05 14:45 - 2019-08-05 14:52 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2019-08-05 14:45 - 2019-08-05 14:45 - 000000000 ____D C:\Program Files\EpsonNet
2019-08-05 14:44 - 2019-08-18 13:44 - 000000911 _____ C:\Windows\Tasks\EPSON L5190 Series Update {589E4742-D55D-4CE5-8434-6EEAA4B4B524}.job
2019-08-05 14:44 - 2019-08-05 14:50 - 000000000 ____D C:\Program Files (x86)\epson
2019-08-05 14:44 - 2019-08-05 14:44 - 000003978 _____ C:\Windows\System32\Tasks\EPSON L5190 Series Update {589E4742-D55D-4CE5-8434-6EEAA4B4B524}
2019-08-05 14:44 - 2019-08-05 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2019-08-05 14:44 - 2019-08-05 14:44 - 000000000 ____D C:\Program Files\Common Files\EPSON
2019-08-05 14:44 - 2018-05-11 10:52 - 000147472 _____ (TWAIN Working Group) C:\Windows\SysWOW64\twaindsm.dll
2019-08-05 14:44 - 2018-05-11 10:51 - 000771072 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2u2.dll
2019-08-05 14:44 - 2018-05-11 10:51 - 000145224 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2019-08-05 14:43 - 2019-08-05 15:06 - 000000000 ____D C:\ProgramData\EPSON
2019-08-05 14:43 - 2017-07-14 04:13 - 000184832 _____ (Seiko Epson Corporation) C:\Windows\system32\E_YLMBURE.DLL
2019-08-05 14:43 - 2013-06-17 14:34 - 001795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2019-08-05 14:43 - 2013-06-17 14:34 - 001002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2019-08-05 14:43 - 2011-03-15 03:03 - 000083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BURE.DLL
2019-08-05 13:28 - 2019-08-05 13:28 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-08-05 13:28 - 2019-08-05 13:28 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2019-07-25 22:10 - 2019-07-25 22:10 - 000000363 _____ C:\Users\HP\Equipo - Acceso directo.lnk
2019-07-25 22:10 - 2017-09-05 16:05 - 000001852 _____ C:\Users\HP\avast! Free Antivirus.lnk
2019-07-25 22:04 - 2019-08-09 16:45 - 000000008 __RSH C:\Users\HP\ntuser.pol
2019-07-25 22:04 - 2019-08-09 16:45 - 000000008 __RSH C:\ProgramData\ntuser.pol
2019-07-25 22:01 - 2010-12-05 20:16 - 000090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-18 10:49 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\system32\NDF
2019-08-18 10:18 - 2018-02-08 16:40 - 000004180 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-08-18 10:17 - 2009-07-13 22:45 - 000016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-08-18 10:17 - 2009-07-13 22:45 - 000016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-08-18 10:09 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-08-15 10:28 - 2018-12-05 15:10 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-08-15 10:27 - 2018-12-05 15:08 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-11 11:41 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2019-08-09 16:45 - 2017-09-05 15:06 - 000000000 ____D C:\Users\HP
2019-08-09 16:42 - 2009-07-13 21:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-08-09 16:42 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2019-08-09 11:41 - 2017-09-05 07:59 - 000000000 ____D C:\Windows\Panther
2019-08-08 14:54 - 2018-02-07 16:18 - 000000000 ____D C:\Users\HP\AppData\Local\Google
2019-08-08 14:54 - 2018-02-07 16:17 - 000000000 ____D C:\Program Files (x86)\Google
2019-08-07 19:48 - 2019-02-01 08:54 - 000000000 ____D C:\Users\HP\Documents\Activador
2019-08-05 15:01 - 2009-07-13 23:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-08-04 18:58 - 2018-12-05 15:05 - 000000034 _____ C:\Windows\AvEmUpdate.ini

