Comparto mis reportes. Alguien le puede dar un vistazo?


#1

Antes que nada decirles que soy nuevo y que me da mucho gusto encontrar un lugar en donde me puedan ayudar.

Encontré los pasos en donde un usuario comentaba que podía tener un posible virus. Por eso mismo descargue e hice lo que le recomendaban a él.

Aquí les dejo los reportes.

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 12/12/18
Hora del análisis: 11:59
Archivo de registro: 96f7f2f4-fe1e-11e8-895c-000000000000.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.508
Versión del paquete de actualización: 1.0.8279
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: Seba-PC\Seba

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 262666
Amenazas detectadas: 4
Amenazas en cuarentena: 4
Tiempo transcurrido: 6 min, 10 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 1
PUP.Optional.DefaultSearch, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nladljmabboanhihfkjacnnkgjhnokhj, En cuarentena, [283], [550469],1.0.8279

Valor del registro: 1
PUP.Optional.DefaultSearch, HKU\S-1-5-21-525092146-1667884894-650739964-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|NLADLJMABBOANHIHFKJACNNKGJHNOKHJ, En cuarentena, [283], [550469],1.0.8279

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 2
PUP.Optional.DefaultSearch, C:\USERS\SEBA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [283], [550469],1.0.8279
PUP.Optional.DefaultSearch, C:\USERS\SEBA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [283], [469798],1.0.8279

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

#2

Hola @2020donoscar2020:

Bienvenido a la nueva etapa de InfoSpyware!!!

Antes de continuar, comenta que síntomas tiene tu equipo.

Salu2.


#3
# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build:    11-26-2018
# Database: 2018-12-07.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-12-2018
# Duration: 00:00:10
# OS:       Windows 7 Home Premium
# Cleaned:  12
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Web Companion
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FCC86E01-0D10-4319-989B-DA97688FCB81}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FCC86E01-0D10-4319-989B-DA97688FCB81}
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit

***** [ Chromium (and derivatives) ] *****

Deleted       Avira SafeSearch Plus

***** [ Chromium URLs ] *****

Deleted       Ask
Not Deleted   AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2316 octets] - [12/12/2018 12:19:36]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Seba (Administrator) on Wed 12/12/2018 at 12:26:26.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 26 

Successfully deleted: C:\ProgramData\lavasoft\web companion (Folder) 
Successfully deleted: C:\Program Files (x86)\lavasoft\web companion (Folder) 
Successfully deleted: C:\Users\Seba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Seba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Seba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1HENZOH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Seba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC8YCHQD (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Seba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Seba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Seba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGTGRLNN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Seba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OYQ70S69 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Seba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QPGW3IF7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Seba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTARS0QU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Seba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VV7M07TW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Seba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6L11XXU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1HENZOH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC8YCHQD (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGTGRLNN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OYQ70S69 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QPGW3IF7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTARS0QU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VV7M07TW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6L11XXU (Temporary Internet Files Folder) 


Registry: 2 

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/12/2018 at 12:39:19.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by Seba (12-12-2018 12:46:14)
Running from C:\Users\Seba\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2018-12-03 08:38:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-525092146-1667884894-650739964-500 - Administrator - Disabled)
Guest (S-1-5-21-525092146-1667884894-650739964-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-525092146-1667884894-650739964-1002 - Limited - Enabled)
Seba (S-1-5-21-525092146-1667884894-650739964-1001 - Administrator - Enabled) => C:\Users\Seba

