Creo que se me ha colado algo en el ordenador


#1

Buenas: Hace poco he comenzado a notar el ordenador un poco raro. Quizá no sea nada, únicamente una impresión, pero tengo la sensación de que el antivirus no detecta todo y estoy con la duda. ¿Podéis echarme una mano?

Muchas gracias :slight_smile:


#2

Hola

Que notas especialmente?

Instalaste algo recien, antes justo de empezar a notar algo?


#3

Hola Miguelgrado: Esta mañana me saltó un pantallazo azul con algo relacionado con la memoria, y fue después de visitar una web de formación que tengo que visitar todos los días. No terminaba por cargar y resultó que podría haber sufrido un ataque. Y como se ha juntado todo el mismo día, pues he sospechado.


#4

Realiza los siguientes pasos, , sin cambiar el orden

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware,

Manual Malwarebytes, para que sepas usarlo y configurarlo.

  • Realiza un Análisis Personalizado,marcando Todas las casillas de la derecha y de la Izquierda actualizando si te lo pide.
  • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
  • Para acceder posteriormente al informe del análisis : Informes >> Registro de análisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

2) Descarga Adwcleaner en el escritorio.

  • Desactiva tu antivirus :arrow_forward:Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad.

  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Pulsar en el botón Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Iniciar Reparacion.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • Si no encuentra nada, pulsamos “Omitir Reparación

  • El log lo encontramos en la pestaña “Informes”, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"

Puedes mirar su manual >> Manual de Adwcleaner

3) Descarga Ccleaner

Instalalo y ejecútalo. En la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

Pega los reportes de Malwarebytes, AdwCleaner y comentas como va el problema.



#5

Me he descargado el Malwarebytes, pero al iniciarlo me ha saltado un pantallazo azul con algo relacionado con la memoria. Además, aparecía el nombre del archivo Mbam.sys y entonces se ha reiniciado.

No he pasado ni el Adwcleaner ni el Ccleaner porque se altera el orden de los pasos que me comentaste.


#6

Intentarlo en Modo Seguro con Red


#7
Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 10/11/18
Hora del análisis: 13:52
Archivo de registro: 6c2b27a8-e4e7-11e8-8bf4-0025229fe739.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.482
Versión del paquete de actualización: 1.0.7783
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: JESUBRV\Mithrand

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 643315
Amenazas detectadas: 4
Amenazas en cuarentena: 4
Tiempo transcurrido: 2 hr, 56 min, 45 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Advertencia
PUM: Advertencia

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 3
PUP.Optional.StartGamePage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Soldiers D1, En cuarentena, [6071], [243512],1.0.7783
PUP.Optional.StartGamePage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Soldiers W1, En cuarentena, [6071], [243512],1.0.7783
PUP.Optional.StartGamePage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Soldiers W2, En cuarentena, [6071], [243512],1.0.7783

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 1
PUP.Optional.OpenCandy, C:\USERS\MITHRAND\APPDATA\ROAMING\UTORRENT\UPDATES\3.4.2_37754.EXE, En cuarentena, [1081], [431539],1.0.7783

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-11-05.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-10-2018
# Duration: 00:00:04
# OS:       Windows 7 Ultimate
# Cleaned:  19
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\AVG_UPDATE_0814TB
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Deleted       C:\Program Files (x86)\myfree codec
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Deleted       HKCU\Software\Myfree Codec
Deleted       HKLM\Software\Wow6432Node\Myfree Codec
Deleted       HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\avgsh
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Deleted       HKCU\Software\PRODUCTSETUP
Deleted       HKCU\Software\win

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Binkiland
Deleted       Binkiland
Deleted       Softonic ES
Deleted       Softonic ES

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2680 octets] - [10/11/2018 17:39:04]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#8

Vamos a ver si queda algo por ahi

  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.