==================== Files in the root of some directories ================

2019-03-06 08:20 - 2019-03-06 08:20 - 000000000 _____ () C:\Users\HP\AppData\Local\{26707669-E821-41CF-A207-2467DC6D7246}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-11 13:02
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by HP (18-08-2019 14:40:36)
Running from C:\Users\HP\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2017-09-05 21:06:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3539255387-4219119725-3613937337-500 - Administrator - Disabled)
HP (S-1-5-21-3539255387-4219119725-3613937337-1000 - Administrator - Enabled) => C:\Users\HP
Invitado (S-1-5-21-3539255387-4219119725-3613937337-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: avast! Antivirus (Enabled - Up to date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6597 - Acronis)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20036 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM-x32\...\avast5) (Version: 5.0.418.0 - Alwil Software)
Barra de búsqueda de Encarta (64 bits) (HKLM\...\{08144040-959A-4B0D-8825-2C533F0DDB19}) (Version: 1.0.0 - Microsoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
Desinstalar impresora EPSON L5190 Series (HKLM\...\EPSON L5190 Series) (Version:  - Seiko Epson Corporation)
Easy Photo Scan (HKLM-x32\...\{9C366320-A91D-423A-A6D5-38CB1A90CC47}) (Version: 1.00.0013 - Seiko Epson Corporation)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{71038C40-8258-44D2-BBF4-B6312338172C}) (Version: 2.8.3.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{6DBFDAF8-20AE-46AE-940E-4F769ACDF4BB}) (Version: 3.11.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.50.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.4 - Intel)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Encarta 2009 Biblioteca Premium (HKLM-x32\...\{09140081-2C94-4A67-8E55-8483C019C7D2}) (Version: 2009 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{CFF44AE9-2908-4D7D-B48B-1CB5139015C7}) (Version: 1.0.0.0 - Mojang)
Nero 7 Premium (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Paquete de idioma de Microsoft .NET Framework 4.5 ESN (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50709 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7443 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2010-02-11] (ALWIL Software) [File not signed]
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG -> Nero AG)
ContextMenuHandlers1: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2010-12-20] (Acronis, Inc -> Acronis)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-01-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2010-02-11] (ALWIL Software) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2010-12-20] (Acronis, Inc -> Acronis)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-05 16:04 - 2010-02-11 12:40 - 000088064 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\3082\Base.dll
2017-09-05 16:04 - 2010-02-11 12:40 - 000155136 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\3082\UILangRes.dll
2017-09-05 16:04 - 2010-02-11 12:44 - 000195584 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
2017-09-05 16:04 - 2010-02-11 12:39 - 000041984 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
2017-09-05 16:04 - 2010-02-11 12:46 - 000012800 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\AhResBhv.dll
2017-09-05 16:04 - 2010-02-11 12:45 - 000040448 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\AhResMai.dll
2017-09-05 16:04 - 2010-02-11 12:45 - 000029184 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ahResMes.dll
2017-09-05 16:04 - 2010-02-11 12:45 - 000038400 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\AhResNS.dll
2017-09-05 16:04 - 2010-02-11 12:45 - 000030720 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ahResP2P.dll
2017-09-05 16:04 - 2010-02-11 12:45 - 000047616 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\AhResStd.dll
2017-09-05 16:04 - 2010-02-11 12:45 - 000048640 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\AhResWS.dll
2017-09-05 16:04 - 2010-02-11 12:42 - 000155136 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ashBase.dll
2017-09-05 16:04 - 2010-02-11 12:46 - 000895488 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll
2017-09-05 16:04 - 2010-02-11 12:46 - 000107008 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ashServ.dll
2017-09-05 16:04 - 2010-02-11 12:47 - 000080896 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ashShA64.dll
2017-09-05 16:04 - 2010-02-11 12:44 - 000100864 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ashTask.dll
2017-09-05 16:04 - 2010-02-11 12:45 - 000048640 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
2017-09-05 16:04 - 2010-02-11 12:45 - 000339456 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\ashWebSv.dll
2017-09-05 16:04 - 2010-02-11 12:39 - 000669696 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswAux.dll
2017-09-05 16:04 - 2010-02-11 12:37 - 000198144 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll
2017-09-05 16:04 - 2010-02-11 12:37 - 000110080 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll
