Cozytech.biz que es?

Hola a todos Antes de intentar eliminar virus y otras yerbas quiero confirmar si este “cozytech.biz” es malicioso o no. Cuando tengo abierto el Chrome se abre una ventana a cada rato de mi Panda Dome y me dice

"Sitio web bloqueado debido a adware Dominio : cozytech.bizText Direccion IP : … Puerto : … Tipo : Saliente Archivo : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"

Tengo solo el navegador infectado? Me están robando información? Espero sus comentarios. Gracias.

Hola @buda007 como bienvenido al nuevo foro

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

  • Realiza un Análisis personalizado , actualizando si te lo pide.
  • Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
  • En el apartado del manual Informes :arrow_forward: Informe de análisis encontrarás el reporte de MBAM, clic en Exportar :arrow_forward: Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

  • Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus.
  • Cierra también todos los programas que tengas abiertos.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
  • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

  • Instala Ccleaner
  • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine :arrow_forward: clic en ejecutar limpiador
  • Clic en la pestaña Registro :arrow_forward: clic en buscar problemas esperas que termine :arrow_forward: clic en Reparar Seleccionadas y haces una copia de seguridad
  • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

Un saludo

Hola @Daniela, gracias por responder tan rápido. Hice los pasos, aparentemente fue solucionado el problema, porque no aparece mas el mensaje del antivirus. Te pego los reportes a continuación:


# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-08-2019
# Duration: 00:00:02
# OS:       Windows 8 Enterprise
# Cleaned:  4
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Windows\System32\config\systemprofile\AppData\LocalLow\pandasecuritytb

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit

***** [ Chromium (and derivatives) ] *****

Deleted       Flash Playlist

***** [ Chromium URLs ] *****

Deleted       Softonic ES

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1416 octets] - [08/07/2019 20:38:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

y el otro reporte es:


Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 8/7/19
Hora del análisis: 4:00
Archivo de registro: 131d3baa-a14e-11e9-9f0b-94de80ca4069.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.11446
Licencia: Prueba

-Información del sistema-
SO: Windows 8
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Programador de tareas
Resultado: Completado
Objetos analizados: 315511
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 16 min, 51 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Si bien no me pidio el siguiente informe, lo comparto, lo encontre en el malwarebytes en la pestaña de informes:


Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del evento de protección: 6/7/19
Hora del evento de protección: 22:03
Archivo de registro: 02ed4870-a053-11e9-b2d1-94de80ca4069.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.11434
Licencia: Prueba

-Información del sistema-
SO: Windows 8
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Detalles del sitio web bloqueado-
Sitio web malicioso: 1
, , Bloqueado, [-1], [-1],0.0.0

-Datos de sitio web-
Categoría: Adware
Dominio: cozytech.biz
Dirección IP: 64.58.121.60
Puerto: [62248]
Tipo: Saliente
Archivo: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe



(end)

Espero tus comentarios.

Hola

Aunque esté resuelto, vamos a revisar tu equipo por si acaso quedara algo.

Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus

Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo

Hola @Daniela Perdon por la demora. Pasaron 10 dias de tu respuesta, en esos 10 dias aparecio otra pagina web bloqueada con otro nombre, lamentablemente no tenia tiempo para dedicarle a la limpieza de la pc. Si es necesario que comience desde el paso 1 nuevamente, avisame. Ahora pego ambos reportes segun tus tindicaciones;