#9
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.11.2018
Ran by Mithrand (administrator) on JESUBRV (10-11-2018 19:33:34)
Running from C:\Users\Mithrand\Desktop
Loaded Profiles: Mithrand (Available Profiles: Mithrand)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Octoshape ApS) C:\Users\Mithrand\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRIE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Spotify Ltd) C:\Users\Mithrand\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Creative Technology Ltd) C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Macrovision Europe Ltd.) C:\Users\Mithrand\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
(Creative Labs) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RegistrarCeresCertStoreDLL] => C:\Program Files (x86)\FNMT-RCM\uccs.exe [40960 2013-10-30] (C3PO, S.A.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [290064 2018-10-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CTSyncService] => C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-465683914-2143892967-2920972581-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Mithrand\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-465683914-2143892967-2920972581-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIRIE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-465683914-2143892967-2920972581-1000\...\Run: [Spotify Web Helper] => C:\Users\Mithrand\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-06-03] (Spotify Ltd)
HKU\S-1-5-21-465683914-2143892967-2920972581-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd)
HKU\S-1-5-21-465683914-2143892967-2920972581-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-465683914-2143892967-2920972581-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs:  => No File
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{635FCCF7-523D-436D-91B0-E746A727004C}: [DhcpNameServer] 80.58.61.250 80.58.61.254
Tcpip\..\Interfaces\{B1EDFDDA-BF42-49E5-8E0B-6F1FAACEF172}: [DhcpNameServer] 80.58.61.250 80.58.61.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-465683914-2143892967-2920972581-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-465683914-2143892967-2920972581-1000 -> {B238E762-DC9B-4f4a-819D-450B8735A712} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=es&q={searchTerms}
BHO: Complemento de inhabilitación para navegadores de Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll [2014-04-03] (Google, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-10-19] (Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-19] (Oracle Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Complemento de inhabilitación para navegadores de Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll [2014-04-03] (Google, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-19] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-19] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-465683914-2143892967-2920972581-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://apuc20.cert.fnmt.es/SolicitudWeb/cabs/capicom.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} hxxps://www5.aeat.es/es13/h/tgvicab.cab
DPF: HKLM-x32 {947B00D2-962D-4A35-9E48-98EE6A442B41} hxxps://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab
DPF: HKLM-x32 {B785FA3C-1DE9-4D20-8396-613C486FE95E} hxxps://www1.agenciatributaria.gob.es/es13/h/cactivex.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-09-24] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-09-24] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-09-24] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-09-24] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: xa6fgmto.default-1538492488485
FF ProfilePath: C:\Users\Mithrand\AppData\Roaming\Mozilla\Firefox\Profiles\xa6fgmto.default-1538492488485 [2018-11-10]
FF Extension: (Firefox Monitor) - C:\Users\Mithrand\AppData\Roaming\Mozilla\Firefox\Profiles\xa6fgmto.default-1538492488485\features\{477fcfd8-20ea-4b4e-9db7-af8009858b09}\[email protected] [2018-10-02]
FF Extension: (Telemetry coverage) - C:\Users\Mithrand\AppData\Roaming\Mozilla\Firefox\Profiles\xa6fgmto.default-1538492488485\features\{477fcfd8-20ea-4b4e-9db7-af8009858b09}\[email protected] [2018-10-02] [Legacy]
FF Extension: (Firefox ESR configurer for OLDJAWS screen reader ) - C:\Program Files\Mozilla Firefox\browser\features\[email protected] [2018-09-21] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-01-06] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2017-10-06] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-465683914-2143892967-2920972581-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Mithrand\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-npoctoshape.dll [2017-02-15] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-465683914-2143892967-2920972581-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mithrand\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-08-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-465683914-2143892967-2920972581-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Mithrand\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-09-12] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mithrand\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-05-23] (Octoshape ApS)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.es/"
CHR DefaultSearchURL: Default -> hxxps://es.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://es.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default [2018-11-10]
CHR Extension: (Presentaciones) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documentos) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Búsqueda de Google) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Spoiler Protection 2.0) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\eelacikjiplnmdingehjfdjcfegclmkg [2018-10-27]
CHR Extension: (Block Yourself from Analytics) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadgflmigmogfionelcpalhohefbnehm [2018-10-21]
CHR Extension: (Hojas de cálculo) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (AdBlock) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-10-13]
CHR Extension: (OSI: Servicio AntiBotnet) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhljghnmjahiaofikeljkjnhbeoiclbh [2016-09-14]
CHR Extension: (Google Analytics Debugger) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkmfdileelhofjcijamephohjechhna [2018-08-31]
CHR Extension: (Mailvelope) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2018-05-16]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2018-07-25]
CHR Extension: (Player para ver Movistar+) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenfcfndncbbggmafjjeihkdclggbojn [2018-10-02]
CHR Extension: (mobile browser emulator) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbofcampnkjmiomohpbaihdcbjhbfepf [2017-10-13]
CHR Extension: (tviso-extension) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmeiimpckggkicjmjoldhpifoelbnfl [2017-03-30]
CHR Extension: (Instagram) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\maonlnecdeecdljpahhnnlmhbmalehlm [2018-06-11]
CHR Extension: (Captura de página completa - FireShot) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2018-09-08]
CHR Extension: (Right Inbox for Gmail) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb [2018-10-30]
CHR Extension: (Email tracking para Gmail - Mailtrack) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2018-11-08]
CHR Extension: (Images ON/OFF) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmlhilnjccdggifdbhnhkffmjgalbgg [2018-05-02]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-31]
CHR Extension: (RSS Feed Reader) - C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2018-10-23]
CHR Profile: C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-10]
CHR HKU\S-1-5-21-465683914-2143892967-2920972581-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [325072 2018-10-11] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [8237160 2018-10-11] (AVG Technologies CZ, s.r.o.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-12-13] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-12-13] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2016-11-08] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (Seiko Epson Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2012-12-13] (Creative Labs) [File not signed]
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AntiAries; C:\Windows\SysWOW64\drivers\RKL2AC7.tmp.sys [7680 2013-10-27] (Lavasoft AB) [File not signed]
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [201264 2018-10-11] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [230880 2018-10-11] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [202296 2018-10-11] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [346616 2018-10-11] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [59520 2018-10-11] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [46920 2018-10-11] (AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42312 2018-10-11] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [163224 2018-10-11] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [111816 2018-10-11] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [87968 2018-10-11] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1028696 2018-10-11] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [467760 2018-10-11] (AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\Windows\System32\drivers\avgStm.sys [208488 2018-10-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [380992 2018-10-11] (AVG Technologies CZ, s.r.o.)
S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [235904 2010-01-06] (Conexant Systems, Inc.) [File not signed]
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-10-18] (Malwarebytes)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-24] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198000 2018-11-10] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63768 2018-11-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-11-10] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [101200 2018-11-10] (Malwarebytes)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (BlackBerry Limited) [File not signed]
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2011-04-08] (Realtek Semiconductor Corporation )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-04] (Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-10-13] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2016-06-29] (Seiko Epson Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-14] (Microsoft Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-10 19:33 - 2018-11-10 19:33 - 000031162 _____ C:\Users\Mithrand\Desktop\FRST.txt
2018-11-10 19:33 - 2018-11-10 19:33 - 000000000 ____D C:\FRST
2018-11-10 19:32 - 2018-11-10 19:32 - 002415616 _____ (Farbar) C:\Users\Mithrand\Desktop\FRST64.exe
2018-11-10 18:21 - 2018-11-10 18:21 - 000473466 _____ C:\Users\Mithrand\Desktop\cc_20181110_182137.reg
2018-11-10 18:07 - 2018-11-10 18:07 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-11-10 18:07 - 2018-11-10 18:07 - 000002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-11-10 18:07 - 2018-11-10 18:07 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-10 18:07 - 2018-11-10 18:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-11-10 18:07 - 2018-11-10 18:07 - 000000000 ____D C:\Program Files\CCleaner