2017-09-05 16:04 - 2010-02-11 12:37 - 000079360 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll
2017-09-05 16:04 - 2010-02-11 12:46 - 000096768 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswData.dll
2017-09-05 16:04 - 2010-02-11 12:39 - 000034816 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
2017-09-05 16:04 - 2010-02-11 12:39 - 000005120 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswIdle.dll
2017-09-05 16:04 - 2010-02-11 12:44 - 000157696 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswLog.dll
2017-09-05 16:04 - 2010-02-11 12:43 - 000035840 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswProperty.dll
2017-09-05 16:04 - 2010-02-11 12:37 - 000387584 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
2017-09-05 16:04 - 2010-02-11 12:44 - 000015872 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\aswUtil.dll
2017-09-05 16:04 - 2010-02-11 12:39 - 001254400 _____ (ALWIL Software) [File not signed] C:\Program Files\Alwil Software\Avast5\CommonRes.dll
2003-03-19 07:14 - 2003-03-19 07:14 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCP71.dll
2003-02-21 15:42 - 2003-02-21 15:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCR71.dll
2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000096768 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000212992 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUADRFIL.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000282624 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCFG.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000446464 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCSR.DLL
2019-08-05 14:47 - 2018-08-07 01:00 - 000389120 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXLDB.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000536576 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXTIF.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000421888 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUIMGCDC.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000278528 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSTMMSG.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000065536 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000258048 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUVERDLG.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000069632 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRNSYS.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll
2019-08-05 14:47 - 2018-08-06 10:00 - 000086016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
2019-08-05 14:47 - 2018-08-06 10:00 - 000090112 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll
2019-08-05 14:47 - 2018-08-06 10:00 - 000245760 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
2019-08-05 14:47 - 2018-08-06 10:00 - 000110592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll
2019-08-05 14:47 - 2018-08-06 10:00 - 000022016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
2019-08-05 14:47 - 2018-08-06 10:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000786432 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENCM.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000278528 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENNW.dll
2019-08-05 14:47 - 2018-08-07 01:00 - 000299008 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENUTIL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2019-08-09 16:42 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{A76B2AB6-4F81-4AE6-BD7D-8946F53F76AD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [UDP Query User{E342DE28-3B63-4472-8DB3-9F4F97352E4E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [TCP Query User{D0711A43-DD38-4295-AD43-2B242635B983}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [UDP Query User{9EA5D078-D78D-4D2A-AF46-226C09FE2659}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [TCP Query User{954243BF-1CF7-4FFA-9CA2-5CE8431F8FB9}C:\program files (x86)\ciber sin publicidad\c de c sin publicidad by cm26\servidor\servidor.exe] => (Allow) C:\program files (x86)\ciber sin publicidad\c de c sin publicidad by cm26\servidor\servidor.exe () [File not signed]
FirewallRules: [UDP Query User{414E1EDD-306A-4152-AD28-96B4E6094717}C:\program files (x86)\ciber sin publicidad\c de c sin publicidad by cm26\servidor\servidor.exe] => (Allow) C:\program files (x86)\ciber sin publicidad\c de c sin publicidad by cm26\servidor\servidor.exe () [File not signed]
FirewallRules: [TCP Query User{6F255CF1-763D-4D83-9846-55E44D5ADEB3}C:\program files (x86)\ciber sin publicidad\c de c sin publicidad by cm26\servidor\servidor.exe] => (Allow) C:\program files (x86)\ciber sin publicidad\c de c sin publicidad by cm26\servidor\servidor.exe () [File not signed]
FirewallRules: [UDP Query User{69463E29-C4F7-499D-9D0E-3E6290655AFA}C:\program files (x86)\ciber sin publicidad\c de c sin publicidad by cm26\servidor\servidor.exe] => (Allow) C:\program files (x86)\ciber sin publicidad\c de c sin publicidad by cm26\servidor\servidor.exe () [File not signed]