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by Usuario (administrator) on PCPROF (Gigabyte Technology Co., Ltd. H81M-DS2) (19-07-2019 12:17:50)
Running from C:\Users\Usuario\Desktop
Loaded Profiles: Usuario &  (Available Profiles: Usuario & Administrador)
Platform: Windows 8 Enterprise (X64) Language: Español (España, internacional)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ABBYY Production LLC -> ABBYY Production LLC) C:\Program Files (x86)\Common Files\ABBYY\FineReader\12.00\Licensing\CE\NetworkLicenseServer.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\Usuario\AppData\Roaming\Dropbox\bin\77.4.131\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\Usuario\AppData\Roaming\Dropbox\bin\77.4.131\QtWebEngineProcess.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Motorola Mobility Inc. -> Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola Mobility Inc. -> Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) [File not signed] C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(MyHeritage (USA) Inc. -> MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Visicom Media Inc. -> Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-03-13] (CyberLink -> cyberlink)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1517088 2014-07-19] (ABBYY Production LLC -> ABBYY Production LLC.) [File not signed]
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [153296 2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [17683056 2019-03-14] (MyHeritage (USA) Inc. -> MyHeritage)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190325206\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190325206\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190325206\...\RunOnce: [panda4_1dn_DATA_FOLDER] => cmd.exe /c rmdir "C:\ProgramData\Panda Security URL Filtering" /s /q
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190325206\...\RunOnce: [panda4_1dn_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Windows\system32\config\systemprofile\AppData\Local\panda4_1dn" /s /q
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190325206\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190325206\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
HKU\S-1-5-21-2150074114-3142378171-2394966631-1001\...\Run: [Dropbox Update] => C:\Users\Usuario\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-2150074114-3142378171-2394966631-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53646912 2019-07-02] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2150074114-3142378171-2394966631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326472\...\Run: [Dropbox Update] => C:\Users\Usuario\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-2150074114-3142378171-2394966631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326472\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53646912 2019-07-02] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2150074114-3142378171-2394966631-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190327206\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_DATA_FOLDER] => cmd.exe /c rmdir "C:\ProgramData\Panda Security URL Filtering" /s /q
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Windows\system32\config\systemprofile\AppData\Local\panda4_1dn" /s /q
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [183808 2010-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.YV12] => C:\Windows\SysWOW64\yv12vfw.dll [237568 2010-11-03] (www.helixcommunity.org) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [151552 2010-01-17] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [839680 2008-09-24] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [108032 2010-12-11] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-22] (Google LLC -> Google LLC)
Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2019-07-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
GroupPolicy-x32: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {087FF02B-13BD-42E3-8179-7832B1B2E76C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
Task: {0E9EE591-2962-4DA1-ADE6-EC4F2A0AA9A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {2F225AC8-E0B5-4673-B447-49BDF8F78DD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {330689F5-D226-4F3A-93A4-6D6E365A3C55} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2150074114-3142378171-2394966631-1001UA => C:\Users\Usuario\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage => {5F074BDF-4BA3-4E68-AE86-2A6B0B5963B0} C:\Windows\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {4D11FAC3-C148-42B2-BE2F-6CDBB3AD0093} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [22016 2006-04-21] () [File not signed]
Task: {4D655B41-572B-4B5D-9EFF-341DB602F52C} - System32\Tasks\Opera scheduled Autoupdate 1451254176 => C:\Program Files (x86)\Opera\launcher.exe [1348120 2019-07-11] (Opera Software AS -> Opera Software)
Task: {550B94F2-D8C4-4FE6-ABA2-C8F0B7C67572} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd)
Task: {596AEC3E-2456-4A73-AD95-91EB8DD0C7FB} - System32\Tasks\NCH Software\PrismDowngrade => C:\Program Files (x86)\NCH Software\Prism\prism.exe [2031720 2018-04-13] (NCH Software -> NCH Software)
Task: {5FDBD6D6-238F-4905-B21A-ECF93E7E48B2} - System32\Tasks\NCH Software\DebutDowngrade => C:\Program Files (x86)\NCH Software\Debut\debut.exe [2355304 2018-04-11] (NCH Software -> NCH Software)
Task: {61EACA6C-BDBF-4799-804B-10AEB35804EA} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-12] (Adobe Inc. -> Adobe)
Task: {73141A4A-6FDF-4E77-B440-F91CACAA3F10} - System32\Tasks\G2MUpdateTask-S-1-5-21-2150074114-3142378171-2394966631-1001 => C:\Users\Usuario\AppData\Local\GoToMeeting\13481\g2mupdate.exe [32256 2019-07-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {75E68055-63D4-4D4F-9CED-FF744C65A4F6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7F478979-8544-44A6-84C8-54F4AE791B71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe)
Task: {8C97668F-D9BD-4EA8-8085-7B32F842CE27} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {923DC814-A8B8-4778-BCBC-633CEA8CBE8C} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask => {0AC1DBCA-7F9F-47FC-A090-34E5FEB291E8} C:\Windows\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask => {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} C:\Windows\system32\SettingSyncInfo.dll [128512 2015-08-04] (Microsoft Windows -> Microsoft Corporation)
Task: {C06A014E-54B4-4EE6-BB64-0B905A2F574E} - System32\Tasks\G2MUploadTask-S-1-5-21-2150074114-3142378171-2394966631-1001 => C:\Users\Usuario\AppData\Local\GoToMeeting\13481\g2mupload.exe [32256 2019-07-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {C831B6C9-AE2F-41B0-B22F-ABFE559456D6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2150074114-3142378171-2394966631-1001Core => C:\Users\Usuario\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {D9820B1C-1A51-4CA5-8118-705A8EDDF931} - no filepath
Task: {F593789A-0E9C-4918-B253-EB341DEC0863} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_pepper.exe [1452600 2019-06-12] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2150074114-3142378171-2394966631-1001Core.job => C:\Users\Usuario\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2150074114-3142378171-2394966631-1001UA.job => C:\Users\Usuario\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2150074114-3142378171-2394966631-1001.job => C:\Users\Usuario\AppData\Local\GoToMeeting\13481\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2150074114-3142378171-2394966631-1001.job => C:\Users\Usuario\AppData\Local\GoToMeeting\13481\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ABF5E7EB-AAEC-4C13-8380-DDD0253A311B}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2150074114-3142378171-2394966631-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.ar/
HKU\S-1-5-21-2150074114-3142378171-2394966631-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp
HKU\S-1-5-21-2150074114-3142378171-2394966631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326472\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.ar/
HKU\S-1-5-21-2150074114-3142378171-2394966631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326472\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp
HKU\S-1-5-21-2150074114-3142378171-2394966631-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190327206\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-ar/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190325972 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326191 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001 -> {C6714760-0FD9-45AF-9349-CCAFEAC1E24F} URL = hxxps://ar.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326472 -> {C6714760-0FD9-45AF-9349-CCAFEAC1E24F} URL = hxxps://ar.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0lv0v0ii.default-1550281121292
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\qhrwb4bd.default-release [2019-07-19]
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\0lv0v0ii.default-1550281121292 [2019-07-17]
FF Extension: (Descarga videos con Ummy Video Downloader) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\0lv0v0ii.default-1550281121292\Extensions\{2bfc8e07-8df2-4600-a937-6bab8f954152}.xpi [2019-02-17]
FF Extension: (YouTube Downloader) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\0lv0v0ii.default-1550281121292\Extensions\{307f416a-39c0-49e0-8e96-cf802290e33c}.xpi [2019-02-17]
FF Extension: (ImTranslator: Traductor, Diccionario, Voz) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\0lv0v0ii.default-1550281121292\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2019-07-14]
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9uepmfoo.dev-edition-default [2019-07-08]
FF Extension: (ADB Helper) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9uepmfoo.dev-edition-default\Extensions\[email protected] [2017-04-09] [Legacy]
FF Extension: (Valence) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9uepmfoo.dev-edition-default\Extensions\[email protected] [2017-04-09] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google Inc -> Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-04-11] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-04-11] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Usuario\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall) [File not signed]
FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\Usuario\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-20] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-20] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2150074114-3142378171-2394966631-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Usuario\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-11-02] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-2150074114-3142378171-2394966631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326472: @citrixonline.com/appdetectorplugin -> C:\Users\Usuario\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-11-02] (Citrix Online -> Citrix Online)