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-525092146-1667884894-650739964-1001\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
ATI Catalyst Install Manager (HKLM\...\{F72FC7C5-5D2F-41EC-11DE-FD9F5F6D415A}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (HKLM-x32\...\WT082192) (Version: 2.2.0.82 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT082122) (Version: 2.2.0.82 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WT082124) (Version: 2.2.0.82 - WildTangent) Hidden
Build-a-lot 2 (HKLM-x32\...\WT082438) (Version: 2.2.0.82 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WT083477) (Version: 2.2.0.82 - WildTangent) Hidden
ccc-core-static (HKLM-x32\...\{D89272DE-CF29-8D5C-B01A-410F06E2E903}) (Version: 2010.0122.858.16002 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\WT082200) (Version: 2.2.0.82 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.102 - CinemaNow, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Contents (HKLM-x32\...\{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}) (Version: 1.6.0.286 - Corel Corporation) Hidden
Corel PaintShop Photo Pro X3 (HKLM-x32\...\_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.116 - Corel Corporation)
Corel PaintShop Photo Pro X3 (HKLM-x32\...\{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}) (Version: 1.00.0000 - Corel Corporation) Hidden
Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.0.286 - Corel Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2527 - CyberLink Corp.)
DeviceIO (HKLM-x32\...\{F4E9851F-765E-40B7-9859-237C2724E62C}) (Version: 1.6.0.286 - Corel Corporation) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT082396) (Version: 2.2.0.82 - WildTangent) Hidden
Dora's Carnival Adventure (HKLM-x32\...\WT082133) (Version: 2.2.0.82 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.6.6.2133 - Steinberg Media Technologies GmbH)
Escape Rosecliff Island (HKLM-x32\...\WT083484) (Version: 2.2.0.82 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Faerie Solitaire (HKLM-x32\...\WT082442) (Version: 2.2.0.82 - WildTangent) Hidden
FATE (HKLM-x32\...\WT082141) (Version: 2.2.0.82 - WildTangent) Hidden
Focusrite USB 4.36.5.0 (HKLM\...\Focusrite USB_is1) (Version: 4.36.5.0 - Focusrite Audio Engineering Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10144.3282 - Hewlett-Packard)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.3727 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.2.2513 - Hewlett-Packard)
HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.0.3722 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.0.3722 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.0.3722 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.2511 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2261 - HP Photo Creations Powered by RocketLife)
HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)
HP QuickWeb Installer (HKLM-x32\...\{394FA67A-FF0A-4356-BB77-D85E5A300BDE}) (Version: 1.2.9.1 - DeviceVM Inc.)
HP Setup (HKLM-x32\...\{E2831862-F131-4327-B9CC-FA30F587EB6C}) (Version: 1.2.3988.3281 - Hewlett-Packard)
HP SimplePass Identity Protection (HKLM\...\{F20DF0CA-5929-4C26-A501-FDB19FDF0A50}) (Version: 5.00.140 - DigitalPersona, Inc.)
HP Software Framework (HKLM-x32\...\{15436D38-68EF-4D20-A794-755F54E7E955}) (Version: 3.5.16.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}) (Version: 4.3.1.2 - Hewlett-Packard)
HP Tone Control (HKLM\...\{9207D4A1-586E-49CA-A002-FC9F475AB1A3}) (Version: 2.0.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0177 (HKLM-x32\...\{8DA0CD14-79DF-49BF-B133-409C004F27E1}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{0279C882-B150-44B6-A769-A7C8A2F31CE3}) (Version: 4.0.3.2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-525092146-1667884894-650739964-1001\...\HuluDesktop) (Version: 0.9.11 - Hulu LLC)
ICA (HKLM-x32\...\{D1AEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.116 - Corel Corporation) Hidden
ICA (HKLM-x32\...\{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.0.286 - Corel Corporation) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6265.0 - IDT)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
IPM_PSP_Pro (HKLM-x32\...\{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}) (Version: 1.00.0000 - Corel Corporation) Hidden
IPM_VS_Pro (HKLM-x32\...\{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}) (Version: 13.0 - Corel Corporation) Hidden
ISCOM (HKLM-x32\...\{D1F80EFD-A032-4E8E-A367-70C44AD4DCE0}) (Version: 1.6.1.116 - Corel Corporation) Hidden
ISCOM (HKLM-x32\...\{FE661711-E392-4B3F-A4A7-02C747C09134}) (Version: 1.6.0.286 - Corel Corporation) Hidden
Java(TM) 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Jewel Quest 3 (HKLM-x32\...\WT082443) (Version: 2.2.0.82 - WildTangent) Hidden
Jewel Quest Solitaire 2 (HKLM-x32\...\WT082468) (Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
KORG USB-MIDI Driver Tools for Windows (HKLM-x32\...\{E373514C-21E0-4E76-BABD-C7BAF6BFFF45}) (Version: 1.11.0040 - KORG Inc.)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard)
MSN Toolbar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 4.0.0369.0 - Microsoft Corporation)
MSN Toolbar Platform (HKLM-x32\...\{4123BE4D-C65C-467E-8071-232FB1FBF3B8}) (Version: 4.0.0369.0 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The New York Fortune (HKLM-x32\...\WT082456) (Version: 2.2.0.82 - WildTangent) Hidden
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.8.1.43 - Native Instruments)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 17.0.0.136 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.34 - Symantec)