2018-11-10 18:06 - 2018-11-10 18:07 - 016796856 _____ (Piriform Ltd) C:\Users\Mithrand\Desktop\ccsetup547.exe
2018-11-10 18:06 - 2018-11-10 17:39 - 000002518 _____ C:\Users\Mithrand\Desktop\AdwCleaner[C00].txt
2018-11-10 17:41 - 2018-11-10 17:41 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-11-10 17:39 - 2018-11-10 17:39 - 000000294 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2018-11-10 17:32 - 2018-11-10 17:32 - 007592144 _____ (Malwarebytes) C:\Users\Mithrand\Desktop\adwcleaner_7.2.4.0.exe
2018-11-10 17:31 - 2018-11-10 17:31 - 000002073 _____ C:\Users\Mithrand\Desktop\Informe-Malwarebytes.txt
2018-11-10 17:25 - 2018-11-10 17:25 - 000101200 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-11-10 13:49 - 2018-11-10 17:27 - 000198000 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-11-10 13:49 - 2018-11-10 13:49 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-10 13:49 - 2018-11-10 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-10 13:49 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-11-10 09:23 - 2018-11-10 17:25 - 000063768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-11-10 09:23 - 2018-11-10 09:23 - 000000000 ____D C:\Users\Mithrand\AppData\Local\mbamtray
2018-11-10 09:23 - 2018-11-10 09:23 - 000000000 ____D C:\Users\Mithrand\AppData\Local\mbam
2018-11-10 09:22 - 2018-11-10 09:22 - 079538336 _____ (Malwarebytes ) C:\Users\Mithrand\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7763.exe
2018-11-10 09:22 - 2018-11-10 09:22 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-09 17:51 - 2018-11-09 21:31 - 000000000 ____D C:\Users\Mithrand\Desktop\Moto Rouse
2018-11-08 23:28 - 2018-11-09 00:36 - 000000000 ____D C:\Users\Mithrand\Desktop\8-nov
2018-11-08 20:12 - 2018-11-08 20:11 - 1497846045 _____ C:\Users\Mithrand\Desktop\8-nov-Teo.trec
2018-11-08 15:48 - 2018-11-08 15:48 - 020174871 _____ C:\Users\Mithrand\Desktop\XA10_Instruction_Manual_ES.pdf
2018-11-08 11:13 - 2018-11-08 11:13 - 000154246 _____ C:\Users\Mithrand\Desktop\1.jpeg
2018-11-08 00:17 - 2018-11-08 11:13 - 000154246 _____ C:\Users\Mithrand\Desktop\WhatsApp Image 2018-11-07 at 20.46.12.jpeg
2018-11-06 16:53 - 2018-11-06 16:53 - 000107190 _____ C:\Users\Mithrand\Desktop\Cuadro-comparativo_Distintas-maneras-de-publicar-un-libro_MarianaEguaras.pdf
2018-11-05 13:27 - 2018-11-05 13:27 - 000308428 _____ C:\Users\Mithrand\Desktop\JustificanteFirmado_180114127270.pdf
2018-10-29 20:44 - 2018-10-29 20:44 - 046905609 _____ C:\Users\Mithrand\Downloads\trupdate.zip
2018-10-29 20:42 - 1999-08-03 10:50 - 000172032 _____ C:\Windows\SysWOW64\binkw32.dll
2018-10-29 20:19 - 2018-11-05 18:16 - 000003038 _____ C:\Windows\System32\Tasks\{4B839D17-7BF1-4AB1-B713-D0EB5441FC57}
2018-10-29 20:19 - 2018-10-29 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Design
2018-10-29 20:19 - 2018-10-29 20:19 - 000000000 ____D C:\Program Files (x86)\Core Design
2018-10-26 10:22 - 2018-10-26 10:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2018-10-23 23:10 - 2018-10-23 23:10 - 000011714 _____ C:\Users\Mithrand\Downloads\1534965798-Hereditary [1080p][VOSE][wWw.EliteTorrent.BiZ].torrent
2018-10-23 23:09 - 2018-10-23 23:09 - 000015656 _____ C:\Users\Mithrand\Downloads\1530087551-Un Lugar en Silencio [1080p][Subtitulado][wWw.EliteTorrent.BiZ].torrent
2018-10-23 23:08 - 2018-10-23 23:08 - 000013066 _____ C:\Users\Mithrand\Downloads\1539466634-Hereditary [1080p][Castellano][wWw.EliteTorrent.BiZ].torrent
2018-10-22 22:33 - 2018-10-22 22:35 - 000085504 _____ C:\Users\Mithrand\Desktop\36401500.XLS
2018-10-19 16:22 - 2018-10-19 16:21 - 000110968 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2018-10-16 23:49 - 2018-10-16 23:49 - 000011248 _____ C:\Users\Mithrand\Downloads\1536773267-Sicario Day of the Soldado [1080p][Subtitulado][wWw.EliteTorrent.BiZ].torrent
2018-10-16 19:13 - 2018-10-16 19:13 - 000098670 _____ C:\Users\Mithrand\Downloads\16002648_0.pdf
2018-10-16 18:35 - 2018-10-16 18:35 - 000000000 ____D C:\Users\Mithrand\AppData\Local\MicroDicom
2018-10-15 09:29 - 2018-10-15 09:30 - 013164256 _____ (Microsoft Corporation) C:\Users\Mithrand\Downloads\Silverlight_x64 (1).exe
2018-10-14 12:38 - 2018-11-05 23:37 - 000000000 ____D C:\Users\Mithrand\Desktop\Visionado
2018-10-13 23:08 - 2018-10-13 23:08 - 009032376 _____ C:\Users\Mithrand\Downloads\El resplandor.zip
2018-10-11 00:49 - 2018-10-11 00:48 - 000042312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2018-10-11 00:48 - 2018-10-11 00:48 - 000378640 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-10 19:15 - 2017-10-06 16:15 - 000000911 _____ C:\Windows\Tasks\EPSON XP-540 Series Update {39481DDD-52E2-4462-A9F0-85C8D11755E3}.job
2018-11-10 19:14 - 2009-07-14 05:45 - 000025168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-10 19:14 - 2009-07-14 05:45 - 000025168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-10 18:43 - 2016-05-11 15:23 - 000000000 ____D C:\Users\Mithrand\AppData\Roaming\WhatsApp
2018-11-10 18:17 - 2016-11-25 18:04 - 000000000 ____D C:\Users\Mithrand\AppData\Roaming\MPC-HC
2018-11-10 18:17 - 2015-01-25 01:08 - 000000000 ____D C:\Users\Mithrand\AppData\Roaming\uTorrent
2018-11-10 18:17 - 2014-11-12 13:28 - 000000000 ____D C:\ProgramData\VSO
2018-11-10 18:17 - 2013-11-14 17:45 - 000000000 ____D C:\Users\Mithrand\AppData\Roaming\TeamViewer
2018-11-10 18:17 - 2013-11-08 12:06 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-11-10 18:17 - 2013-03-05 16:45 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-10 18:17 - 2013-01-04 12:08 - 000000000 ____D C:\Users\Mithrand\AppData\Roaming\FileZilla
2018-11-10 18:15 - 2012-12-14 18:00 - 000000000 ____D C:\Users\Mithrand\AppData\Local\CrashDumps
2018-11-10 18:15 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-11-10 17:40 - 2016-09-06 21:27 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-10 17:40 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-10 17:39 - 2015-03-22 19:37 - 000000000 ____D C:\AdwCleaner
2018-11-10 17:27 - 2018-09-17 11:42 - 000000000 ____D C:\Windows\Minidump
2018-11-10 13:49 - 2013-10-28 20:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-10 02:40 - 2018-08-22 22:57 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2018-11-10 02:40 - 2018-06-21 12:15 - 000003552 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2018-11-10 02:40 - 2017-10-06 16:15 - 000003978 _____ C:\Windows\System32\Tasks\EPSON XP-540 Series Update {39481DDD-52E2-4462-A9F0-85C8D11755E3}
2018-11-10 02:40 - 2017-06-01 13:43 - 000003916 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-11-10 02:40 - 2014-12-31 20:54 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-11-10 02:40 - 2014-09-05 17:28 - 000003534 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-10 02:40 - 2014-09-05 17:28 - 000003406 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-10 02:40 - 2012-12-14 01:02 - 000003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2018-11-09 22:22 - 2014-09-05 17:29 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-09 17:53 - 2011-04-12 10:10 - 000751318 _____ C:\Windows\system32\perfh00A.dat
2018-11-09 17:53 - 2011-04-12 10:10 - 000160360 _____ C:\Windows\system32\perfc00A.dat
2018-11-09 17:53 - 2009-07-14 06:13 - 001687064 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-09 11:25 - 2016-05-11 15:51 - 000000000 ____D C:\Users\Mithrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-11-09 11:25 - 2016-05-11 15:51 - 000000000 ____D C:\Users\Mithrand\AppData\Local\WhatsApp
2018-11-09 11:24 - 2016-05-11 15:21 - 000000000 ____D C:\Users\Mithrand\AppData\Local\SquirrelTemp
2018-11-08 23:37 - 2012-12-14 00:16 - 000000000 ____D C:\Users\Mithrand\AppData\Local\Deployment
2018-11-08 16:16 - 2013-05-22 16:47 - 000000000 ____D C:\Users\Mithrand\AppData\Roaming\Audacity
2018-11-07 23:55 - 2018-09-08 00:37 - 000000000 ____D C:\Users\Mithrand\Desktop\Batiburrillo
2018-11-07 01:02 - 2013-01-14 21:23 - 000001456 _____ C:\Users\Mithrand\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2018-11-06 23:07 - 2016-06-23 12:49 - 000000000 ____D C:\Users\Mithrand\.afirma
2018-11-06 23:04 - 2013-09-27 09:45 - 000000000 ___SD C:\Users\Mithrand\AppData\LocalLow\Temp
2018-11-04 20:00 - 2017-03-13 20:37 - 000000000 ____D C:\Users\Mithrand\AppData\LocalLow\Mozilla
2018-10-29 20:38 - 2012-12-14 17:31 - 000000000 ____D C:\Users\Mithrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-10-26 10:23 - 2015-08-29 01:03 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-26 10:22 - 2018-06-21 12:16 - 000000000 ____D C:\ProgramData\Garmin
2018-10-26 10:22 - 2018-06-21 12:15 - 000000000 ____D C:\Program Files (x86)\Garmin
2018-10-23 08:17 - 2018-10-10 17:43 - 007799552 _____ (Tim Kosse) C:\Users\Mithrand\Downloads\FileZilla_3.37.4_win64-setup.exe
2018-10-23 00:05 - 2018-09-13 22:47 - 000000000 ____D C:\Users\Mithrand\Desktop\Curso Teo Palacios
2018-10-20 20:25 - 2018-09-12 16:35 - 000001195 _____ C:\Users\Mithrand\Desktop\¿Quién mató a Max Von Sydow.lnk
2018-10-20 20:25 - 2018-05-04 11:36 - 000001607 _____ C:\Users\Mithrand\Desktop\Libro I.lnk
2018-10-20 00:49 - 2018-06-14 18:57 - 000000896 _____ C:\Users\Mithrand\Desktop\ESCRITURA.lnk
2018-10-19 16:23 - 2014-10-20 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-19 16:23 - 2012-12-14 12:56 - 000000000 ____D C:\Program Files (x86)\Java
2018-10-19 16:22 - 2015-03-02 14:39 - 000000000 ____D C:\Program Files\Java
2018-10-19 16:21 - 2015-03-02 14:39 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-10-19 16:20 - 2015-12-13 20:06 - 000098680 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-10-14 12:38 - 2018-03-17 11:57 - 000000000 ___RD C:\Users\Mithrand\Desktop\Z
2018-10-11 13:10 - 2013-09-29 23:36 - 000000132 _____ C:\Users\Mithrand\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2018-10-11 00:48 - 2017-11-10 17:04 - 000201264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2018-10-11 00:48 - 2017-06-01 13:42 - 000467760 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-10-11 00:48 - 2017-06-01 13:42 - 000380992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2018-10-11 00:48 - 2017-06-01 13:42 - 000208488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2018-10-11 00:48 - 2017-06-01 13:42 - 000163224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2018-10-11 00:48 - 2017-06-01 13:42 - 000111816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2018-10-11 00:48 - 2017-06-01 13:42 - 000087968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2018-10-11 00:48 - 2017-06-01 13:42 - 000046920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2018-10-11 00:47 - 2017-06-01 13:42 - 001028696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2018-10-11 00:47 - 2017-06-01 13:42 - 000346616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2018-10-11 00:47 - 2017-06-01 13:42 - 000230880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2018-10-11 00:47 - 2017-06-01 13:42 - 000202296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2018-10-11 00:47 - 2017-06-01 13:42 - 000059520 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys

==================== Files in the root of some directories =======

2013-10-14 03:44 - 2013-10-14 03:44 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-11-12 13:28 - 2014-11-12 13:32 - 000099384 _____ () C:\Users\Mithrand\AppData\Roaming\inst.exe
2014-11-12 13:28 - 2014-11-12 13:32 - 000007859 _____ () C:\Users\Mithrand\AppData\Roaming\pcouffin.cat
2014-11-12 13:28 - 2014-11-12 13:32 - 000001167 _____ () C:\Users\Mithrand\AppData\Roaming\pcouffin.inf
2014-11-12 13:28 - 2014-11-12 13:32 - 000000055 _____ () C:\Users\Mithrand\AppData\Roaming\pcouffin.log
2014-11-12 13:28 - 2014-11-12 13:32 - 000082816 _____ (VSO Software) C:\Users\Mithrand\AppData\Roaming\pcouffin.sys
2013-03-15 19:23 - 2013-10-03 10:52 - 000000132 _____ () C:\Users\Mithrand\AppData\Roaming\Prefs. de filtro IllExport de Adobe CS6
2013-09-29 23:36 - 2018-10-11 13:10 - 000000132 _____ () C:\Users\Mithrand\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2013-01-14 21:23 - 2018-11-07 01:02 - 000001456 _____ () C:\Users\Mithrand\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2015-03-02 17:56 - 2015-03-02 17:56 - 000458240 _____ (Smart Access S.L.) C:\Users\Mithrand\AppData\Local\DNIeService.exe
2014-03-04 23:46 - 2014-03-05 00:09 - 000000002 _____ () C:\Users\Mithrand\AppData\Local\SendToWorkFiles.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 001008640 _____ (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E

C:\Windows\SysWOW64\User32.dll
[2012-12-14 00:40] - [2012-12-14 00:40] - 000833024 _____ (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-04 13:54

==================== End of FRST.txt ============================

#10
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.11.2018
Ran by Mithrand (10-11-2018 19:34:29)
Running from C:\Users\Mithrand\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2012-12-13 22:08:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-465683914-2143892967-2920972581-500 - Administrator - Disabled)
Invitado (S-1-5-21-465683914-2143892967-2920972581-501 - Limited - Enabled)
Mithrand (S-1-5-21-465683914-2143892967-2920972581-1000 - Administrator - Enabled) => C:\Users\Mithrand