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://es.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://es.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2019-07-19]
CHR Extension: (Presentaciones) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-06]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-06]
CHR Extension: (Adobe Acrobat) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-10]
CHR Extension: (Hojas de cálculo) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Skype) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-02]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]
CHR Extension: (ImTranslator: Traductor, Diccionario, Voz) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2019-07-19]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2019-04-19]
OPR Extension: (DuckDuckGo for Opera) - C:\Users\Usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfbekbndggmbdkfhjandenfihkdkndil [2016-05-01]
OPR Extension: (Translate) - C:\Users\Usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2015-09-23]
OPR Extension: (Flash Video Downloader (FVD)) - C:\Users\Usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\neacgcjokggofibnbfapeaejhclmpple [2018-06-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Corporate.12.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\12.00\Licensing\CE\NetworkLicenseServer.exe [961744 2014-07-17] (ABBYY Production LLC -> ABBYY Production LLC)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] (Giga-Byte Technology -> )
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation - pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility Inc. -> Motorola Mobility LLC)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-11-08] (Panda Security S.L. -> Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [84176 2019-02-19] (Panda Security S.L. -> Panda Security, S.L.)
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-11-06] (Visicom Media Inc. -> Visicom Media Inc.)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer -> TeamViewer GmbH)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] (Giga-Byte Technology -> )
S3 BTCFilterService; C:\Windows\system32\DRIVERS\motfilt.sys [6144 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Inc)
R3 dc3d; C:\Windows\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 dot4usb; C:\Windows\system32\DRIVERS\dot4usb.sys [49056 2012-10-19] (Hewlett-Packard Company -> Microsoft Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-07-15] (Malwarebytes Corporation -> Malwarebytes)
S3 MotoSwitchService; C:\Windows\system32\DRIVERS\motswch.sys [8832 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola)
S3 Motousbnet; C:\Windows\system32\DRIVERS\Motousbnet.sys [27648 2013-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Motorola Mobility Inc)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [107848 2017-11-03] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [212360 2017-11-03] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [121232 2017-11-03] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [126352 2017-11-03] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [99512 2017-09-26] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [118136 2017-11-03] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [91392 2017-11-03] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [135640 2017-11-03] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [337520 2017-11-03] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [249976 2017-11-03] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [123304 2017-11-03] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [281912 2017-11-03] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [125840 2017-11-03] (Panda Security S.L. -> Panda Security, S.L.)
R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc. -> Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [190552 2017-11-08] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [153176 2018-01-23] (Panda Security S.L. -> Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [206424 2018-01-30] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [146976 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [159312 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [129448 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [72280 2017-05-22] (Panda Security S.L. -> Panda Security, S.L.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] (Giga-Byte Technology -> )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation -> Microsoft Corporation)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-03-13] (CyberLink -> CyberLink Corp.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-19 11:56 - 2019-07-19 12:10 - 000054459 _____ C:\Users\Usuario\Desktop\Addition.txt
2019-07-19 11:54 - 2019-07-19 12:18 - 000036804 _____ C:\Users\Usuario\Desktop\FRST.txt
2019-07-19 11:51 - 2019-07-19 11:51 - 002095104 _____ (Farbar) C:\Users\Usuario\Desktop\FRST64.exe
2019-07-19 11:51 - 2019-07-19 11:51 - 000000000 _____ C:\Users\Usuario\Desktop\Nuevo documento de texto (4).txt
2019-07-19 11:24 - 2019-07-19 11:24 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-07-15 19:06 - 2019-07-17 08:00 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-07-08 21:10 - 2019-07-15 19:02 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-07-08 21:10 - 2017-05-22 07:29 - 000072280 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2019-07-08 20:53 - 2019-07-08 20:53 - 000005884 _____ C:\cc_20190708_205330.reg
2019-07-08 20:28 - 2019-07-08 20:29 - 007025360 _____ (Malwarebytes) C:\Users\Usuario\Desktop\adwcleaner_7.3.exe
2019-07-06 18:57 - 2019-07-06 19:02 - 000000000 ____D C:\Users\Usuario\Desktop\Wireless Network Watcher
2019-07-06 18:57 - 2019-07-06 18:57 - 000001867 _____ C:\Users\Usuario\Desktop\Malwarebytes.lnk
2019-07-06 18:57 - 2019-07-06 18:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-06 18:57 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-07-01 00:49 - 2019-07-01 00:49 - 000058285 _____ C:\Users\Usuario\Downloads\pagos - 2019-07-01T004901.341.pdf
2019-07-01 00:49 - 2019-07-01 00:49 - 000058099 _____ C:\Users\Usuario\Downloads\pagos - 2019-07-01T004916.569.pdf
2019-07-01 00:49 - 2019-07-01 00:49 - 000057997 _____ C:\Users\Usuario\Downloads\pagos - 2019-07-01T004922.114.pdf
2019-07-01 00:49 - 2019-07-01 00:49 - 000057577 _____ C:\Users\Usuario\Downloads\pagos - 2019-07-01T004906.719.pdf
2019-07-01 00:49 - 2019-07-01 00:49 - 000057479 _____ C:\Users\Usuario\Downloads\pagos - 2019-07-01T004926.689.pdf
2019-07-01 00:48 - 2019-07-01 00:48 - 000058342 _____ C:\Users\Usuario\Downloads\pagos - 2019-07-01T004852.464.pdf
2019-07-01 00:34 - 2019-07-01 00:34 - 000036382 _____ C:\Users\Usuario\Downloads\27205746795_011_00002_00000053.pdf
2019-07-01 00:30 - 2019-07-01 00:30 - 000036023 _____ C:\Users\Usuario\Downloads\27205746795_011_00002_00000052.pdf
2019-07-01 00:27 - 2019-07-01 00:27 - 000035936 _____ C:\Users\Usuario\Downloads\27205746795_011_00002_00000051.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-19 12:17 - 2016-11-30 22:37 - 000000000 ____D C:\FRST
2019-07-19 11:24 - 2014-10-21 23:27 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Dropbox
2019-07-19 11:20 - 2016-11-15 23:45 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\Mozilla
2019-07-19 11:20 - 2016-01-27 08:23 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2150074114-3142378171-2394966631-1001
2019-07-19 11:17 - 2018-01-11 18:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-07-19 11:15 - 2014-11-07 14:36 - 000000000 __SHD C:\Users\Usuario\IntelGraphicsProfiles
2019-07-19 11:14 - 2015-05-15 16:37 - 000000000 ____D C:\ProgramData\panda_url_filtering
2019-07-18 09:19 - 2018-07-05 19:45 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\WhatsApp
2019-07-18 08:18 - 2018-07-05 19:45 - 000000000 ____D C:\Users\Usuario\AppData\Local\WhatsApp
2019-07-17 08:20 - 2017-06-30 09:33 - 000001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2019-07-17 08:20 - 2016-03-17 17:53 - 000003836 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1451254176
2019-07-17 08:20 - 2014-10-06 09:04 - 000000000 ____D C:\Program Files (x86)\Opera
2019-07-17 08:00 - 2014-10-06 08:51 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-07-17 08:00 - 2014-10-06 08:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-17 07:58 - 2014-10-08 18:41 - 000000000 ____D C:\temp
2019-07-15 19:23 - 2014-10-03 22:04 - 000000000 ____D C:\Users\Usuario
2019-07-15 19:02 - 2012-07-26 04:22 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-08 21:15 - 2014-10-13 22:50 - 000300032 ___SH C:\Users\Usuario\Desktop\Thumbs.db
2019-07-08 21:09 - 2012-07-26 02:26 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-07-08 20:58 - 2015-05-19 22:47 - 000000000 ____D C:\Users\Usuario\Desktop\reporte limpieza
2019-07-08 20:48 - 2014-12-16 19:42 - 000000000 ____D C:\Windows\Minidump
2019-07-08 20:48 - 2012-07-26 02:37 - 000000000 ____D C:\Windows\Inf
2019-07-08 20:38 - 2015-05-18 23:29 - 000000000 ____D C:\AdwCleaner
2019-07-08 20:27 - 2016-11-02 17:11 - 000000660 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2150074114-3142378171-2394966631-1001.job
2019-07-07 23:44 - 2015-06-17 21:00 - 000000982 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2150074114-3142378171-2394966631-1001UA.job
2019-07-07 23:35 - 2016-11-02 17:11 - 000000564 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2150074114-3142378171-2394966631-1001.job
2019-07-07 23:19 - 2014-10-17 04:04 - 000000000 ____D C:\ProgramData\PopCap Games
2019-07-07 22:36 - 2017-05-23 19:47 - 000000000 ____D C:\Users\Usuario\Documents\activador w10
2019-07-07 20:09 - 2012-07-26 05:12 - 000000000 ____D C:\Windows\system32\NDF
2019-07-07 20:02 - 2018-01-10 16:32 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-07-06 22:17 - 2017-07-09 15:50 - 000000000 ____D C:\Users\Usuario\AppData\Local\GoToMeeting
2019-07-06 22:17 - 2016-11-02 17:11 - 000003660 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2150074114-3142378171-2394966631-1001
2019-07-06 22:17 - 2016-11-02 17:11 - 000003564 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2150074114-3142378171-2394966631-1001
2019-07-06 18:56 - 2014-10-17 02:31 - 002236416 ___SH C:\Users\Usuario\Downloads\Thumbs.db
2019-07-01 00:19 - 2018-01-11 18:40 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
2019-06-25 10:44 - 2015-06-17 21:00 - 000000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2150074114-3142378171-2394966631-1001Core.job
2019-06-22 23:20 - 2014-10-03 22:05 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Adobe
2019-06-22 22:20 - 2016-12-06 08:06 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-22 22:20 - 2016-12-06 08:06 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories ================