Penguins! (HKLM-x32\...\WT082168) (Version: 2.2.0.82 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
Plants vs. Zombies (HKLM-x32\...\WT082170) (Version: 2.2.0.82 - WildTangent) Hidden
Poker Superstars III (HKLM-x32\...\WT082171) (Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT082172) (Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT082173) (Version: 2.2.0.82 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3715 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3715 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2514 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2514 - CyberLink Corp.)
PSPPContent (HKLM-x32\...\{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}) (Version: 1.00.0000 - Corel Corporation) Hidden
PSPPRO_DCRAW (HKLM-x32\...\{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}) (Version: 13.0.0 - Corel Corporation) Hidden
PureHD (HKLM-x32\...\{F8423392-2296-4748-9B66-344432459632}) (Version: 1.6.0.286 - Corel Corporation) Hidden
PX Profile Update (HKLM-x32\...\{08C94F9D-EB51-D748-E299-E347A2C14A81}) (Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.2512 - CyberLink Corp.) Hidden
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Setup (HKLM-x32\...\{D1612A3D-0DCC-4055-BB6A-0036F31158A0}) (Version: 1.6.1.116 - Corel Corporation) Hidden
Setup (HKLM-x32\...\{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}) (Version: 1.6.0.286 - Corel Corporation) Hidden
Share (HKLM-x32\...\{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}) (Version: 1.6.0.286 - Corel Corporation) Hidden
Share64 (HKLM\...\{F6246243-CF06-4E40-8A37-C3B537695C36}) (Version: 1.6.0.286 - Corel Corporation) Hidden
Skype version 8.34 (HKLM-x32\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.)
Steinberg Cubase LE AI Elements 7 64bit (HKLM\...\{67E7C608-D0EA-4273-B374-50ABE42FBE08}) (Version: 7.0.6 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TextTwist 2 (HKLM-x32\...\WT083491) (Version: 2.2.0.82 - WildTangent) Hidden
Update for Office 2007 (KB934528) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
Validity Sensors DDK (HKLM\...\{EE5017A6-7525-4EE9-99DA-2EF1F6C16B1B}) (Version: 4.1.129.0 - Validity Sensors, Inc.)
VIO (HKLM-x32\...\{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}) (Version: 1.6.0.286 - Corel Corporation) Hidden
Virtual Families (HKLM-x32\...\WT082188) (Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (HKLM-x32\...\WT082241) (Version: 2.2.0.82 - WildTangent) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VSClassic (HKLM-x32\...\{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}) (Version: 1.6.0.286 - Corel Corporation) Hidden
VSPro (HKLM-x32\...\{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}) (Version: 1.6.0.286 - Corel Corporation) Hidden
Waves Central 10.0.1.3 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}_is1) (Version: 10.0.1 - Waves, Inc.)
Waves SoundGrid Drivers 9.7.99.175 (HKLM\...\Waves SoundGrid Drivers_is1) (Version:  - Waves Audio Ltd.)
Wheel of Fortune 2 (HKLM-x32\...\WT082189) (Version: 2.2.0.82 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Zuma's Revenge (HKLM-x32\...\WT082463) (Version: 2.2.0.82 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Corel.Paint.Shop.Pro.Photo] -> {B1D2CD8F-45E9-49d1-838A-AAA5780D94B7} => c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll [2010-01-19] ()
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\17.0.0.136\NavShExt.dll [2009-09-01] (Symantec Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers2: [Corel.Paint.Shop.Pro.Photo] -> {B1D2CD8F-45E9-49d1-838A-AAA5780D94B7} => c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll [2010-01-19] ()
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\17.0.0.136\NavShExt.dll [2009-09-01] (Symantec Corporation)
ContextMenuHandlers2-x32: [Ulead UDF Driver] -> {DBD8E168-244D-448C-9922-25508950D1DC} => c:\Program Files (x86)\Common Files\Ulead Systems\DVD\USIShex.dll [2010-01-14] (Ulead Systems, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [Corel.Paint.Shop.Pro.Photo] -> {B1D2CD8F-45E9-49d1-838A-AAA5780D94B7} => c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll [2010-01-19] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2010-01-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-01-22] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine64\17.0.0.136\NavShExt.dll [2009-09-01] (Symantec Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {159220DE-97FB-465B-90D0-B69D2C442F03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-28] (Piriform Software Ltd)
Task: {493F16DA-B4A2-492E-A421-85D07D60A455} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-03] (Google Inc.)
Task: {52CBB4B4-C5A4-49EC-9BD9-AA013499F411} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-28] (Piriform Ltd)
Task: {53AB4301-884E-45F7-B9BF-6B3930F74949} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {55C2E56E-9627-4542-A884-6A5D45022C99} - System32\Tasks\{77FEBEA2-85EB-4566-85E0-B19756C2023C} => C:\Windows\system32\pcalua.exe -a "C:\Users\Seba\Desktop\vst\Spectrasonics Stylus RMX 1.5 + 1.7 + 1.9.5 + keygen WORKING 100%\install first\dyn-rmx15d1\Windows\Setup.exe" -d "C:\Users\Seba\Desktop\vst\Spectrasonics Stylus RMX 1.5 + 1.7 + 1.9.5 + keygen WORKING 100%\install first\dyn-rmx15d1\Windows"
Task: {86C860F5-363A-45DF-90A1-6508CA191871} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe
Task: {8CA43350-A1D4-4B7B-B307-14FFC2F8EB8F} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-27] ()
Task: {A9A0FEF8-ACCF-448B-BB0C-D677B521E198} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-27] ()
Task: {C346AEEB-3F4D-4B9C-A8B5-971741BFB4EB} - System32\Tasks\Hewlett-Packard\HP Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2009-10-15] (Hewlett-Packard)