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Disabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-465683914-2143892967-2920972581-1000\...\uTorrent) (Version: 3.5.4.44632 - BitTorrent Inc.)
Ac3Tool (remove only) (HKLM-x32\...\Ac3Tool) (Version:  - )
Actualización de NVIDIA 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Adobe Acrobat X Pro - Italiano, Español, Nederlands, Português (HKLM-x32\...\{AC76BA86-1040-7D70-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Audition CS6 (HKLM-x32\...\{30FD541D-3C9D-41C4-B240-A994EE4E0231}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AIDA64 Extreme v5.97 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.97 - FinalWire Ltd.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 372.70 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.213 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock InstantBoot v1.26 (HKLM-x32\...\ASRock InstantBoot_is1) (Version:  - )
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AutoFirma (HKLM-x32\...\AutoFirma) (Version: 1.5.0 - Gobierno de España)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.7.3069 - AVG Technologies)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Bananatag Outlook 2007 Add-in (x86) (HKLM-x32\...\{3AC23D38-3E6D-4EB6-8F36-8F9BA95EA076}) (Version: 1.4.6 - Bananatag Systems Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{FDE5EECE-678C-47F7-9E76-6388FF3BC098}) (Version: 3.22.1 - Kovid Goyal)
Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation)
Canon Pro9000 II series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9000_II_series) (Version:  - )
Capicom 2.1.0.2 FNMT-RCM (HKLM-x32\...\{E06DBD80-CD9B-4A3F-BD83-ED1AA4CB1E3A}) (Version: 1.00.0000 - FNMT-RCM)
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
Compatibilidad con Aplicaciones de Apple (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Complemento de inhabilitación para navegadores de Google Analytics (HKLM\...\{64E8F88B-B615-4114-900A-4B82F1EF2038}) (Version: 0.9.6.0 - Google Inc.)
Configurador AEAT (HKU\S-1-5-21-465683914-2143892967-2920972581-1000\...\Configurador AEAT 2.5) (Version: 2.5 - AEAT)
CuteFTP 8 Professional (HKLM-x32\...\{91F34319-08DE-457a-99C0-0BCDFAC145B9}) (Version: 8.3.4 - GlobalSCAPE)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink Instal)
Easy Photo Scan (HKLM-x32\...\{BB6241FF-8B76-45A5-95B9-888EDE8E47DC}) (Version: 1.00.0010 - Seiko Epson Corporation)
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{F05A434E-D3CF-4B44-9D3E-779D42090781}) (Version: 2.8.0.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON XP-540 Series Printer Uninstall (HKLM\...\EPSON XP-540 Series) (Version:  - Seiko Epson Corporation)
EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.9.4 - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology)
FileZilla Client 3.35.2 (HKU\S-1-5-21-465683914-2143892967-2920972581-1000\...\FileZilla Client) (Version: 3.35.2 - Tim Kosse)
FlashFXP 4 (HKLM-x32\...\FlashFXP 4) (Version: 4.4.2.2016 - OpenSight Software LLC)
FormatFactory 3.2.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.2.0.1 - Free Time)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.102 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
High-Definition Video Playback 10 (HKLM-x32\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.0.11400.29.0 - Nero AG) Hidden
Instalable módulo criptográfico DNIe (HKLM\...\{BE9DD44B-344E-46AA-A717-76D2C478ACC7}) (Version: 11.1.0 - Cuerpo Nacional de Policía)
Instalable TC-FNMT (HKLM\...\{2F1D83C7-3F0F-4455-A711-DD163FA527E0}) (Version: 4.0.0 - FNMT-RCM)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 12.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.6.0 - KLCP)
La Batalla por la Tierra Media(tm) (HKLM-x32\...\{3F290582-3F4E-4B96-009C-E0BABAA40C42}) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Manuales de EPSON (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.54.0.0 - Seiko Epson Corporation)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - Spanish/Español (HKLM-x32\...\OMUI.es-es) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
MIKSOFT Mobile Media Converter (HKLM-x32\...\Mobile Media Converter_is1) (Version:  - MIKSOFT)
MKVtoolnix 3.2.0 (HKLM-x32\...\MKVToolNix) (Version: 3.2.0 - Moritz Bunkus)
Mozilla Firefox 60.2.1 ESR (x64 es-ES) (HKLM\...\Mozilla Firefox 60.2.1 ESR (x64 es-ES)) (Version: 60.2.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.2.1 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.2.2 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
NVIDIA Controlador de 3D Vision 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.70 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Octoshape Streaming Services (HKU\S-1-5-21-465683914-2143892967-2920972581-1000\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
OpenMG Limited Patch 4.7-07-14-05-01 (HKLM-x32\...\OpenMG HotFix4.7-07-13-22-01) (Version:  - )
OpenMG Secure Module 4.7.00 (HKLM-x32\...\{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation) Hidden
OpenMG Secure Module 4.7.00 (HKLM-x32\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{52F63384-0FE8-41F5-B9C1-3331BE2E74F1}) (Version: 4.01.9714 - Apache Software Foundation)
Panel de control de NVIDIA 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 372.70 - NVIDIA Corporation) Hidden
Paquete de códecs de la cámara de Microsoft (HKLM\...\{574C05A4-A6A0-4D1C-BEC0-B89E56111349}) (Version: 16.4.1899.0416 - Microsoft Corporation)
Paquete de controladores de Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Paquete de controladores de Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.7.5 - Vaclav Slavik)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Renta 2013 1.00 (HKLM-x32\...\2285-3920-8902-9260) (Version: 1.00 - AEAT)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (HKLM-x32\...\{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Nombre de su organización) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Nombre de su organización)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-465683914-2143892967-2920972581-1000\...\@@[email protected]@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Scrivener (HKLM-x32\...\Scrivener 1970) (Version: 1970 - Literature and Latte)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SonicStage 4.3 (HKLM-x32\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)
Sound Blaster X-Fi MB (HKLM-x32\...\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}) (Version: 1.0 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Splash Lite (HKLM-x32\...\{B9507AE2-8A52-4E7C-839F-7C5BDA6A8F44}) (Version: 1.4.2 - Mirillis)
Spotify (HKU\S-1-5-21-465683914-2143892967-2920972581-1000\...\Spotify) (Version: 1.0.80.474.gef6b503e - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellarium 0.15.1.1 (HKLM\...\Stellarium_is1) (Version: 0.15.1.1 - Stellarium team)
SuperBeam version 1.2.0 (HKLM-x32\...\{1E690789-503A-4733-B224-7FE1DA597F2A}_is1) (Version: 1.2.0 - MukaBits)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78313 - TeamViewer)
Tomb Raider - The Last Revelation (HKLM-x32\...\Tomb Raider - The Last Revelation) (Version:  - )
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
TP-LINK TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.2.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.2.1 - TP-LINK)
Transfer Utility (HKLM-x32\...\{0ECE15AC-CB68-40EC-B70D-1B220717844C}) (Version: 2.05.251 - PIXELA)
Unity Web Player (HKU\S-1-5-21-465683914-2143892967-2920972581-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1-3) (Version: 1.0.11.1 - LunarG, Inc.)
WhatsApp (HKU\S-1-5-21-465683914-2143892967-2920972581-1000\...\WhatsApp) (Version: 0.3.1475 - WhatsApp)
Windows Driver Package - Dirección General de la Policía (UMPass) SmartCard  (03/11/2013 1.0.2.1) (HKLM\...\B52C0A3A839B7EB8677E7EE3DAC12245F751A578) (Version: 03/11/2013 1.0.2.1 - Dirección General de la Policía)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)
yWriter6 (HKLM-x32\...\yWriter6_is1) (Version:  - Spacejock Software)
Zoom (HKU\S-1-5-21-465683914-2143892967-2920972581-1000\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-465683914-2143892967-2920972581-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-465683914-2143892967-2920972581-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-465683914-2143892967-2920972581-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-465683914-2143892967-2920972581-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-465683914-2143892967-2920972581-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-465683914-2143892967-2920972581-1000_Classes\CLSID\{B14B3B7C-A0EF-9B9D-D082-5F7430C8B988}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-465683914-2143892967-2920972581-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2014-12-03] (Adobe Systems Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-10-11] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.)
ContextMenuHandlers1-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers2-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4-x32: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files (x86)\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll [2010-05-19] (GlobalSCAPE, Inc.)
ContextMenuHandlers4-x32: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-05] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-08-25] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2014-12-03] (Adobe Systems Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-10-11] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D3E7380-2016-43F5-AFD4-D10C7F7F9070} - System32\Tasks\{012F4071-D940-4871-9295-52AD75E14973} => C:\UbiSoft\Rayman2\Rayman2.exe
Task: {3DB7CE09-11C5-4023-8BA4-65939373214C} - System32\Tasks\{E96C716C-35A2-4559-92E4-07FAE7473AA6} => C:\Windows\system32\pcalua.exe -a C:\Users\Mithrand\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe -c --uninstall
Task: {3EC14893-509A-4E7F-92B5-B7893FE40B58} - System32\Tasks\{BCA86DB4-1E38-438F-A869-DA577AED8D1C} => C:\Program Files (x86)\Electronic Arts\La Batalla por la Tierra Media II\lotrbfme2.exe
Task: {3FCDDD2C-267B-4B9A-A206-B1D18BC8E2DD} - System32\Tasks\{6D9CC907-A2F6-40FE-A43F-CB98DB292264} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/203160
Task: {434CD840-7030-4613-9CD2-9E9DC80C9C43} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {530B9164-754F-4108-9040-37721476696F} - System32\Tasks\{DCB862BF-04AC-4D18-93D0-D5E93C173962} => C:\Program Files (x86)\Electronic Arts\La Batalla por la Tierra Media II\lotrbfme2.exe
Task: {5C843D0E-DBBE-456C-BF68-1F6FCC4ED081} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd)
Task: {6281A5D8-E9CC-479F-83EF-70853C2BBBF4} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2018-10-11] (AVG Technologies CZ, s.r.o.)
Task: {70643B34-ED34-4852-977B-B97D55347A26} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7E8B16D7-5951-4617-81D8-DA0EC8960E3F} - System32\Tasks\EPSON XP-540 Series Update {39481DDD-52E2-4462-A9F0-85C8D11755E3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRIE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {83157B63-D38E-47AB-B831-C7A08E048C75} - System32\Tasks\{DE034A3B-50B8-4FE7-A7D6-706EB08B66C5} => C:\Windows\system32\pcalua.exe -a C:\Users\Mithrand\Downloads\m32-474.exe -d C:\Users\Mithrand\Downloads
Task: {8BF1994F-C04B-4943-A90E-E38AC51AF4D1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-19] (Piriform Ltd)
Task: {9FC90CAA-D7D1-4547-8BA3-A28C2CABE911} - System32\Tasks\{B184D930-D626-4ED6-B50C-E47EDFF80D5C} => C:\Program Files (x86)\Electronic Arts\La Batalla por la Tierra Media II\lotrbfme2.exe
Task: {B350952C-8C45-4E0D-B976-4BD28B9A9C19} - System32\Tasks\{D978712D-D5C2-4C31-AE71-EFB1C77A451E} => C:\Program Files (x86)\Steam\Steam.exe [2018-10-13] (Valve Corporation)
Task: {B4B35A0F-E522-41DD-9C5E-0D562B93D088} - System32\Tasks\{56B0ADB2-D900-4B52-95B8-1106E8A9CCE3} => C:\Users\Mithrand\Downloads\sj657sp.exe
Task: {BF10D526-FD0A-4F12-8293-90BB510C3BDA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {D9FB0CB7-8E52-4CE0-BC07-99C7B68A161C} - System32\Tasks\{F00015D5-FD75-4A0B-B8F3-9EC0861848AE} => C:\UbiSoft\Rayman2\Rayman2.exe
Task: {DA232A1A-019B-4327-86AA-C47B7A703E4E} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-10-28] (AVG Technologies CZ, s.r.o.)
Task: {DC33BF77-A4CE-4149-96E6-58787998C3FC} - System32\Tasks\{4B839D17-7BF1-4AB1-B713-D0EB5441FC57} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {F43E3982-F612-443E-ADBE-1F4D14785001} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-10-24] ()
Task: {F5B955F1-F6E2-43B9-84B8-D136064B6785} - System32\Tasks\{D6BD35C7-F1ED-4E0C-B208-2BAB1C0E8892} => C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe
Task: {F97B1D5F-CEC6-41C7-82AD-8F62FF61760A} - System32\Tasks\{10FEEB4B-BE35-4D1B-BF75-100B17EF37D6} => C:\Windows\system32\pcalua.exe -a C:\Users\Mithrand\AppData\Local\Temp\jre-8u66-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Mithrand\Desktop\adwcleaner_7.2.4.0.exe
Task: C:\Windows\Tasks\EPSON XP-540 Series Update {39481DDD-52E2-4462-A9F0-85C8D11755E3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRIE.EXE:/EXE:{39481DDD-52E2-4462-A9F0-85C8D11755E3} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Mithrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Mithrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Instagram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=maonlnecdeecdljpahhnnlmhbmalehlm

==================== Loaded Modules (Whitelisted) ==============

2016-09-06 21:27 - 2016-08-25 22:10 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-08-06 09:11 - 2018-08-06 09:11 - 000054440 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-05-17 12:10 - 2016-06-14 21:03 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-05-17 12:10 - 2016-06-14 21:03 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-05-17 12:10 - 2016-06-14 21:03 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-01-27 00:32 - 2016-06-14 21:03 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2018-11-10 13:49 - 2018-10-18 08:44 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-11-10 13:49 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-05-17 12:10 - 2016-06-14 21:03 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-17 12:10 - 2016-06-14 21:03 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-17 12:10 - 2016-06-14 21:03 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-27 00:32 - 2016-06-14 21:03 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-17 12:10 - 2016-06-14 21:03 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-17 12:10 - 2016-06-14 21:03 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2018-11-09 22:19 - 2018-11-08 23:14 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.102\libglesv2.dll
2018-11-09 22:19 - 2018-11-08 23:14 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.102\libegl.dll
2018-10-11 00:47 - 2018-10-11 00:47 - 000919312 _____ () C:\Program Files (x86)\AVG\Antivirus\anen.dll
2018-10-11 00:48 - 2018-10-11 00:48 - 000595728 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll
2018-11-10 13:37 - 2018-11-10 13:37 - 005719240 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\18111002\algo.dll
2018-10-11 00:47 - 2018-10-11 00:47 - 000496912 _____ () C:\Program Files (x86)\AVG\Antivirus\gui_cache.dll
2018-10-11 00:47 - 2018-10-11 00:47 - 001112336 _____ () C:\Program Files (x86)\AVG\Antivirus\shepherdsync.dll
2015-07-31 11:40 - 2016-06-14 21:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2018-03-04 00:27 - 2018-03-04 00:27 - 067127976 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2018-11-10 17:41 - 2018-11-10 17:41 - 000697884 _____ () C:\Users\Mithrand\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0033\~df394b.tmp
2018-11-10 17:41 - 2018-11-10 17:41 - 000592896 _____ () C:\Users\Mithrand\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0033\~de6248.tmp

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:UhsF1gQVgzaOKJQAjf7GrENlc [2200]
AlternateDataStreams: C:\ProgramData\Microsoft:B5datPe3rRAwKPwl3qwyXVG5y [2330]
AlternateDataStreams: C:\ProgramData\Microsoft:jV067CG0om0yfuv0YFJZ2o [2284]
AlternateDataStreams: C:\Users\Mithrand\Cookies:Fbfb1pjgETrqAbRlnk8lBoHpGI [2244]
AlternateDataStreams: C:\Users\Public\AppData:CSM [472]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-465683914-2143892967-2920972581-1000\...\gob.es -> hxxps://agenciatributaria.gob.es
IE trusted site: HKU\S-1-5-21-465683914-2143892967-2920972581-1000\...\registradores.org -> hxxps://www.registradores.org

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-06-24 19:06 - 000001028 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-465683914-2143892967-2920972581-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mithrand\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 80.58.61.250 - 80.58.61.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Transfer Utility Camera Monitor.lnk => C:\Windows\pss\Transfer Utility Camera Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AirDroid 3 => C:\Program Files (x86)\AirDroid\AirDroid.exe /start
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: EPSON136099 (Epson Stylus SX440) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE /FU "C:\Users\Mithrand\AppData\Local\Temp\E_SF191.tmp" /EF "HKCU"
MSCONFIG\startupreg: Hoolapp Android => "C:\Users\Mithrand\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
MSCONFIG\startupreg: HP Update 4300C => C:\sj657\hpupdate.exe 4300C
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: SanDiskSecureAccess_Manager.exe => C:\Users\Mithrand\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1B8CE270-709B-47DC-99BE-A23313893090}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{1C5D5DE6-BFDD-4FB0-92B3-9677A7CB4581}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3DEB9AC6-3504-48F5-8E6C-37B25E9DF6C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{28EF7E6D-4032-45BF-8DC2-50E47DFC4111}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{EB3758B5-FC1B-4C3A-8618-2DEFA6380127}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{D97BF227-8CBC-4A83-8499-EACDF6C61902}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{811E775A-D184-431E-90FC-4228802CBFFF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{AEE1CB4D-536B-4E2E-98D1-D5FC1A23580B}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [UDP Query User{39A2B8F1-EDE2-44FB-94A4-C294574332F6}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [{6AF4E284-A2AC-4DB1-898A-BAE2CC8062ED}] => (Block) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [{C9A7D166-6F19-407D-B274-F2E5CB16C8A2}] => (Block) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [TCP Query User{6F11268A-67F6-4AA5-A07E-930E2F034D03}C:\users\mithrand\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\mithrand\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [UDP Query User{E51A3379-3918-4193-A0CB-C143A205747C}C:\users\mithrand\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\mithrand\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{61FF1D92-815E-472C-A76F-0E5924A9A12B}] => (Allow) C:\Users\Mithrand\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{87BBCFA8-99E6-4CDA-8221-03E62E0F3067}] => (Allow) C:\Users\Mithrand\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{2A374140-0CF9-4A05-B598-19C483CD56C6}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{11097BFD-4C6F-4487-8863-090A1961FC75}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{FF2696E4-2B4F-4EDD-916F-2EF12DFEA346}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{84EA3A00-C2B3-4EC1-92F4-FBDF2D1A22B3}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{F46B2276-2837-4A41-8C5A-4319A5557F73}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [UDP Query User{D7C82379-AF96-4829-8450-0CE051AF44AA}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [{8BE6AAE2-5CDE-4E1E-8FA6-639052566BDB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5E1A1BE2-FCFC-4A4A-9AE4-2D091955FBE8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0751A723-7095-4CD0-B9A2-23DA489B27A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{81197420-6B7E-4089-8BC5-DA1B7D41CA5A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{33346FFD-6560-4717-BA1E-246C284C9C6C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0CB77030-6F25-4E66-B037-0AD1C1ADD2EB}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe
FirewallRules: [{72E7B13A-1425-43C6-A4C9-9A19F8BB715E}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe
FirewallRules: [{69D72AEB-53FB-4494-B265-49F51BE3FDC1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F7403046-D8D2-4A87-A7E6-D82EB56B942B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0474D11D-DBD2-4A89-8EDF-0829BF9D3624}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{20AB4665-0B7D-4B88-BA60-4FCC374D3ABB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DE0AAA10-71D0-45DA-8080-DCD37C9A99AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{398F678B-8584-49C9-92A1-683E8DB04577}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [TCP Query User{31464BA6-1139-4BB5-AD70-D8E38407CDAB}C:\program files (x86)\autofirma\autofirma\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\autofirma\autofirma\jre\bin\javaw.exe
FirewallRules: [UDP Query User{DA695007-38BC-4EB0-86F8-C13975A2E0FF}C:\program files (x86)\autofirma\autofirma\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\autofirma\autofirma\jre\bin\javaw.exe
FirewallRules: [{DDDB72FD-2130-4DE8-AA88-AAFADA3577AD}] => (Allow) LPort=8317
FirewallRules: [{42431885-7803-4616-99C4-1801AB3F646B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{F77151C0-D07B-42DD-9D45-404534B09684}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{28D37565-442C-48C0-B5C2-0E0B44EBA85E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{A80591BC-94E5-43F6-9ABE-D851B535DD66}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{666520DC-E5F4-416C-B323-25055A891C32}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EA64364C-9319-4269-8465-B24E17DCFB25}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{721316D2-89C0-4951-8462-96BA62CE1991}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ElectronicSuperJoy\ElectronicSuperJoy.exe
FirewallRules: [{A1A13FD2-752C-4D25-B2BE-BBF50B8F2818}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ElectronicSuperJoy\ElectronicSuperJoy.exe
FirewallRules: [{4638BFC6-F792-4E6B-B9B5-3981F11EF9EE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8FCE8DCF-8DDC-4037-9FA7-65A903D5AD61}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E062E69F-1524-49A5-8017-6D6924AC170F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{48852A3F-97C0-488A-9335-64F5B656B78D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7BFBA49C-0126-4A6D-A8AE-90F30B425BE7}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
FirewallRules: [{F9CF22F2-7C06-45A3-8FB6-35F17F9B26C9}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{6922CE45-1BE2-4475-83BE-891C14FC1BAA}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{64F006E4-C210-4F99-901E-BFE4940EF5E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{6FCEEF3A-B0EB-4D02-8DAE-5E1930958ED9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{344E9683-EF63-4094-A8D6-F354AA73BB99}] => (Allow) C:\Program Files (x86)\epson\Epson Scan 2\Core\es2launcher.exe
FirewallRules: [{4CC18518-A079-4BAA-8411-B6D49B8892AD}] => (Allow) C:\Program Files (x86)\epson\Epson Scan 2\Core\es2launcher.exe
FirewallRules: [{07B02768-6EE9-40B0-8EA7-966A928E6BC1}] => (Allow) C:\Program Files (x86)\epson\Epson Scan 2\Core\es2launcher.exe
FirewallRules: [{3B251C56-5318-49D2-A389-EB16E204789F}] => (Allow) C:\Program Files (x86)\epson\Epson Scan 2\Core\es2launcher.exe
FirewallRules: [{EB4D69A9-87D1-4A6F-9D71-77E6F83ADC17}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TombRaider (III)\tomb3.exe
FirewallRules: [{7DB7BC9A-A814-4685-A2B5-0D6CDAEEA5B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TombRaider (III)\tomb3.exe
FirewallRules: [{81433845-FF3F-498E-80E2-F9BF7C45DE07}] => (Allow) C:\Program Files (x86)\EA GAMES\La Batalla por la Tierra Media(tm)\game.dat
FirewallRules: [{712C6B2E-0D20-46F9-AB95-B75888ED19D7}] => (Allow) C:\Program Files (x86)\EA GAMES\La Batalla por la Tierra Media(tm)\game.dat
FirewallRules: [{150F6F70-DEB1-4804-B1EF-E28075CC70AE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{648CB64D-F8DC-40BB-9C33-C014B28ABBAB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{61D5FA2D-FA79-4E7B-B236-07DB7781D1DA}] => (Allow) C:\Users\Mithrand\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{7FED48BD-984D-458F-BB57-8450E7315C0E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{70A5BD38-283C-4E4A-B389-787418D8E654}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3AD6CD42-F68E-4431-9C84-05CABE20B7D2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9C69434E-8BF5-49E3-8CEB-B2A8429EF21E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{931AA7B7-9977-430B-B339-6388DC8C831A}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{25EA63B4-A0F3-41C0-A7E9-A234FAFCC993}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{39E9837B-28EA-4865-98ED-8C7D9AD61F32}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D9844762-954F-44A2-9AD1-7FBB3197C15D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{4AA36652-53A3-44FE-A5FC-3570E5730FAD}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

09-11-2018 11:57:45 9-nov-2018
09-11-2018 12:00:01 Copias de seguridad de Windows
09-11-2018 13:42:34 Copias de seguridad de Windows
09-11-2018 13:43:19 Copias de seguridad de Windows
09-11-2018 13:46:14 Copias de seguridad de Windows

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2018 05:41:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (11/10/2018 05:41:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Error en la extracción de la lista raíz de terceros del archivo .CAB actualizado automáticamente: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> con el error: Un certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.
.

Error: (11/10/2018 05:40:52 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x00000000.

Error: (11/10/2018 05:40:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
0x800401F9

Error: (11/10/2018 05:28:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (11/10/2018 05:27:37 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x00000000.

Error: (11/10/2018 05:27:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
0x800401F9

Error: (11/10/2018 05:25:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


System errors:
=============
Error: (11/10/2018 05:42:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio MBAMFarflt no pudo iniciarse debido al siguiente error: 
Recursos insuficientes en el sistema para completar el servicio solicitado.

Error: (11/10/2018 05:42:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio MBAMProtection no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (11/10/2018 05:41:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio avgbIDSAgent no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (11/10/2018 05:41:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio avgbIDSAgent.

Error: (11/10/2018 05:41:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Conexión compartida a Internet (ICS) depende del servicio Administrador de conexión de acceso remoto, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (11/10/2018 05:41:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Administrador de conexión de acceso remoto depende del servicio Telefonía, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (11/10/2018 05:40:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN no se pudo iniciar.

Ruta de acceso del módulo: C:\Windows\system32\Rtlihvs.dll
Código de error: 126

Error: (11/10/2018 05:34:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1068" al intentar iniciar el servicio BITS con argumentos "" para ejecutar el servidor:
{4991D34B-80A1-4291-83B6-3328366B9097}


CodeIntegrity:
===================================

Date: 2018-11-10 19:30:03.678
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-11-10 19:22:24.132
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-11-10 18:40:00.255
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-11-10 18:23:30.792
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-11-10 18:06:12.547
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-11-10 17:40:46.355
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-11-10 17:24:35.681
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-11-10 13:45:55.895
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume3\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 44%
Total physical RAM: 8156.16 MB
Available physical RAM: 4538.78 MB
Total Virtual: 16310.53 MB
Available Virtual: 12963.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.79 GB) (Free:1243.49 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 1D431D42)

Partition: GPT.

==================== End of Addition.txt ============================

#11

Parece que va mejor, porque al reiniciar después de pasarle el Malwarebytes en modo seguro con red volvió a aparecer la pantalla azul. Tuve que pasar el CCleaner en modo seguro también.

No sé si ese tipo de pantallazos azules pueden venir también derivados de una mala conexión con puertos usb o similares.


#12

Vamos a ir viendo

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
AppInit_DLLs:  => No File
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-465683914-2143892967-2920972581-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
Task: {B4B35A0F-E522-41DD-9C5E-0D562B93D088} - System32\Tasks\{56B0ADB2-D900-4B52-95B8-1106E8A9CCE3} => C:\Users\Mithrand\Downloads\sj657sp.exe
Task: {F97B1D5F-CEC6-41C7-82AD-8F62FF61760A} - System32\Tasks\{10FEEB4B-BE35-4D1B-BF75-100B17EF37D6} => C:\Windows\system32\pcalua.exe -a C:\Users\Mithrand\AppData\Local\Temp\jre-8u66-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Mithrand\Desktop\adwcleaner_7.2.4.0.exe
2018-10-29 20:19 - 2018-11-05 18:16 - 000003038 _____ C:\Windows\System32\Tasks\{4B839D17-7BF1-4AB1-B713-D0EB5441FC57}
Task: {DC33BF77-A4CE-4149-96E6-58787998C3FC} - System32\Tasks\{4B839D17-7BF1-4AB1-B713-D0EB5441FC57} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
ShortcutWithArgument: C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Mithrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Mithrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Instagram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=maonlnecdeecdljpahhnnlmhbmalehlm
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:UhsF1gQVgzaOKJQAjf7GrENlc [2200]
AlternateDataStreams: C:\ProgramData\Microsoft:B5datPe3rRAwKPwl3qwyXVG5y [2330]
AlternateDataStreams: C:\ProgramData\Microsoft:jV067CG0om0yfuv0YFJZ2o [2284]
AlternateDataStreams: C:\Users\Mithrand\Cookies:Fbfb1pjgETrqAbRlnk8lBoHpGI [2244]
AlternateDataStreams: C:\Users\Public\AppData:CSM [472]

```
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema


#13

Parece que arranca mucho más ligero y no tarda tanto en arrancar. No me he atrevido a arrancar el Malwarebytes en modo normal, ya que me dio aquel fallo antes. Por lo demás parece que va bastante bien.

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.11.2018
Ran by Mithrand (10-11-2018 22:20:47) Run:1
Running from C:\Users\Mithrand\Desktop
Loaded Profiles: Mithrand &  (Available Profiles: Mithrand)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
AppInit_DLLs:  => No File
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-465683914-2143892967-2920972581-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
Task: {B4B35A0F-E522-41DD-9C5E-0D562B93D088} - System32\Tasks\{56B0ADB2-D900-4B52-95B8-1106E8A9CCE3} => C:\Users\Mithrand\Downloads\sj657sp.exe
Task: {F97B1D5F-CEC6-41C7-82AD-8F62FF61760A} - System32\Tasks\{10FEEB4B-BE35-4D1B-BF75-100B17EF37D6} => C:\Windows\system32\pcalua.exe -a C:\Users\Mithrand\AppData\Local\Temp\jre-8u66-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Mithrand\Desktop\adwcleaner_7.2.4.0.exe
2018-10-29 20:19 - 2018-11-05 18:16 - 000003038 _____ C:\Windows\System32\Tasks\{4B839D17-7BF1-4AB1-B713-D0EB5441FC57}
Task: {DC33BF77-A4CE-4149-96E6-58787998C3FC} - System32\Tasks\{4B839D17-7BF1-4AB1-B713-D0EB5441FC57} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
ShortcutWithArgument: C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Men� de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Mithrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Men� de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Mithrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Instagram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=maonlnecdeecdljpahhnnlmhbmalehlm
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:UhsF1gQVgzaOKJQAjf7GrENlc [2200]
AlternateDataStreams: C:\ProgramData\Microsoft:B5datPe3rRAwKPwl3qwyXVG5y [2330]
AlternateDataStreams: C:\ProgramData\Microsoft:jV067CG0om0yfuv0YFJZ2o [2284]
AlternateDataStreams: C:\Users\Mithrand\Cookies:Fbfb1pjgETrqAbRlnk8lBoHpGI [2244]
AlternateDataStreams: C:\Users\Public\AppData:CSM [472]

```
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"AppInit_DLLs:  => No File" => Value data not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-465683914-2143892967-2920972581-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => not found
HKLM\System\CurrentControlSet\Services\dgderdrv => removed successfully
dgderdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\Partizan => removed successfully
Partizan => service removed successfully
HKLM\System\CurrentControlSet\Services\RimUsb => removed successfully
RimUsb => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4B35A0F-E522-41DD-9C5E-0D562B93D088}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4B35A0F-E522-41DD-9C5E-0D562B93D088}" => removed successfully
C:\Windows\System32\Tasks\{56B0ADB2-D900-4B52-95B8-1106E8A9CCE3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{56B0ADB2-D900-4B52-95B8-1106E8A9CCE3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F97B1D5F-CEC6-41C7-82AD-8F62FF61760A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F97B1D5F-CEC6-41C7-82AD-8F62FF61760A}" => removed successfully
C:\Windows\System32\Tasks\{10FEEB4B-BE35-4D1B-BF75-100B17EF37D6} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{10FEEB4B-BE35-4D1B-BF75-100B17EF37D6}" => removed successfully
C:\Windows\Tasks\AdwCleaner_onReboot.job => moved successfully
C:\Windows\System32\Tasks\{4B839D17-7BF1-4AB1-B713-D0EB5441FC57} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC33BF77-A4CE-4149-96E6-58787998C3FC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC33BF77-A4CE-4149-96E6-58787998C3FC}" => removed successfully
"C:\Windows\System32\Tasks\{4B839D17-7BF1-4AB1-B713-D0EB5441FC57}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4B839D17-7BF1-4AB1-B713-D0EB5441FC57}" => removed successfully
"C:\Users\Mithrand\AppData\Local\Google\Chrome\User Data\Men� de aplicaciones de Chrome.lnk" => not found
"C:\Users\Mithrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Men� de aplicaciones de Chrome.lnk" => not found
C:\Users\Mithrand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Instagram.lnk => Shortcut argument removed successfully
C:\Program Files\Common Files\Microsoft Shared => ":UhsF1gQVgzaOKJQAjf7GrENlc" ADS removed successfully
C:\ProgramData\Microsoft => ":B5datPe3rRAwKPwl3qwyXVG5y" ADS removed successfully
C:\ProgramData\Microsoft => ":jV067CG0om0yfuv0YFJZ2o" ADS removed successfully
C:\Users\Mithrand\Cookies => ":Fbfb1pjgETrqAbRlnk8lBoHpGI" ADS removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
``` => Error: No automatic fix found for this entry.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-465683914-2143892967-2920972581-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-465683914-2143892967-2920972581-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102018221336018\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-465683914-2143892967-2920972581-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-465683914-2143892967-2920972581-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-465683914-2143892967-2920972581-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102018221336018\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-465683914-2143892967-2920972581-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11102018221336018\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local mientras los medios
est‚n desconectados.

Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::11cf:f63a:9f30:4a08%13
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.40
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

Adaptador de Ethernet Conexi¢n de  rea local:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{635FCCF7-523D-436D-91B0-E746A727004C}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel Conexi¢n de  rea local* 21:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel Reusable ISATAP Interface {57E42246-CBB8-4D20-82C4-A570A7DD8252}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17000966 B
Java, Flash, Steam htmlcache => 330071163 B
Windows/system/drivers => 2951064 B
Edge => 0 B
Chrome => 333724612 B
Firefox => 18584457 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 133734 B
systemprofile32 => 1478477 B
LocalService => 132244 B
NetworkService => 66228 B
Mithrand => 26063938 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B

RecycleBin => 375104466 B
EmptyTemp: => 1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:22:07 ====

#14

Prueba a iniciar Malwarebytes y prueba el pc y me comentas como va


#15

Lo he abierto sin problemas. Estaba preparado para lo peor. Parece que va con normalidad.


#16

Para eliminar las herramientas usadas en la desinfección, realizas:

  • Descargas y Ejecutas >> Delfix, en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)

  • Marca solamente la casilla Remove disinfection tools

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.


Me alegro de haberte podido ayudar! :+1:


TEMA SOLUCIONADO


#17

Este tema se cerró automáticamente 2 días después del último post. No se permiten nuevas respuestas.