2017-05-23 21:11 - 2018-11-26 21:23 - 000000040 _____ () C:\Users\Usuario\AppData\Roaming\cdr.ini
2014-10-05 04:44 - 2017-05-23 21:03 - 000000668 _____ () C:\Users\Usuario\AppData\Roaming\vso_ts_preview.xml
2014-11-08 21:53 - 2018-06-24 21:08 - 000007680 _____ () C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-07 14:51 - 2017-07-02 16:22 - 000007594 _____ () C:\Users\Usuario\AppData\Local\resmon.resmoncfg

==================== FLock ================

2014-10-03 22:04 C:\Windows\CSC

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-05-11 21:44
==================== End of FRST.txt ============================

@Daniela Aqui el reporte que falta.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Usuario (19-07-2019 12:18:24)
Running from C:\Users\Usuario\Desktop
Windows 8 Enterprise (X64) (2014-10-04 01:04:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2150074114-3142378171-2394966631-500 - Administrator - Disabled) => C:\Users\Administrador
ASPNET (S-1-5-21-2150074114-3142378171-2394966631-1002 - Limited - Enabled)
edeli_000 (S-1-5-21-2150074114-3142378171-2394966631-1006 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2150074114-3142378171-2394966631-1004 - Limited - Enabled)
Invitado (S-1-5-21-2150074114-3142378171-2394966631-501 - Limited - Disabled)
Usuario (S-1-5-21-2150074114-3142378171-2394966631-1001 - Administrator - Enabled) => C:\Users\Usuario