==================== Restore Points =========================

26-07-2019 00:35:41 Punto de control programado
05-08-2019 14:33:12 Punto de control programado
05-08-2019 14:47:29 Instalado FAX Utility
05-08-2019 14:48:32 Installed EPSON Scan OCR Component
05-08-2019 14:50:19 Installed EPSON Scan PDF Extensions
05-08-2019 14:50:33 Instalado Microsoft Visual C++ 2005 Redistributable
09-08-2019 12:12:17 ZHPcleaner
09-08-2019 16:42:20 Restore Point Created by FRST
18-08-2019 12:01:49 Punto de control programado
18-08-2019 14:29:59 Installed Minecraft Launcher

==================== Faulty Device Manager Devices =============

Name: Mouse compatible PS/2
Description: Mouse compatible PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teclado PS/2 estándar
Description: Teclado PS/2 estándar
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Teclados estándar)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2019 02:33:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: El valor de cadena de nombre del contador de rendimiento del Registro tiene un formato incorrecto. La cadena incorrecta es . El primer valor DWORD de la sección de datos contiene el valor del índice de la cadena incorrecta, mientras que el segundo y tercer valor DWORD de la sección de datos contienen los últimos valores del índice válidos.

Error: (08/18/2019 02:33:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MinecraftLauncher.exe, versión: 1.0.1.0, marca de tiempo: 0x5d2dd613
Nombre del módulo con errores: libcef.dll_unloaded, versión: 0.0.0.0, marca de tiempo: 0x59cf4a2a
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x692dcf67
Id. del proceso con errores: 0xa38
Hora de inicio de la aplicación con errores: 0x01d55603c15406dd
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Minecraft Launcher\MinecraftLauncher.exe
Ruta de acceso del módulo con errores: libcef.dll
Id. del informe: 7b4ee092-c1f7-11e9-ac57-1803731d8e67

Error: (08/18/2019 02:27:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: El valor de cadena de nombre del contador de rendimiento del Registro tiene un formato incorrecto. La cadena incorrecta es . El primer valor DWORD de la sección de datos contiene el valor del índice de la cadena incorrecta, mientras que el segundo y tercer valor DWORD de la sección de datos contienen los últimos valores del índice válidos.

Error: (08/18/2019 02:20:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: El valor de cadena de nombre del contador de rendimiento del Registro tiene un formato incorrecto. La cadena incorrecta es . El primer valor DWORD de la sección de datos contiene el valor del índice de la cadena incorrecta, mientras que el segundo y tercer valor DWORD de la sección de datos contienen los últimos valores del índice válidos.

Error: (08/18/2019 11:34:52 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: El valor de cadena de nombre del contador de rendimiento del Registro tiene un formato incorrecto. La cadena incorrecta es . El primer valor DWORD de la sección de datos contiene el valor del índice de la cadena incorrecta, mientras que el segundo y tercer valor DWORD de la sección de datos contienen los últimos valores del índice válidos.

Error: (08/18/2019 11:30:26 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: El valor de cadena de nombre del contador de rendimiento del Registro tiene un formato incorrecto. La cadena incorrecta es . El primer valor DWORD de la sección de datos contiene el valor del índice de la cadena incorrecta, mientras que el segundo y tercer valor DWORD de la sección de datos contienen los últimos valores del índice válidos.

Error: (08/18/2019 11:13:28 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: El valor de cadena de nombre del contador de rendimiento del Registro tiene un formato incorrecto. La cadena incorrecta es . El primer valor DWORD de la sección de datos contiene el valor del índice de la cadena incorrecta, mientras que el segundo y tercer valor DWORD de la sección de datos contienen los últimos valores del índice válidos.

Error: (08/18/2019 11:02:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: El valor de cadena de nombre del contador de rendimiento del Registro tiene un formato incorrecto. La cadena incorrecta es . El primer valor DWORD de la sección de datos contiene el valor del índice de la cadena incorrecta, mientras que el segundo y tercer valor DWORD de la sección de datos contienen los últimos valores del índice válidos.


System errors:
=============
Error: (08/18/2019 02:33:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Adaptador de rendimiento de WMI se cerró con el siguiente error: 
Error no especificado

Error: (08/18/2019 02:27:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Adaptador de rendimiento de WMI se cerró con el siguiente error: 
Error no especificado

Error: (08/18/2019 02:20:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Adaptador de rendimiento de WMI se cerró con el siguiente error: 
Error no especificado

Error: (08/18/2019 11:34:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Adaptador de rendimiento de WMI se cerró con el siguiente error: 
Error no especificado

Error: (08/18/2019 11:30:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Adaptador de rendimiento de WMI se cerró con el siguiente error: 
Error no especificado

Error: (08/18/2019 11:13:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Adaptador de rendimiento de WMI se cerró con el siguiente error: 
Error no especificado

Error: (08/18/2019 11:03:43 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.

Error: (08/18/2019 11:03:43 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.


==================== Memory info =========================== 

BIOS: Dell Inc. A15 07/17/2012
Motherboard: Dell Inc. 0D28YY
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 95%
Total physical RAM: 3977.06 MB
Available physical RAM: 186.21 MB
Total Virtual: 7952.32 MB
Available Virtual: 3098.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.73 GB) (Free:192.96 GB) NTFS

\\?\Volume{3200971a-927d-11e7-8b01-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.8 GB) (Disk ID: 8AEA5D6C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

perdón por la demora, estaba un poco ocupado

Hola @Rodvi_Julio

Prueba lo mencionado en el siguiente artículo:

Salu2

1 me gusta

funciono, ya no sale , gracias por la ayuda. Solo una ultima pregunta desde que se infecto mi pc con con ese virus ya no pude entrar al notepad, solo buscando el acceso directo , pero el icono tiene una hoja en blanco como icono.

Hola @Rodvi_Julio

1.- * Ejecuta nuevamente desde tu escritorio FRST.exe. >>> Botón Derecho sobre él y seleccionar “Ejecutar como Administrador”

  • En el mensaje de la ventana del Disclaimer , pulsa en Yes
  • En la ventana principal del programa escribes:

notepad.exe

  • Y presionas en Search Files.

1

  • Al finalizar se abrirá un archivo llamado Search.txt que quedará grabado en tu escritorio

2.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

Descarga UsbFix a tu escritorio :

  • Conecte todos sus dispositivos extraibles, USB/Pendrive\Micro SD, etc.
  • Ejecute USBFix.exe

  • Una vez conectados todos sus dispositivos presione en “Ejecutar análisis.”
  • Posteriormente seleccione “Full Análisis” y espere a que termine.
  • En caso de detectar amenazas, seleccione todo los elementos detectados y presione “Limpiar todo”
  • Si le pidiera reiniciar el sistema, Acepte .
  • Una vez que se reinicie el equipo, se abrirá el reporte de USBFix indicando lo detectado y lo eliminado.
  • Copie y pegue entero dicho reporte en su próxima respuesta (en caso de que no se abra, el reporte se guarda con el nombre de UsbFix_Report.txt en el Escritorio)

Una vez terminado el análisis, con todas las unidades conectadas, vuelva a ejecutar USBFix como Administrador, y vacune los mismos, siguiendo los pasos del Manual.

Los pegas en tu próxima respuesta a los reportes.

Salu2.

1 me gusta
Farbar Recovery Scan Tool (x64) Version: 22-08-2019
Ran by HP (23-08-2019 16:38:05)
Running from C:\Users\HP\Desktop
Boot Mode: Normal

================== Search Files: "notepad.exe" =============

C:\Windows\notepad.exe
[2009-07-13 17:56][2009-07-13 19:39] 000193536 _____ (Microsoft Corporation) F2C7BB8ACC97F92E987A2D4087D021B1 [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_d5642974be118415\notepad.exe
[2009-07-13 17:41][2009-07-13 19:14] 000179712 _____ (Microsoft Corporation) D378BFFB70923139D6A4F546864AA61C [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_cb0f7f2289b0c21a\notepad.exe
[2009-07-13 17:56][2009-07-13 19:39] 000193536 _____ (Microsoft Corporation) F2C7BB8ACC97F92E987A2D4087D021B1 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7600.16385_none_9ebebe8614be1470\notepad.exe
[2009-07-13 17:56][2009-07-13 19:39] 000193536 _____ (Microsoft Corporation) F2C7BB8ACC97F92E987A2D4087D021B1 [File is digitally signed]

C:\Windows\SysWOW64\notepad.exe
[2009-07-13 17:41][2009-07-13 19:14] 000179712 _____ (Microsoft Corporation) D378BFFB70923139D6A4F546864AA61C [File is digitally signed]

C:\Windows\System32\notepad.exe
[2009-07-13 17:56][2009-07-13 19:39] 000193536 _____ (Microsoft Corporation) F2C7BB8ACC97F92E987A2D4087D021B1 [File is digitally signed]


====== End of Search ======
# ----------------------------------------------------
# UsbFix Antivirus Free
# ----------------------------------------------------
# Versión : 11.016
# Base de datos : 2019.05.21 
# Contacto : https://www.usb-antivirus.com/es/contacto
# ----------------------------------------------------
# Tipo de escaneo : Full
# Usuario : HP (Administrador)
# Dispositivo : SERVIDOR
# Comenzó : 23/08/2019 16:40:53
# ----------------------------------------------------

------------ | Discos analizados |

C:\	NTFS	(190GB/233GB)	[Fixed] 
E:\	FAT32	(4GB/4GB)	[Removable] 

------------ | Elemento(s) infectado(s) |

Restorado! E:\$TXRAJNL.DAT

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
04 - HKCU\..\Run : [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIURE.EXE /EPT "EPLTarget\P0000000000000000" /M "L5190 Series"
04 - HKCU\..\Run : [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
04 - HKLM\..\Run : [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
04 - HKLM\..\Run : [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
04 - HKLM\..\Run : [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
04 - HKLM\..\Run : [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
04 - HKLM\..\Run : [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
04 - HKLM\..\Run : [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
04 - [x64] HKLM\..\Run : [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
04 - [x64] HKLM\..\Run : [Servicio de Acronis Scheduler2 ] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
04 - [x64] HKLM\..\Run : [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /ANDREA_BF_BYPASS
04 - [x64] HKLM\..\Run : [IgfxTray] "C:\Windows\system32\igfxtray.exe"
04 - [x64] HKLM\..\Run : [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
04 - [x64] HKLM\..\Run : [Persistence] "C:\Windows\system32\igfxpers.exe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\..\Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
04 - HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\..\Run : [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIURE.EXE /EPT "EPLTarget\P0000000000000000" /M "L5190 Series"
04 - HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\..\Run : [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

------------ | Tasks |

Task - Adobe Acrobat Update Task --> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task - Avast Emergency Update --> C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
Task - CCleaner Update --> C:\Program Files\CCleaner\CCUpdate.exe
Task - CCleanerSkipUAC --> "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Task - EPSON L5190 Series Update {589E4742-D55D-4CE5-8434-6EEAA4B4B524} --> C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSURE.EXE /EXE:"{589E4742-D55D-4CE5-8434-6EEAA4B4B524}" /F:"Update"
Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - KMSAutoNet --> "C:\ProgramData\KMSAutoS\KMSAuto Net.exe" /off=act

------------ | C:\ %SystemDrive% - Disco fijo (NTFS) |

[09/08/2019 - 16:35:51 | A | 0 Ko] - DelFix.txt
[23/08/2019 - 09:41:19 | ASH | 3054380 Ko] - hiberfil.sys
[23/08/2019 - 09:41:22 | ASH | 4072508 Ko] - pagefile.sys
[14/08/2019 - 20:35:57 | A | 4 Ko] - 20190814_200957 - Acceso directo.lnk --> 
[11/01/2019 - 10:30:38 | SHD] - $Recycle.Bin
[21/06/2018 - 13:39:46 | SHD] - found.001
[02/01/2018 - 04:22:48 | SHD] - found.000
[13/07/2009 - 21:20:08 | D] - PerfLogs
[13/07/2009 - 23:08:56 | SHD] - Documents and Settings
[05/09/2017 - 15:06:09 | SHD] - Archivos de programa
[05/09/2017 - 15:06:09 | SHD] - Recovery
[05/09/2017 - 15:06:19 | RD] - Users
[20/06/2018 - 07:14:47 | D] - swsetup
[20/06/2018 - 07:17:18 | D] - Intel
[01/02/2019 - 08:42:42 | RHD] - MSOCache
[09/08/2019 - 11:45:52 | D] - AdwCleaner
[09/08/2019 - 12:05:38 | D] - Program Files
[09/08/2019 - 16:45:02 | HD] - ProgramData
[18/08/2019 - 14:42:33 | D] - FRST
[19/08/2019 - 08:58:46 | D] - Windows
[23/08/2019 - 16:40:30 | RD] - Program Files (x86)

------------ | E:\ - Disco extraíble (FAT32) |

[13/07/2018 - 03:26:36 | N | 1024 Ko] - $TXRAJNL.DAT
[12/08/2019 - 11:25:26 | D] - documentos

Elemento(s) infectado(s) : 1
Elementos analizados : 59032 en 00h 00m 04s

# UsbFix-Report-01.txt [5440B]

------------ | E.O.F  |