Task: {D85C79E4-0817-4C7C-868B-B760A8415AD3} - System32\Tasks\NetworkWizardVCW => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-27] ()
Task: {DA38192F-AFA8-4302-92F3-AAC5E87F8976} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-03] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2010-01-19 04:53 - 2010-01-19 04:53 - 000124560 _____ () c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll
2010-01-18 19:04 - 2010-01-18 19:04 - 000020480 _____ () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2018-12-12 11:58 - 2018-11-21 11:07 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-12-12 11:58 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-12-03 12:36 - 2018-11-16 02:43 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libglesv2.dll
2018-12-03 12:36 - 2018-11-16 02:43 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libegl.dll
2018-12-03 17:00 - 2018-11-09 19:57 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-12-03 17:01 - 2018-11-09 19:57 - 002381152 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2018-12-03 17:01 - 2018-11-09 19:57 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2018-12-03 17:01 - 2018-11-09 19:57 - 000219080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-12-03 17:01 - 2018-11-09 19:57 - 000081864 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\desktop-idle\build\Release\desktopIdle.node
2018-12-03 17:00 - 2018-11-09 19:57 - 002723872 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2018-12-03 17:00 - 2018-11-09 19:57 - 000031776 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-12-03 17:01 - 2018-11-09 19:57 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-12-03 17:01 - 2018-11-09 19:57 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-525092146-1667884894-650739964-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2018-12-04 10:31 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-525092146-1667884894-650739964-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 200.49.120.2 - 200.49.120.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
MSCONFIG\startupreg: HPToneControl => C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: MSN Toolbar => "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe"
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Seba\AppData\Roaming\uTorrent\uTorrent.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{978749DB-C886-4B89-95FE-D6D4C8B8F350}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{8B2204C8-F50D-4E9B-B57A-03A41BD3D4CF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E25C7EA2-0C0C-4F20-9074-0AF3FA52D85B}] => (Allow) svchost.exe
FirewallRules: [{D0DAEDE6-3229-40C7-9C47-72A2C8ACD8D3}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{D3197E11-AC63-4B0E-A149-D236D23E6078}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{28F2781F-3828-4B41-B617-5A38175F2C1F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{B90A00DB-D204-42EB-A383-DAA71F4C5C71}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\iTV\HPiTV.exe
FirewallRules: [{BF10DECD-9048-4FEB-8211-A2CA49145F96}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{D34D0FED-7168-4647-A9F5-9D12148E2BA4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{AC734806-3DF4-4295-AF49-85BD3F548CAE}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{587F17FD-57D4-405A-B09A-481FB2AE4305}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{7FAECB73-4B3C-4EF7-B03D-80D988329024}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A27C6CCE-76D9-4FB0-A928-BE6231A73A15}] => (Allow) C:\Program Files (x86)\Waves\MultiRack\MultiRack SoundGrid.exe
FirewallRules: [{C3242575-B779-461F-B2FA-779F738BC3C8}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{EDA12F56-91CA-4DAF-9D1F-816EAB5ACA07}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{AC2DFFE7-8624-4A1B-8035-D6309B98C52B}C:\program files\steinberg\cubase le ai elements 7\cubase le ai elements 7.exe] => (Allow) C:\program files\steinberg\cubase le ai elements 7\cubase le ai elements 7.exe
FirewallRules: [UDP Query User{F273F9FD-8852-4EC2-9CDE-23FC6B354876}C:\program files\steinberg\cubase le ai elements 7\cubase le ai elements 7.exe] => (Allow) C:\program files\steinberg\cubase le ai elements 7\cubase le ai elements 7.exe
FirewallRules: [TCP Query User{DA02486E-2F56-4151-9205-4BA749C6141E}C:\program files\steinberg\cubase le ai elements 7\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase le ai elements 7\components\vstbridgeapp.exe
FirewallRules: [UDP Query User{BAB6B585-9209-41DE-A51E-533CD143EC91}C:\program files\steinberg\cubase le ai elements 7\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase le ai elements 7\components\vstbridgeapp.exe
FirewallRules: [{A7EA3B45-731E-4776-8548-5FFC539A1E1C}] => (Allow) C:\Users\Seba\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D1382921-7F29-4F66-96BE-423E877FE7B5}] => (Allow) C:\Users\Seba\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9BA19648-AB18-442E-A137-9ECF2E596A3B}] => (Allow) C:\Users\Seba\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{831F1626-399F-44D3-8EE9-BFFC70ACACC1}] => (Allow) C:\Users\Seba\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{40326070-A700-4EDB-BC4F-E145AC69DBF0}] => (Allow) C:\Users\Seba\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D522C0B0-8A2B-44F2-88CA-49C21D733F70}] => (Allow) C:\Users\Seba\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8063F6D8-2156-4C88-96EA-114379DB7F1B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{C83DD626-7B24-4D74-90B8-6E52C85F7FA0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

10-12-2018 18:54:53 Removed Avira Safe Shopping
10-12-2018 18:55:47 Removed Avira Software Updater
11-12-2018 08:46:56 Windows Update
11-12-2018 21:30:55 Installed KORG USB-MIDI Driver Tools for Windows
11-12-2018 21:34:08 Device Driver Package Install: KORG Inc. Sound, video and game controllers
12-12-2018 12:26:34 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/12/2018 12:23:07 PM) (Source: SGDawNodeService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/12/2018 12:13:42 PM) (Source: SGDawNodeService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/12/2018 11:50:35 AM) (Source: SGDawNodeService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/11/2018 09:25:58 PM) (Source: SGDawNodeService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/11/2018 01:12:54 PM) (Source: SGDawNodeService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/11/2018 11:39:17 AM) (Source: SGDawNodeService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/11/2018 10:13:17 AM) (Source: SGDawNodeService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/11/2018 08:56:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Omnisphere.exe version 1.0.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11d4

Start Time: 01d491485c611d0c

Termination Time: 12

Application Path: C:\ProgramData\Spectrasonics\Omnisphere.exe

Report Id: a0918fe9-fd3b-11e8-abae-ba7132eef390


System errors:
=============
Error: (12/12/2018 12:21:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Health Check Service service failed to start due to the following error: 
The pipe has been ended.

Error: (12/12/2018 12:21:08 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (12/12/2018 12:20:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/12/2018 12:20:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (12/12/2018 12:20:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/12/2018 12:20:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (12/12/2018 12:20:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Biometric Authentication Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/12/2018 12:20:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqwmiex service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================

Date: 2018-12-03 19:27:02.500
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SoundGridProtocol.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-03 19:27:02.468
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SoundGridProtocol.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-03 19:26:49.837
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SoundGridMidi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-03 19:26:49.806
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SoundGridMidi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-03 16:35:25.373
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SoundGridMidi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-03 16:35:25.358
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SoundGridMidi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-03 16:25:12.962
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SoundGridProtocol.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-12-03 16:25:12.926
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SoundGridProtocol.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 42%
Total physical RAM: 7989.86 MB
Available physical RAM: 4600.19 MB
Total Virtual: 15977.86 MB
Available Virtual: 12452.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:573.1 GB) (Free:70.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:22.78 GB) (Free:3.31 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive f: (KORG M50) (CDROM) (Total:0.12 GB) (Free:0 GB) CDFS

\\?\Volume{2e92f64d-f700-11e8-9e18-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 41EA23B6)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=573.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================

#8

Y me faltaría poner el reporte FRTS pero me dice lo siguiente

Lo sentimos, pero los usuarios nuevos solo pueden mencionar a 2 usuarios en un post.

La compu hace poco que le reinstalé todo. Pero de la nada se puso super lenta, mi pareja le había instalado el utorrent y honestamente me dio un poco de miedo de que se me haya metido algo.

Aparentemente ahora está funcionando bien pero quiero quedarme tranquilo.

Se ve algo raro?


#9

Hola @2020donoscar2020:

Pega en tu próxima respuesta el reporte de FRST, que es el que mas necesitamos.

Salu2.


#10
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018

Ran by Seba (administrator) on SEBA-PC (12-12-2018 12:43:10)

Running from C:\Users\Seba\Desktop

Loaded Profiles: Seba (Available Profiles: Seba)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\stacsv64.exe

(Hewlett-Packard) C:\Windows\System32\hpservice.exe

(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe

(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe

(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe

(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe

(DeviceVM, Inc.) C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe

() C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.EXE

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Farbar) C:\Users\Seba\Desktop\5_FRST64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SGDawNodeService] => C:\Windows\SysWOW64\SGDawNodeService.exe [5620736 2017-01-29] (Waves Audio Ltd.)

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-525092146-1667884894-650739964-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49805160 2018-11-09] (Skype Technologies S.A.)

HKU\S-1-5-21-525092146-1667884894-650739964-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd)

HKU\S-1-5-21-525092146-1667884894-650739964-1001\...\MountPoints2: {2e92f65d-f700-11e8-9e18-806e6f6e6963} - F:\KorgSetup.exe

HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

Lsa: [Notification Packages] DPPassFilter scecli

GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.49.120.2 200.49.120.3

Tcpip\..\Interfaces\{21822E5D-45A2-4A4A-AD2F-F94599823234}: [DhcpNameServer] 200.49.120.2 200.49.120.3

Internet Explorer:

==================

HKU\S-1-5-21-525092146-1667884894-650739964-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {6D04BA4F-8635-46F4-B5B7-920421898F2C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {6D04BA4F-8635-46F4-B5B7-920421898F2C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-525092146-1667884894-650739964-1001 -> DefaultScope {6D04BA4F-8635-46F4-B5B7-920421898F2C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-525092146-1667884894-650739964-1001 -> {6D04BA4F-8635-46F4-B5B7-920421898F2C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

BHO: HP SimplePass Identity Protection Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\DigitalPersona\Bin\dpotspluginie8.dll [2009-12-30] (DigitalPersona, Inc.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-28] (Sun Microsystems, Inc.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)

BHO-x32: HP SimplePass Identity Protection Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll [2009-12-30] (DigitalPersona, Inc.)

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File

BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll [2009-08-28] (Symantec Corporation)

BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL [2009-08-29] (Symantec Corporation)

BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-11-19] (Microsoft Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

BHO-x32: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll [2009-11-30] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-02-28] (Sun Microsystems, Inc.)

Toolbar: HKLM-x32 - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll [2009-11-30] (Microsoft Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll [2009-08-28] (Symantec Corporation)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

#11

Tengo que compartirlo en varias partes porque es demasiado largo, pero me dice lo siguiente.

“Lo sentimos, pero los usuarios nuevos solo pueden mencionar a 2 usuarios en un post.”

Me ayudan? Hace tres días que estoy intentando compartir los reportes.


#12

Hola @2020donoscar2020

Revisa este enlace para que sepas pegar los reportes.

Intenta con el método 4 un reporte en cada post si te dice que es muy largo.

Salu2


#13

Es que el problema no es que es muy largo el reporte. Divido el reporte para no tener problemas, pongo una parte en un post y cuando quiero crear otro post para poner la segunda parte me dice lo siguinete

“Lo sentimos, pero los usuarios nuevos solo pueden mencionar a 2 usuarios en un post.” Ese es el problema principal


#14

Hola:

Pero revisaste el Método 4.

Solo tienes que tener el Tema como si fueras a responder y arrastras el archivo de texto a el navegador y en el tema lo sueltas, revisa el Manual que te deje es muy fácil.

Salu2.


#16

FRST.txt (290,3 KB)

Un millón de disculpas… ahora pude hacerlo sin problemas.

Creo que están todos los reportes


#17

Realiza lo siguiente con todos los programas cerrados:

Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-525092146-1667884894-650739964-1001\...\MountPoints2: {2e92f65d-f700-11e8-9e18-806e6f6e6963} - F:\KorgSetup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Lsa: [Notification Packages] DPPassFilter scecli
GroupPolicy: Restriction ? <==== ATTENTION
Tcpip\..\Interfaces\{21822E5D-45A2-4A4A-AD2F-F94599823234}: [DhcpNameServer] 200.49.120.2 200.49.120.3
HKU\S-1-5-21-525092146-1667884894-650739964-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {6D04BA4F-8635-46F4-B5B7-920421898F2C} URL = 
SearchScopes: HKLM-x32 -> {6D04BA4F-8635-46F4-B5B7-920421898F2C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-525092146-1667884894-650739964-1001 -> DefaultScope {6D04BA4F-8635-46F4-B5B7-920421898F2C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-525092146-1667884894-650739964-1001 -> {6D04BA4F-8635-46F4-B5B7-920421898F2C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll [2009-11-30] (Microsoft Corporation)
Toolbar: HKLM-x32 - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll [2009-11-30] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
FF Extension: (Avira Browser Safety) - C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\Epn1xE3F.default\Extensions\[email protected] [2018-12-05]
FF Extension: (Avira Password Manager) - C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\Epn1xE3F.default\Extensions\[email protected] [2018-12-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\Firefox
FF Extension: (MSN Toolbar) - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\Firefox [2010-06-26] [Legacy] [not signed]
FF Extension: (Search Helper Extension) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-06-26] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{4C0766D3-67A7-45a3-85A2-752F77312F32}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn => not found
FF Extension: (DigitalPersona Extension) - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2010-06-26] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=es
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R3 SoundGridMIDI; C:\Windows\SysWOW64\drivers\SoundGridMidi.sys [22016 2017-01-29] (Waves Audio Ltd.) [File not signed]
R2 SoundGridProtocol; C:\Windows\SysWOW64\DRIVERS\SoundGridProtocol.sys [55296 2017-01-29] (Waves Audio Ltd.) [File not signed]
2018-12-03 23:22 - 2018-12-03 23:22 - 000000000 __HDC C:\ProgramData\{0CF1F946-2AAE-48A9-BD6C-DF71FE72E1D1}
Java(TM) 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas como sigue el equipo.

Salu2.