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Panda Dome (Disabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Dome (Disabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2150074114-3142378171-2394966631-1001\...\uTorrent) (Version: 3.4.2.37594 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2150074114-3142378171-2394966631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326472\...\uTorrent) (Version: 3.4.2.37594 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 12 Corporate (HKLM-x32\...\{F12000CE-0001-0000-0000-074957833700}) (Version: 12.1.439 - ABBYY Production LLC)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.207 - Adobe)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0C0A-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Any Video Converter 5.7.1 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Chuzzle Christmas Edition en Español (HKLM-x32\...\Chuzzle Christmas Edition en Español) (Version:  - )
Chuzzle Deluxe (HKLM-x32\...\Chuzzle Deluxe_is1) (Version:  - )
Citrix Online Launcher (HKLM-x32\...\{CC8F903A-9698-4245-9A38-22412DEF1029}) (Version: 1.0.446 - Citrix)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
ConvertXtoDVD 3.1.3.40 (HKLM-x32\...\VSO ConvertXtoDVD 3_is1) (Version:  - )
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1516 - CyberLink Corp.)
Debut, capturador de vídeo (HKLM-x32\...\Debut) (Version: 5.09 - NCH Software)
Dropbox (HKU\S-1-5-21-2150074114-3142378171-2394966631-1001\...\Dropbox) (Version: 77.4.131 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-2150074114-3142378171-2394966631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326472\...\Dropbox) (Version: 75.4.141 - Dropbox, Inc.)
DVDFab 9.1.7.1 (17/10/2014) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Dynomite Deluxe (HKLM-x32\...\Dynomite Deluxe_is1) (Version:  - )
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FileZilla Client 3.25.1 (HKU\S-1-5-21-2150074114-3142378171-2394966631-1001\...\FileZilla Client) (Version: 3.25.1 - Tim Kosse)
FileZilla Client 3.25.1 (HKU\S-1-5-21-2150074114-3142378171-2394966631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326472\...\FileZilla Client) (Version: 3.25.1 - Tim Kosse)
Free CD to MP3 Converter (HKLM-x32\...\Free CD to MP3 Converter) (Version:  - Eusing Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.45.3.13481 (HKU\S-1-5-21-2150074114-3142378171-2394966631-1001\...\GoToMeeting) (Version: 8.45.3.13481 - LogMeIn, Inc.)
GoToMeeting 8.45.3.13481 (HKU\S-1-5-21-2150074114-3142378171-2394966631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326472\...\GoToMeeting) (Version: 8.45.3.13481 - LogMeIn, Inc.)
Iggle Pop Deluxe (HKLM-x32\...\Iggle Pop Deluxe_is1) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
K-Lite Codec Pack 6.6.6 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.6.6 - )
Macromedia Dreamweaver 8 (HKLM-x32\...\{117E076F-5EB0-408D-B7A9-D94511FE834D}) (Version: 8.0.0.2766 - )
Macromedia Extension Manager (HKLM-x32\...\{F443F171-B49B-4645-915C-580E7ED79992}) (Version: 1.7.277 - Nombre de su organización)
Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Macromedia Flash Player 8 (HKLM-x32\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Marco trab. apl. capa datos de Microsoft SQL Server 2012  (HKLM-x32\...\{8F5D7933-CCA2-4048-8D64-BC19A4BAB11D}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - Paquete de idioma ESN (HKLM-x32\...\{DA0E1A3A-2148-45BD-BE86-0E9E7749FB6D}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (español) (HKLM-x32\...\{23549951-AEAB-4407-B23D-EB1703B14DBA}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{0167A582-F9D2-4D78-BF55-60941B924CDF}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E7F6D6AF-DF2D-4084-8CDA-DCBCF8D044DB}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{B23AE244-E6A2-46ED-AAA4-5D6143BE9438}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{1811ABD6-C456-4C9B-AAEB-285B155398B0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{8C9CABB8-4399-4D2B-8140-3D16B5991A4C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{8E0C44CA-7CDC-4DC6-B0AB-4565E170217C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{9049E5E4-22EE-4A7F-8AE2-36AC1C299994}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{DED0FE94-6C3B-49CC-A765-E5296C60972A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{C1A73781-053A-4E1F-887E-8217ED2DDDBC}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ESN (HKLM\...\{D7126FFC-90BA-4120-8FFB-3688C9931A09}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - ESN (12.0.40928.0) (HKLM-x32\...\{3BD2599F-5F5E-4E4C-B049-335FED388AD4}) (Version: 12.0.40928.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - ESN (12.0.30919.1) (HKLM-x32\...\{1DAC84FE-C654-4C1E-8390-93D839D38C77}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types para SQL Server 2012 (HKLM-x32\...\{F7ECEBBF-D68F-4496-BF63-055B090BF4A5}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types para SQL Server 2012 (x64) (HKLM\...\{79DCFAA7-B629-4532-89A9-4AF3DC73E27A}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types para SQL Server 2014 (HKLM\...\{8DC4061C-C4F1-4DC2-9F12-03CABC8DFF45}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types para SQL Server 2014 (HKLM-x32\...\{1FF07DEA-8BC6-4A37-8ABF-B2C003D50509}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{db012557-340e-4a46-adae-81a6b0f6a1e9}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MorphVOX Pro (HKLM-x32\...\{03030604-DE9E-4A98-BF91-8197B8CC988C}) (Version: 4.4.39.1538 - Screaming Bee) Hidden
MorphVOX Pro (HKLM-x32\...\{c0329f1c-660e-482c-b9be-65b5fe0ecc52}) (Version: 4.4.39.1538 - Screaming Bee)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Movier 1.1.5 (HKLM-x32\...\Movier) (Version: 1.1.5 - )
Mozilla Firefox 67.0.2 (x64 es-ES) (HKLM\...\Mozilla Firefox 67.0.2 (x64 es-ES)) (Version: 67.0.2 - Mozilla)
Mozilla Firefox 68.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 68.0 (x64 es-ES)) (Version: 68.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 8.0.0.8516 - MyHeritage.com)
Objetos de administración de Microsoft SQL Server 2014  (HKLM-x32\...\{19053E9D-DA93-4160-BCA1-2265B322B29E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Objetos de administración de Microsoft SQL Server 2014 (x64) (HKLM\...\{7BC14D15-03A1-49FC-A005-5E93241FCDB0}) (Version: 12.0.2000.8 - Microsoft Corporation)
ON_OFF Charge 2 B13.0506.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B13.0506.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
Opera Stable 62.0.3331.72 (HKLM-x32\...\Opera 62.0.3331.72) (Version: 62.0.3331.72 - Opera Software)
Panda Devices Agent (HKLM-x32\...\{DB0164A2-ADE9-4FEE-B080-D506BDD6427F}) (Version: 1.08.09 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.09 - Panda Security) Hidden
Panda Dome (HKLM\...\{DC22166B-6F26-4E2E-BFDE-CC3578246940}) (Version: 9.14.00 - Panda Security) Hidden
Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.6.0 - Panda Security)
Panda USB Vaccine 1.0.1.16 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
Paquete de compatibilidad con múltiples versiones de Microsoft .NET Framework 4.5.1 (español) (HKLM-x32\...\{D2D0CD35-523F-3D07-8ADE-96A5B4B74485}) (Version: 4.5.50932 - Microsoft Corporation)
Paquete de idioma de Visor de Ayuda de Microsoft 2.1 - ESN (HKLM-x32\...\{3B44836B-37DC-3527-962F-F538B6907EF2}) (Version: 2.1.21005 - Microsoft Corporation) Hidden
Paquete de idioma de Visor de Ayuda de Microsoft 2.1 - ESN (HKLM-x32\...\Paquete de idioma de Visor de Ayuda de Microsoft 2.1 - ESN) (Version: 2.1.21005 - Microsoft Corporation)
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe_is1) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
Plantas Contra Zombis (HKLM-x32\...\Plantas Contra Zombis) (Version:  - )
Prism, convertidor de archivos de vídeo (HKLM-x32\...\Prism) (Version: 4.08 - NCH Software)
QBeez 2 (HKLM-x32\...\QBeez 2_is1) (Version:  - )
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12972.94 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.7.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Requisitos previos para SSDT  (HKLM-x32\...\{39C099AF-4C1B-440D-BB70-460D7522E604}) (Version: 11.1.3000.0 - Microsoft Corporation)
Requisitos previos para SSDT  (HKLM-x32\...\{A9AEF3CC-3E3A-4218-A9E8-76F4E4657BAE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SCANIA Truck Driving Simulator 1.5.0 (HKLM-x32\...\SCANIA Truck Driving Simulator) (Version: 1.5.0 - SCS Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Servicio de lenguaje T-SQL de Microsoft SQL Server 2014  (HKLM-x32\...\{BC9D3E21-F10A-4DF6-A848-4D1081415CF2}) (Version: 12.0.2000.8 - Microsoft Corporation)
SiteMap Generator 0.975 (beta) (HKLM-x32\...\SiteMap Generator_is1) (Version:  - wonderwebware.com)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype versión 8.49 (HKLM-x32\...\Skype_is1) (Version: 8.49 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
Tumblebugs 2 en Español (HKLM-x32\...\Tumblebugs 2 en Español) (Version:  - )
Tumblebugs en Español (HKLM-x32\...\Tumblebugs en Español) (Version:  - )
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Utilidades línea de comandos de Microsoft SQL Server 2012  (HKLM\...\{6D818CE1-E063-4165-BC33-0024269411C5}) (Version: 11.1.3000.0 - Microsoft Corporation)
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
Vegas Pro 9.0 (HKLM-x32\...\{DC785DB7-D389-48C3-B146-96FE99BF4E2B}) (Version: 9.0.563 - Sony)
VirtualDJ 8 (HKLM-x32\...\{68A952A1-F666-4A5F-98C9-03EE9625B2E2}) (Version: 8.1.2857.0 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WhatsApp (HKU\S-1-5-21-2150074114-3142378171-2394966631-1001\...\WhatsApp) (Version: 0.3.3793 - WhatsApp)
WhatsApp (HKU\S-1-5-21-2150074114-3142378171-2394966631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326472\...\WhatsApp) (Version: 0.3.3330 - WhatsApp)
WinHTTrack Website Copier 3.48-19 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.19 - HTTrack)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zuma Deluxe (HKLM-x32\...\Zuma Deluxe) (Version:  - PopCap)

Packages:
=========
Bing -> C:\Program Files\WindowsApps\Microsoft.Bing_1.5.1.259_x64__8wekyb3d8bbwe [2014-10-05] (Microsoft Corporation)
Cámara -> C:\Program Files\WindowsApps\Microsoft.Camera_6.2.9200.20523_x64__8wekyb3d8bbwe [2014-10-05] (Microsoft Corporation)
Deportes -> C:\Program Files\WindowsApps\Microsoft.BingSports_2.0.0.310_x64__8wekyb3d8bbwe [2014-10-05] (Microsoft Corporation) [MS Ad]
El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe [2014-10-05] (Microsoft Corporation) [MS Ad]
Finanzas -> C:\Program Files\WindowsApps\Microsoft.BingFinance_2.0.0.320_x64__8wekyb3d8bbwe [2014-10-05] (Microsoft Corporation) [MS Ad]
Fotos -> C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4396.311_x64__8wekyb3d8bbwe [2014-10-05] (Microsoft Corporation)
Juegos -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_1.3.10.0_x64__8wekyb3d8bbwe [2014-10-05] (Microsoft Corporation) [MS Ad]
Música -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_1.5.216.0_x64__8wekyb3d8bbwe [2014-10-05] (Microsoft Corporation) [MS Ad]
Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_2.0.0.320_x64__8wekyb3d8bbwe [2014-10-05] (Microsoft Corporation) [MS Ad]
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_16.4.4398.729_x64__8wekyb3d8bbwe [2014-10-05] (Microsoft Corporation)
Viajes -> C:\Program Files\WindowsApps\Microsoft.BingTravel_2.0.0.319_x64__8wekyb3d8bbwe [2014-10-05] (Microsoft Corporation) [MS Ad]
Vídeo -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_1.5.909.0_x64__8wekyb3d8bbwe [2014-10-05] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001_Classes\CLSID\{AFE1A96A-DD92-A37D-2D07-E6D61AE80DAE}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-07-20] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-07-20] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2150074114-3142378171-2394966631-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2150074114-3142378171-2394966631-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2150074114-3142378171-2394966631-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com

==================== Loaded Modules (Whitelisted) ==============

2018-01-11 18:40 - 2019-07-02 19:49 - 000015360 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-01-11 18:40 - 2019-07-02 19:49 - 002901504 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2014-04-07 11:31 - 2014-04-07 11:31 - 000172032 _____ () [File not signed] C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-04-30 12:25 - 2013-04-30 12:25 - 000531456 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2013-04-30 12:25 - 2013-04-30 12:25 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-02-13 12:46 - 2013-02-13 12:46 - 000731648 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2014-10-03 22:09 - 2012-10-21 20:48 - 000103424 _____ (KJ inside) [File not signed] C:\Windows\System32\SLCHook.dll
2015-09-24 01:12 - 2012-10-21 20:48 - 001361408 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\Windows.UI.Immersive.dll
2014-10-22 08:03 - 2014-10-22 08:03 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2017-05-25 18:56 - 2011-09-02 16:06 - 000065657 _____ (Motorola) [File not signed] C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
2018-01-11 18:40 - 2019-07-02 19:49 - 015257088 _____ (Node.js) [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\node.dll
2013-02-13 12:18 - 2013-02-13 12:18 - 001198080 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Intel\iCLS Client\libeay32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 02:26 - 2016-12-01 17:48 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\
HKU\S-1-5-21-2150074114-3142378171-2394966631-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\Pictures\vacac 2017\086 Copahue Salto del Agrio.JPG
HKU\S-1-5-21-2150074114-3142378171-2394966631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326472\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\Pictures\vacac 2017\086 Copahue Salto del Agrio.JPG
HKU\S-1-5-21-2150074114-3142378171-2394966631-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190327206\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "Bonus.SSR.FR12"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-2150074114-3142378171-2394966631-1001\...\StartupApproved\Run: => ""
HKU\S-1-5-21-2150074114-3142378171-2394966631-1001\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-2150074114-3142378171-2394966631-1001\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-2150074114-3142378171-2394966631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326472\...\StartupApproved\Run: => ""
HKU\S-1-5-21-2150074114-3142378171-2394966631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326472\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-2150074114-3142378171-2394966631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326472\...\StartupApproved\Run: => "KiesPreload"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C194D213-19B0-4636-B5FD-77431CF22303}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [TCP Query User{FFB2E339-2865-4AB4-82E9-EB893C68A25A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{EAB3EAB0-56F6-4FFC-831C-7442C683A4AE}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{24AD42FA-EB4D-4BFF-A441-2B95F9CA195C}] => (Allow) C:\Users\Usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{5C4B7300-D117-4914-B4AA-78AD83A0E3B1}] => (Allow) C:\Users\Usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{4A0B2D3D-21D8-4299-8B10-81D721225892}C:\users\usuario\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\usuario\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [UDP Query User{6BB3B461-B95B-49AE-AC74-3723D1E4B24B}C:\users\usuario\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\usuario\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{1792316B-036E-43CC-9B24-64EE05831AAF}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{AB1D1149-EB8B-4384-8CB0-DB4FAC09C7B4}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [{A3E23A23-AAC6-4943-831F-3F2049398843}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{84D6CE05-4DE4-4FC1-98BD-3DBB41F70683}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{1DAC11B0-5A08-4F34-BA8E-F50091897AA8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{C71B8B69-8F74-4579-AF59-A5139CBE971A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{98364244-8693-4638-BFA3-A9B88274EC48}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A1EC1D12-AE09-479D-A010-B50E968539B3}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{9EF5D0AA-DE5E-4B2D-AE74-199915C5F2CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F03244E4-9B0C-4E5F-BF32-B8A464E40F42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{5E518713-5E29-4972-8490-77288656F9FB}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{08A97780-0643-4E4E-AADA-56FD83D0D58E}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E170757B-F19B-4F63-8454-43969E0C70CB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5A933157-93DC-4310-AAD2-7B83A80D7379}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FD01822E-FF63-450D-9458-8ED1EE11DA85}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [File not signed]
FirewallRules: [{DAAD222C-B593-4112-8D77-F59E65AD9580}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [File not signed]
FirewallRules: [TCP Query User{35E216A1-3DB4-4D30-804D-08D1B4876FE5}C:\users\usuario\appdata\roaming\mozilla\firefox\profiles\9uepmfoo.dev-edition-default\extensions\[email protected]\tools\win32\ios-webkit-debug-proxy.exe] => (Block) C:\users\usuario\appdata\roaming\mozilla\firefox\profiles\9uepmfoo.dev-edition-default\extensions\[email protected]\tools\win32\ios-webkit-debug-proxy.exe () [File not signed]
FirewallRules: [UDP Query User{1A8EE91D-46F6-4C45-AE54-ED101DDEE745}C:\users\usuario\appdata\roaming\mozilla\firefox\profiles\9uepmfoo.dev-edition-default\extensions\[email protected]\tools\win32\ios-webkit-debug-proxy.exe] => (Block) C:\users\usuario\appdata\roaming\mozilla\firefox\profiles\9uepmfoo.dev-edition-default\extensions\[email protected]\tools\win32\ios-webkit-debug-proxy.exe () [File not signed]
FirewallRules: [{D21F55A2-EB9D-48F2-BD4A-DD8ECD6A3F1C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E14AF9D7-CABB-4381-A63B-16A4DA9D27C5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9BF8EDEA-6E5A-48EE-A0A6-BAD5F78466EA}] => (Allow) C:\RaidCall\rcplugin.exe (Beijing Changyou Raidcall Internet Tech Co.,Ltd Guangzhou branch -> RAIDCALL.COM) [File not signed]
FirewallRules: [{A58CDF93-590C-498F-93E8-129EC223DCD1}] => (Allow) C:\RaidCall\rcplugin.exe (Beijing Changyou Raidcall Internet Tech Co.,Ltd Guangzhou branch -> RAIDCALL.COM) [File not signed]
FirewallRules: [{E12BC885-C2CE-46BF-A719-4A0158B1885A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{A82329DA-E755-49C2-A50F-F9E553FBE055}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{0176E1BD-3565-4ED5-A610-F63914F02995}] => (Allow) C:\Program Files (x86)\Opera\60.0.3255.170\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{7C82D9E2-1E86-4A27-805E-292A2917D9ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4DDC8527-B53C-47BB-94D9-B66B35671D4C}] => (Allow) C:\Program Files (x86)\Opera\62.0.3331.72\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{D9E49958-0816-4D31-A4BA-B849C22A2F59}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6DAA6AC9-7533-4F02-BE26-362DD51A746F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

12-02-2019 22:22:08 Punto de control programado
11-05-2019 21:33:51 Punto de control programado

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2019 11:16:01 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=UserLogon;SessionId=4

Error: (07/18/2019 07:59:02 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=TimerEvent

Error: (07/17/2019 07:59:27 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (07/17/2019 07:58:34 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=TimerEvent

Error: (07/15/2019 07:03:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (07/15/2019 06:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=TimerEvent

Error: (07/14/2019 04:57:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=TimerEvent

Error: (07/12/2019 11:52:44 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007007B
Argumentos de línea de comandos:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=TimerEvent


System errors:
=============
Error: (07/19/2019 11:21:52 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió una alerta irrecuperable desde el extremo remoto. El código de alerta irrecuperable definido del protocolo TLS es: 40.

Error: (07/19/2019 11:21:52 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió una alerta irrecuperable desde el extremo remoto. El código de alerta irrecuperable definido del protocolo TLS es: 40.

Error: (07/19/2019 11:21:52 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió una alerta irrecuperable desde el extremo remoto. El código de alerta irrecuperable definido del protocolo TLS es: 70.

Error: (07/19/2019 11:21:52 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió una alerta irrecuperable desde el extremo remoto. El código de alerta irrecuperable definido del protocolo TLS es: 70.

Error: (07/19/2019 11:21:33 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió una alerta irrecuperable desde el extremo remoto. El código de alerta irrecuperable definido del protocolo TLS es: 40.

Error: (07/19/2019 11:21:33 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió una alerta irrecuperable desde el extremo remoto. El código de alerta irrecuperable definido del protocolo TLS es: 70.

Error: (07/19/2019 11:21:33 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió una alerta irrecuperable desde el extremo remoto. El código de alerta irrecuperable definido del protocolo TLS es: 40.

Error: (07/19/2019 11:21:33 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió una alerta irrecuperable desde el extremo remoto. El código de alerta irrecuperable definido del protocolo TLS es: 70.


CodeIntegrity:
===================================

Date: 2016-11-27 10:44:51.784
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-27 10:44:51.721
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-27 10:44:51.627
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-27 10:40:21.467
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-27 10:40:21.404
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-27 10:40:21.326
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-10 15:14:52.584
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Usuario\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-10 15:14:52.506
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. F3 07/25/2013
Motherboard: Gigabyte Technology Co., Ltd. H81M-DS2
Processor: Intel(R) Pentium(R) CPU G3220 @ 3.00GHz
Percentage of memory in use: 44%
Total physical RAM: 8079.71 MB
Available physical RAM: 4480.06 MB
Total Virtual: 11832.5 MB
Available Virtual: 7773.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:797.38 GB) (Free:306.3 GB) NTFS
Drive d: (My Disc) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

\\?\Volume{0a9df435-4b62-11e4-be65-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D93906CA)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=797.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Hola

No te preocupes por la tardanza, ya vamos a ver si la podemos eliminar también con FRST.

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación inicia tu equipo desde el Modo Seguro de Windows sin función de red

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
(Visicom Media Inc. -> Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1517088 2014-07-19] (ABBYY Production LLC -> ABBYY Production LLC.) [File not signed]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190325206\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190325206\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190325206\...\RunOnce: [panda4_1dn_DATA_FOLDER] => cmd.exe /c rmdir "C:\ProgramData\Panda Security URL Filtering" /s /q
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190325206\...\RunOnce: [panda4_1dn_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Windows\system32\config\systemprofile\AppData\Local\panda4_1dn" /s /q
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190325206\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190325206\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_DATA_FOLDER] => cmd.exe /c rmdir "C:\ProgramData\Panda Security URL Filtering" /s /q
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Windows\system32\config\systemprofile\AppData\Local\panda4_1dn" /s /q
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [183808 2010-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.YV12] => C:\Windows\SysWOW64\yv12vfw.dll [237568 2010-11-03] (www.helixcommunity.org) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [151552 2010-01-17] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [839680 2008-09-24] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [108032 2010-12-11] () [File not signed]
GroupPolicy-x32: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
Task: {4D11FAC3-C148-42B2-BE2F-6CDBB3AD0093} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [22016 2006-04-21] () [File not signed]
Task: {596AEC3E-2456-4A73-AD95-91EB8DD0C7FB} - System32\Tasks\NCH Software\PrismDowngrade => C:\Program Files (x86)\NCH Software\Prism\prism.exe [2031720 2018-04-13] (NCH Software -> NCH Software)
Task: {5FDBD6D6-238F-4905-B21A-ECF93E7E48B2} - System32\Tasks\NCH Software\DebutDowngrade => C:\Program Files (x86)\NCH Software\Debut\debut.exe [2355304 2018-04-11] (NCH Software -> NCH Software)
Task: {D9820B1C-1A51-4CA5-8118-705A8EDDF931} - no filepath
SearchScopes: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001 -> {C6714760-0FD9-45AF-9349-CCAFEAC1E24F} URL = hxxps://ar.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2150074114-3142378171-2394966631-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07152019190326472 -> {C6714760-0FD9-45AF-9349-CCAFEAC1E24F} URL = hxxps://ar.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Usuario\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall) [File not signed]
FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\Usuario\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall) [File not signed]
CHR DefaultSearchURL: Default -> hxxps://es.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://es.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-25]
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [287752 2015-11-06] (Visicom Media Inc. -> Visicom Media Inc.)
R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc. -> Visicom Media Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
2019-07-19 11:14 - 2015-05-15 16:37 - 000000000 ____D C:\ProgramData\panda_url_filtering
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [TCP Query User{1792316B-036E-43CC-9B24-64EE05831AAF}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{AB1D1149-EB8B-4384-8CB0-DB4FAC09C7B4}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [{FD01822E-FF63-450D-9458-8ED1EE11DA85}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [File not signed]
FirewallRules: [{DAAD222C-B593-4112-8D77-F59E65AD9580}] => (Allow) C:\Windows\SysWOW64\muzapp.exe (Musiccity Co.Ltd.) [File not signed]
FirewallRules: [TCP Query User{35E216A1-3DB4-4D30-804D-08D1B4876FE5}C:\users\usuario\appdata\roaming\mozilla\firefox\profiles\9uepmfoo.dev-edition-default\extensions\[email protected]\tools\win32\ios-webkit-debug-proxy.exe] => (Block) C:\users\usuario\appdata\roaming\mozilla\firefox\profiles\9uepmfoo.dev-edition-default\extensions\[email protected]\tools\win32\ios-webkit-debug-proxy.exe () [File not signed]
FirewallRules: [UDP Query User{1A8EE91D-46F6-4C45-AE54-ED101DDEE745}C:\users\usuario\appdata\roaming\mozilla\firefox\profiles\9uepmfoo.dev-edition-default\extensions\[email protected]\tools\win32\ios-webkit-debug-proxy.exe] => (Block) C:\users\usuario\appdata\roaming\mozilla\firefox\profiles\9uepmfoo.dev-edition-default\extensions\[email protected]\tools\win32\ios-webkit-debug-proxy.exe () [File not signed]
FirewallRules: [{9BF8EDEA-6E5A-48EE-A0A6-BAD5F78466EA}] => (Allow) C:\RaidCall\rcplugin.exe (Beijing Changyou Raidcall Internet Tech Co.,Ltd Guangzhou branch -> RAIDCALL.COM) [File not signed]
FirewallRules: [{A58CDF93-590C-498F-93E8-129EC223DCD1}] => (Allow) C:\RaidCall\rcplugin.exe (Beijing Changyou Raidcall Internet Tech Co.,Ltd Guangzhou branch -> RAIDCALL.COM) [File not signed]


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo