Eliminar free youtube download


#1

Se me colo este amigo y no hay forma de desinstalarlo he probado varios antimalware y espias pero no hay forma de sacarlo del pc. como puedo eliminarlo? muchas gracias de antemano


#2

Hola @ams777

Nos puedes decir que herramientas has utilizado.??

Tienes informes de esos análisis realizados.??


#3

Hola gracias por el interes verás informes no tengo he pasado algún antimalware tipo antispy el panda que es el antivirus que tengo he intentado algunas cosas que he visto en internet pero no ha funcionado nada…intento desistalarlo pero no hay forma no hace nada y sigue con su operativa, no se si habrá algún programa que lo pueda eliminar o hacerlo yo manualmente gracias


#4

Bien… pues lo primero vamos a revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos Javier.


#5

Hola Javier tal y como de pediste te envio los informes los envio en dos partes un saludo

Malwarebytes

www.malwarebytes.com

-Detalles del registro-

Fecha del análisis: 9/2/19

Hora del análisis: 14:09

Archivo de registro: fd383954-2c6b-11e9-94f9-9cb6d0b0740c.json

-Información del software-

Versión: 3.7.1.2839

Versión de los componentes: 1.0.538

Versión del paquete de actualización: 1.0.9172

Licencia: Gratis

-Información del sistema-

SO: Windows 10 (Build 17134.523)

CPU: x64

Sistema de archivos: NTFS

Usuario: DESKTOP-QFMMTIU\a

-Resumen del análisis-

Tipo de análisis: Análisis de amenazas

Análisis iniciado por:: Manual

Resultado: Completado

Objetos analizados: 284821

Amenazas detectadas: 3

Amenazas en cuarentena: 3

Tiempo transcurrido: 0 min, 54 seg

-Opciones de análisis-

Memoria: Activado

Inicio: Activado

Sistema de archivos: Activado

Archivo: Activado

Rootkits: Desactivado

Heurística: Activado

PUP: Detectar

PUM: Detectar

-Detalles del análisis-

Proceso: 0

(No hay elementos maliciosos detectados)

Módulo: 0

(No hay elementos maliciosos detectados)

Clave del registro: 0

(No hay elementos maliciosos detectados)

Valor del registro: 0

(No hay elementos maliciosos detectados)

Datos del registro: 0

(No hay elementos maliciosos detectados)

Secuencia de datos: 0

(No hay elementos maliciosos detectados)

Carpeta: 0

(No hay elementos maliciosos detectados)

Archivo: 3

PUP.Optional.InstallCore.Generic, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\aTube Catcher.lnk, En cuarentena, [538], [621110],1.0.9172

PUP.Optional.InstallCore.Generic, C:\USERS\PUBLIC\DESKTOP\aTube Catcher.lnk, En cuarentena, [538], [621110],1.0.9172

PUP.Optional.InstallCore.Generic, C:\PROGRAM FILES (X86)\DSNET CORP\ATUBE CATCHER 2.0\YCT.EXE, En cuarentena, [538], [621110],1.0.9172

Sector físico: 0

(No hay elementos maliciosos detectados)

WMI: 0

(No hay elementos maliciosos detectados)

(end)

`

Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-01-25.2 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-09-2019
# Duration: 00:00:02
# OS:       Windows 10 Home
# Cleaned:  11
# Failed:   0


***** [ Services ] *****

Deleted       panda_url_filtering

***** [ Folders ] *****

Deleted       C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Deleted       C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service
Deleted       C:\ProgramData\Host App Service
Deleted       C:\Users\a\AppData\Local\Host App Service
Deleted       C:\Program Files\Panda Security URL Filtering

***** [ Files ] *****

Deleted       C:\Windows\System32\Tasks_Migrated\App Explorer

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted       HKCU\Software\Host App Service
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer

***** [ Chromium (and derivatives) ] *****

Deleted       pelmeidfhdlhlbjimpabfcbnnojbboma

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2009 octets] - [09/02/2019 14:15:17]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64 
Ran by a (Administrator) on 09/02/2019 at 14:17:59,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 2 

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_DD2B0FB376A86F274B6B22A50D31BF1F (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AEAA659C-0676-478A-AEB1-7C078127D40B} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/02/2019 at 14:19:32,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 8.02.2019
Ran by a (administrator) on DESKTOP-QFMMTIU (09-02-2019 14:21:21)
Running from C:\Users\a\Downloads
Loaded Profiles: a (Available Profiles: a)
Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: Español (España, internacional)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
() C:\Windows\jmesoft\Service.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Nerve Center\FastBoot\FbService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-05-20] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1429248 2016-05-20] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1429248 2016-05-20] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [jmekey] => C:\Windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4114240 2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [153296 2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1661841887-1548056966-1185284758-1002\...\Run: [BitComet] => C:\Program Files (x86)\BitComet\BitComet.exe [14276784 2013-12-31] (Xing Wang -> www.BitComet.com)
HKU\S-1-5-21-1661841887-1548056966-1185284758-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9001904 2019-01-28] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-1661841887-1548056966-1185284758-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1661841887-1548056966-1185284758-1002\...\Run: [vidnotifier.exe] => C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe [1613800 2018-12-11] (Digital Wave Ltd -> Digital Wave Ltd)
HKU\S-1-5-21-1661841887-1548056966-1185284758-1002\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32-x32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-12-27]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{28df10d1-cb72-4153-a84d-f190d830622a}: [DhcpNameServer] 80.58.61.254 80.58.61.250
Tcpip\..\Interfaces\{d250490e-868a-444c-b865-5c5c3e641126}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-1661841887-1548056966-1185284758-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1661841887-1548056966-1185284758-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1661841887-1548056966-1185284758-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1661841887-1548056966-1185284758-1002 -> DefaultScope {AEAA659C-0676-478A-AEB1-7C078127D40B} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-12-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2018-10-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (Shanghai Comet Network Technology -> BitComet)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2018-03-14] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-10-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-1661841887-1548056966-1185284758-1002: SkypeForBusinessPlugin-16.2 -> C:\Users\a\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi.dll [2017-11-18] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1661841887-1548056966-1185284758-1002: SkypeForBusinessPlugin64-16.2 -> C:\Users\a\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\npGatewayNpapi-x64.dll [2017-11-18] (Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.bing.com/?FORM=SLBRDF&PC=SL07"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\a\AppData\Local\Google\Chrome\User Data\Default [2019-02-09]
CHR Extension: (Presentaciones) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-22]
CHR Extension: (Documentos) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-22]
CHR Extension: (Google Drive) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-22]
CHR Extension: (YouTube) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-22]
CHR Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-24]
CHR Extension: (Dropbox para Gmail) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2019-02-09]
CHR Extension: (Hojas de cálculo) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-22]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-22]
CHR Extension: (Chrome Media Router) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-19]
CHR Profile: C:\Users\a\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-02-09]
CHR Profile: C:\Users\a\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AtherosSvc; C:\WINDOWS\system32\DRIVERS\AdminService.exe [424288 2018-05-28] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163328 2016-01-27] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-06-20] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-06-20] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2018-12-11] (Digital Wave Ltd -> Digital Wave Ltd.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\Lenovo Nerve Center\FastBoot\FbService.exe [297752 2016-12-27] (LENOVO -> Lenovo)
S3 GameZoneService; C:\Program Files (x86)\Lenovo\Lenovo Nerve Center\GameZoneService.exe [27184 2016-07-13] (LENOVO -> )
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71336 2019-01-07] (Lenovo -> Lenovo Group Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [743728 2017-11-16] (Intel(R) Trust Services -> Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [720184 2017-11-16] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [457432 2016-09-07] (Rivet Networks LLC -> Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-11-08] (Panda Security S.L. -> Panda Security, S.L.)
S3 Panda VPN Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-20] (AnchorFree Inc -> )
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security S.L -> Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-05-30] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-05-30] (Microsoft Corporation -> Microsoft Corporation)
S3 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-08-03] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [135800 2016-05-05] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 Fastboot; C:\WINDOWS\System32\DRIVERS\Fastboot.sys [70936 2016-12-27] (LENOVO -> Windows (R) Win 7 DDK provider)
R2 FBNetFilter; C:\WINDOWS\system32\Drivers\FBNetFlt.sys [36120 2016-12-27] (LENOVO -> Windows (R) Win 7 DDK provider)
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-16] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 iaLPSSi_GPIO; C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [38128 2018-04-12] (Intel Corporation - Client Components Group -> Intel Corporation)
R0 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [1467912 2015-11-12] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 ICCWDT; C:\WINDOWS\System32\drivers\ICCWDT.sys [38680 2015-10-29] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37072 2016-08-03] (Intel Corporation -> Intel Corporation)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Microsoft Windows -> Qualcomm Atheros, Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [206488 2017-11-28] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [108000 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [211936 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [121312 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [126432 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [99512 2017-09-26] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [118240 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [91616 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [135648 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [336352 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [249312 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [123360 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [281056 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [125920 2017-11-06] (Panda Security S.L. -> Panda Security, S.L.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvle.inf_amd64_c67c14ff73646090\nvlddmkm.sys [17205704 2018-08-01] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [191448 2017-11-08] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [153992 2018-01-23] (Panda Security S.L. -> Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207248 2018-01-30] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [146912 2017-10-17] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [159200 2017-10-17] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [129504 2017-10-17] (Panda Security S.L. -> Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [72648 2017-05-22] (Panda Security S.L. -> Panda Security, S.L.)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2413968 2017-06-07] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-05-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313384 2018-05-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-30] (Microsoft Windows -> Microsoft Corporation)
S3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel(R) Software -> Intel Corporation)
R3 YLED; C:\WINDOWS\System32\drivers\YLED.sys [23960 2016-04-15] (LENOVO -> )
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-09 14:21 - 2019-02-09 14:21 - 000023787 _____ C:\Users\a\Downloads\FRST.txt
2019-02-09 14:21 - 2019-02-09 14:21 - 000000000 ____D C:\FRST
2019-02-09 14:20 - 2019-02-09 14:20 - 000000824 _____ C:\Users\a\Desktop\informeJRT.txt
2019-02-09 14:19 - 2019-02-09 14:19 - 000000824 _____ C:\Users\a\Desktop\JRT.txt
2019-02-09 14:17 - 2019-02-09 14:17 - 000001987 _____ C:\Users\a\Desktop\AdwCleaner[C00].txt
2019-02-09 14:16 - 2019-02-09 14:16 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-02-09 14:14 - 2019-02-09 14:15 - 000000000 ____D C:\AdwCleaner
2019-02-09 14:09 - 2019-02-09 14:09 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-09 14:09 - 2019-02-09 14:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-09 14:09 - 2019-02-09 14:09 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-09 14:09 - 2019-02-09 14:09 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-09 14:09 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-02-09 14:09 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-09 14:02 - 2019-02-09 14:02 - 000110426 _____ C:\Users\a\Desktop\cc_20190209_140222.reg
2019-02-09 13:56 - 2019-02-09 13:56 - 002434048 _____ (Farbar) C:\Users\a\Downloads\FRST64.exe
2019-02-09 13:55 - 2019-02-09 13:55 - 007316688 _____ (Malwarebytes) C:\Users\a\Downloads\adwcleaner_7.2.7.0.exe
2019-02-09 13:55 - 2019-02-09 13:55 - 001790024 _____ (Malwarebytes) C:\Users\a\Downloads\JRT.exe
2019-02-09 13:54 - 2019-02-09 13:55 - 064476848 _____ (Malwarebytes ) C:\Users\a\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9172.exe
2019-02-09 13:49 - 2019-02-09 13:49 - 062341644 _____ C:\Users\a\Desktop\Scalping con Order Flow y Level2 ( 680$) [Caso Práctico].mp4
2019-02-07 21:39 - 2019-02-07 21:39 - 000213120 _____ C:\Users\a\Desktop\cheque-regalo
2019-02-07 18:39 - 2019-02-07 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-02-05 20:59 - 2019-02-05 20:59 - 000000000 ____D C:\Users\a\Desktop\i ching feng shui 2019
2019-02-05 20:55 - 2019-02-05 20:56 - 000000000 ____D C:\Users\a\Desktop\audios i ching
2019-02-05 14:15 - 2019-02-05 14:15 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-02-05 14:15 - 2019-02-05 14:15 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-02-05 14:15 - 2019-02-05 14:15 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-02-05 14:15 - 2019-02-05 14:15 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-02-02 20:39 - 2019-02-02 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2019-02-02 20:39 - 2019-02-02 20:39 - 000000000 ____D C:\Program Files (x86)\DsNET Corp
2019-02-02 20:39 - 2008-08-18 18:18 - 000077824 _____ (Fox Magic Software) C:\WINDOWS\SysWOW64\fmcodec.DLL
2019-02-02 19:37 - 2019-02-02 19:37 - 000000000 ____D C:\Users\a\AppData\Local\mbamtray
2019-02-02 19:37 - 2019-02-02 19:37 - 000000000 ____D C:\Users\a\AppData\Local\mbam
2019-02-02 19:17 - 2019-02-02 19:28 - 000000000 ____D C:\Users\a\Desktop\Nueva carpeta
2019-02-02 18:58 - 2019-02-02 18:58 - 000000000 ____D C:\Users\a\AppData\Local\ESET
2019-01-31 17:51 - 2019-01-31 17:51 - 000001856 _____ C:\Users\a\Desktop\SUPERAntiSpyware Free Edition.lnk
2019-01-31 17:51 - 2019-01-31 17:51 - 000000000 ____D C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2019-01-29 20:13 - 2019-01-29 20:16 - 379841672 _____ C:\Users\a\Desktop\Gran Comportamiento del MERCADO 🔥 Aparecen Nuevos VALORES en VIGILANCIA 📈[1].mp4
2019-01-27 21:13 - 2019-01-07 18:38 - 000205992 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.CoreTypes.dll
2019-01-27 21:13 - 2019-01-07 18:38 - 000130216 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.Utilities.dll
2019-01-27 21:13 - 2019-01-07 18:38 - 000097448 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.ImController.ImClient.dll
2019-01-27 21:13 - 2019-01-07 18:38 - 000043688 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.ImController.EventLogging.dll
2019-01-27 20:38 - 2019-02-02 19:18 - 000000000 ____D C:\Users\a\Desktop\pdf i ching
2019-01-22 19:58 - 2019-01-22 20:01 - 337528353 _____ C:\Users\a\Desktop\¿HORA DE INVERTIR EN CANNABIS 🤔🍁[1].mp4
2019-01-15 19:05 - 2019-01-15 19:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-01-14 18:58 - 2019-01-14 18:58 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2019-01-14 18:58 - 2019-01-14 18:58 - 000000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2019-01-13 11:55 - 2018-09-20 05:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-01-12 13:40 - 2019-01-15 20:55 - 000000000 ____D C:\Users\a\Desktop\bolsa
2019-01-12 13:08 - 2019-01-15 19:08 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-01-12 13:08 - 2019-01-12 13:08 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2019-01-12 13:08 - 2019-01-12 13:08 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2019-01-12 13:07 - 2019-01-12 13:08 - 000000000 ____D C:\WINDOWS\SHELLNEW
2019-01-12 13:07 - 2019-01-12 13:08 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2019-01-12 13:07 - 2019-01-12 13:07 - 000000000 ____D C:\WINDOWS\PCHEALTH
2019-01-12 13:06 - 2019-01-12 13:07 - 000000000 ____D C:\Program Files\Microsoft Office
2019-01-12 13:06 - 2019-01-12 13:06 - 000000000 __RHD C:\MSOCache
2019-01-12 13:06 - 2019-01-12 13:06 - 000000000 ____D C:\Users\a\AppData\Local\Microsoft Help
2019-01-12 13:06 - 2019-01-12 13:06 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2019-01-12 13:06 - 2019-01-12 13:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2019-01-12 12:52 - 2019-01-12 12:55 - 162600980 _____ C:\Users\a\Desktop\Thomas Bergersen Sun (Full Album).mp4
2019-01-12 12:38 - 2019-01-12 12:39 - 025527757 _____ C:\Users\a\Desktop\Michael Maas   The Best of album Earth   Beautiful Female Vocal  Emotional   Epic Hits  EpicMusicVN[1].mp4

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-09 14:18 - 2018-03-22 21:03 - 000000000 ____D C:\ProgramData\NVIDIA
2019-02-09 14:16 - 2018-03-04 19:58 - 000000000 ___RD C:\Users\a\Dropbox
2019-02-09 14:15 - 2018-05-18 20:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-02-09 14:15 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-09 14:15 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-02-09 14:15 - 2018-03-22 20:57 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-02-09 14:12 - 2018-05-18 20:29 - 001635444 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-09 14:12 - 2018-04-12 17:18 - 000725402 _____ C:\WINDOWS\system32\perfh00A.dat
2019-02-09 14:12 - 2018-04-12 17:18 - 000146298 _____ C:\WINDOWS\system32\perfc00A.dat
2019-02-09 14:12 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-02-09 14:09 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-02-09 14:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-02-09 13:38 - 2018-03-12 12:30 - 000000000 ____D C:\Jts
2019-02-09 13:23 - 2018-05-07 16:14 - 000000000 ____D C:\Users\a\AppData\Local\ElevatedDiagnostics
2019-02-09 13:12 - 2019-01-08 20:43 - 000000000 ____D C:\Users\a\Desktop\facturas 2019
2019-02-09 13:12 - 2018-04-02 16:06 - 000000000 ____D C:\Users\a\AppData\Roaming\BitComet
2019-02-09 12:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-02-08 20:27 - 2018-05-18 20:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-02-08 19:03 - 2018-06-20 18:03 - 000000000 ____D C:\ProgramData\Packages
2019-02-08 19:03 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-08 18:18 - 2018-03-22 23:07 - 000000000 ____D C:\Program Files\CCleaner
2019-02-07 19:03 - 2018-08-13 11:49 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1661841887-1548056966-1185284758-1002
2019-02-07 19:03 - 2018-05-18 20:25 - 000002396 _____ C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-07 19:03 - 2017-08-17 15:38 - 000000000 ___RD C:\Users\a\OneDrive
2019-02-07 18:39 - 2018-03-22 21:12 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-02-04 17:51 - 2019-01-02 18:47 - 000000000 ____D C:\Users\a\Desktop\feng
2019-02-02 21:09 - 2018-06-03 19:39 - 000000000 ____D C:\Users\a\Desktop\CLASICA
2019-02-02 19:45 - 2018-03-22 21:10 - 000000000 ____D C:\Users\a\AppData\Local\Packages
2019-02-01 20:34 - 2018-05-18 20:25 - 000000000 ____D C:\Users\a
2019-02-01 20:19 - 2018-05-24 21:47 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-02-01 18:49 - 2018-06-25 18:32 - 000000000 ____D C:\ProgramData\panda_url_filtering
2019-01-31 17:50 - 2018-03-19 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2019-01-26 19:15 - 2018-06-30 12:11 - 000000000 ____D C:\Users\a\AppData\Local\CrashDumps
2019-01-19 13:26 - 2018-03-22 21:10 - 000000000 ____D C:\Users\a\AppData\Local\ConnectedDevicesPlatform
2019-01-19 13:26 - 2018-03-14 22:29 - 000000000 ___HD C:\Users\a\MicrosoftEdgeBackups
2019-01-18 20:26 - 2018-11-16 18:22 - 000000000 ____D C:\Program Files\rempl
2019-01-17 18:48 - 2018-05-18 20:29 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-01-17 18:48 - 2018-03-22 23:07 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-01-16 18:28 - 2018-05-18 20:24 - 000466776 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-01-15 19:07 - 2016-07-16 12:47 - 000000167 _____ C:\WINDOWS\win.ini
2019-01-15 19:02 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-01-14 19:05 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\system
2019-01-13 14:09 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-01-12 13:06 - 2016-12-27 09:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-01-12 12:36 - 2019-01-01 13:50 - 000000000 ____D C:\Users\a\AppData\Roaming\DVDVideoSoft

==================== Files in the root of some directories =======

2018-11-10 12:47 - 2018-11-10 12:47 - 000000000 _____ () C:\Users\a\AppData\Roaming\fastboot.log
2018-06-25 18:16 - 2018-05-08 14:20 - 000108896 _____ (Bomgar) C:\Users\a\AppData\Local\[email protected]!-261232145547952553816-32.tmp
2018-06-25 18:16 - 2018-05-08 14:20 - 000126736 _____ (Bomgar) C:\Users\a\AppData\Local\[email protected]!-261232145547952553816-64.tmp

Files to move or delete:
====================
C:\Windows\Tasks\{7006D61F-73BE-4BCF-BE15-D207B9A90C33}.job


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-18 20:24

==================== End of FRST.txt ============================

#6
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by a (09-02-2019 14:21:57)
Running from C:\Users\a\Downloads
Windows 10 Home Version 1803 17134.523 (X64) (2018-05-18 19:30:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

a (S-1-5-21-1661841887-1548056966-1185284758-1002 - Administrator - Enabled) => C:\Users\a
Administrador (S-1-5-21-1661841887-1548056966-1185284758-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1661841887-1548056966-1185284758-503 - Limited - Disabled)
Invitado (S-1-5-21-1661841887-1548056966-1185284758-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1661841887-1548056966-1185284758-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Panda Dome (Disabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Dome (Disabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}
FW: Panda Firewall (Enabled) {F77F8DFC-1E5A-11E9-2FBF-DE5D4822445B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
BitComet 1.37 (HKLM-x32\...\BitComet) (Version: 1.37 - CometNetwork)
BitComet 1.37 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.37 - CometNetwork)
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.6.3.44 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.6.3.48 - Dolby Laboratories, Inc.)
Driver and Application Installation (HKLM-x32\...\{6EC299C6-074C-4529-8D5F-2798584BB27B}) (Version: 2.02.1125 - Lenovo)
Dropbox (HKLM-x32\...\Dropbox) (Version: 66.4.84 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.1.88.1229 - Digital Wave Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
ID_TITLE (HKLM-x32\...\{5E92B74C-D7DB-4FF3-9588-1566AC1FFBC0}) (Version: 1.01.0810 - Lenovo) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1067 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Killer Bandwidth Control Filter Driver (HKLM\...\{B43B588A-D7D9-47DB-9984-AE3B903E8A0C}) (Version: 1.1.63.1142 - Rivet Networks) Hidden
Killer E240x Drivers (HKLM\...\{D186534E-CB1C-4F5E-A362-299B2A031B9F}) (Version: 1.1.63.1142 - Rivet Networks) Hidden
Killer Network Manager (HKLM\...\{550B02BE-27F7-4DA8-BA61-A8AA139C0037}) (Version: 1.1.63.1142 - Rivet Networks) Hidden
Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.63.1142 - Rivet Networks)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Nerve Center (HKLM-x32\...\{93EA1F94-3617-47CE-9EB2-B8DC3AC0B880}) (Version: 1.01.0810 - Lenovo)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Manual (HKLM-x32\...\{693F92E5-37D1-46B7-A0D6-19A74A2FD0EC}) (Version: 1.00.0701 - Lenovo)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1661841887-1548056966-1185284758-1002\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA Software del sistema PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Dome (HKLM\...\{DC22166B-6F26-4E2E-BFDE-CC3578246940}) (Version: 9.13.00 - Panda Security) Hidden
Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.06.00.0000 - Panda Security)
Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.3.6 - Panda Security)
Panel de control de NVIDIA 398.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 398.72 - NVIDIA Corporation) Hidden
Paquete de controladores de Windows - Adafruit Industries LLC (usbser) Ports  (02/25/2016 6.2.2600.0) (HKLM\...\1245A5961AC9D2C18ADF9EEC931D77E059B7F74E) (Version: 02/25/2016 6.2.2600.0 - Adafruit Industries LLC)
Paquete de controladores de Windows - Arduino LLC (www.arduino.cc) Arduino USB Driver (11/24/2015 1.2.3.0) (HKLM\...\8B585560B248755A6C5A24D5C0F50FA998310883) (Version: 11/24/2015 1.2.3.0 - Arduino LLC (www.arduino.cc))
Paquete de controladores de Windows - Arduino LLC (www.arduino.cc) Genuino USB Driver (01/07/2016 1.0.3.0) (HKLM\...\EC414D98E2986DCA1628FAED2163CD1C9A4ED7EC) (Version: 01/07/2016 1.0.3.0 - Arduino LLC (www.arduino.cc))
Paquete de controladores de Windows - Arduino Srl (www.arduino.org) Arduino USB Driver (03/19/2015 1.1.1.0) (HKLM\...\69E507459B453D69A453EFC9E461FAE1E073408A) (Version: 03/19/2015 1.1.1.0 - Arduino Srl (www.arduino.org))
Paquete de controladores de Windows - libusb-win32 (libusb0) libusb-win32 devices  (04/21/2015 1.0.0.0) (HKLM\...\28E91B69CA377EB48D6E1B92C37F897036E8A818) (Version: 04/21/2015 1.0.0.0 - libusb-win32)
Paquete de controladores de Windows - Linino (usbser) Ports  (01/13/2014 1.0.0.0) (HKLM\...\A2C084AD4515675961A87E71B10E80E4FDCF7FAA) (Version: 01/13/2014 1.0.0.0 - Linino)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
Password Depot 11 - Panda Secure Vault Edition (HKLM-x32\...\{2F91A71B-4A96-4DBD-A336-A652EAFABD42}_is1) (Version: 11.0.7 - AceBIT GmbH)
ProRealTime (HKU\S-1-5-21-1661841887-1548056966-1185284758-1002\...\ProRealTime_is1) (Version: 1.13 - IT-Finance)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10332 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.242 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7824 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Skype Meetings App (HKLM-x32\...\{D20CE315-AC32-4B25-AB3A-7112A9AB6FC3}) (Version: 16.2.0.232 - Microsoft Corporation)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1028 - SUPERAntiSpyware.com)
TradeStation 9.5 (HKLM-x32\...\{E02A3EE0-1193-454C-8E59-BDFCE6EC7B22}) (Version: 9.05.00.3519 - TradeStation Technologies)
Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1661841887-1548056966-1185284758-1002_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\a\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-07-21] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AE4A8D9-98E7-498F-ADD7-7AE52F705390} - no filepath
Task: {0AF29686-45E6-4E84-A068-01EF8FD1D187} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {0BA35B61-426A-44B3-802A-AC4BCED9F78A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b7b7b194-faea-4f68-8af8-9cad68058fad => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2019-01-07] (Lenovo -> Lenovo Group Ltd.)
Task: {0F611018-B3A8-47D9-81C3-826523829192} - no filepath
Task: {2961E4C2-3038-44A8-9C83-F67E1EB1BA35} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\09cd3f10-2ef8-4ac7-a3c4-22f5afb18eb7 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2019-01-07] (Lenovo -> Lenovo Group Ltd.)
Task: {31BCBEC1-3519-47DB-8A51-C919410DA6EB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2019-01-16] (AVAST Software s.r.o. -> AVAST Software)
Task: {3BE8CCF4-24C2-4BDF-A4A1-38BE5225DBB8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {40DDC8E6-CC5C-4688-97E4-94D69771077E} - no filepath
Task: {42F84B47-F5B7-493E-A2B6-CAC2837A3CC8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-06-20] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4A03F33D-C28B-464D-B07C-0B3FD616C20B} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {5DF0A894-B2D0-449A-B571-A1B93DCE08E9} - System32\Tasks\{7006D61F-73BE-4BCF-BE15-D207B9A90C33} => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe [2018-01-30] (Panda Security S.L. -> Panda Security, S.L.)
Task: {61D0989D-CBD1-40CF-BC40-4333CC9528C4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {93E883BB-B1A0-4EF6-9EA5-191D38F4DAD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-04] (Google Inc -> Google Inc.)
Task: {A990F977-4FA0-4F95-9968-840B19C986A7} - System32\Tasks\S-1-5-21-1661841887-1548056966-1185284758-1002\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-12-08] (Microsoft Windows -> Microsoft Corporation)
Task: {AA4F8AF4-F862-4B9F-BB27-039E5CE7ECBF} - no filepath
Task: {B643C15A-C0DD-4B61-9524-959FB8DB7758} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2019-01-07] (Lenovo -> Lenovo Group Ltd.)
Task: {BAEF0C53-E92F-4F07-965D-4FF2BB793DC4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-06-20] (Dropbox, Inc -> Dropbox, Inc.)
Task: {BB7FEBB7-8577-4901-8FE0-725506E7B47D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-05-04] (Google Inc -> Google Inc.)
Task: {C49447CD-D44E-41F5-B476-AFD94AEB7DF4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D9D5E7A4-3E88-4ED9-9C85-F5C31DAE4CAD} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9042bc58-da99-49b3-a80d-527b83669576 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2019-01-07] (Lenovo -> Lenovo Group Ltd.)
Task: {DEDB7473-50E4-46B4-926B-EE148C7F8332} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {E811C37D-088C-4BAF-B1AF-A67EC4B07212} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b8c18068-5d02-4d56-ab75-8b4a317c00aa => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2019-01-07] (Lenovo -> Lenovo Group Ltd.)
Task: {F37618EC-6A11-4E24-93CB-7BF06782EE97} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\{7006D61F-73BE-4BCF-BE15-D207B9A90C33}.job => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) ->  /c C:\Users\a\AppData\Local\bomgar-scc-cb\kaspersky.bomgarcloud.com\start.bat

==================== Loaded Modules (Whitelisted) ==============

2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-11 20:21 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2016-12-27 09:55 - 2011-08-16 20:46 - 000032768 _____ () C:\Windows\jmesoft\Service.exe
2016-01-27 04:04 - 2016-01-27 04:04 - 000163328 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2015-05-19 09:11 - 2015-05-19 09:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2019-01-08 20:23 - 2019-01-01 07:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2019-01-10 11:01 - 2019-01-10 11:01 - 000103560 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
2019-01-01 13:50 - 2018-12-05 15:53 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2019-01-01 13:50 - 2018-12-05 15:53 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2019-01-01 13:50 - 2018-12-05 15:53 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2019-01-01 13:50 - 2018-12-05 15:53 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2015-12-15 18:17 - 2015-12-15 18:17 - 000618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2017-12-03 12:18 - 2017-12-03 12:18 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-1661841887-1548056966-1185284758-1002\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B703781B-8736-495E-82DF-E78AD6F2673C}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe (Xing Wang -> www.BitComet.com)
FirewallRules: [{6B6C2493-4CF9-4D8E-B4FC-276DEEE31B27}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe (Xing Wang -> www.BitComet.com)
FirewallRules: [{94F6D893-86F5-4012-8A3B-CE3E33027596}] => (Allow) C:\Program Files\BitComet\BitComet.exe (Xing Wang -> www.BitComet.com)
FirewallRules: [{3BEB97D6-39F8-4686-B1D8-2F36A245C1AE}] => (Allow) C:\Program Files\BitComet\BitComet.exe (Xing Wang -> www.BitComet.com)
FirewallRules: [UDP Query User{6D2BEF0F-2725-4936-8459-E525467E89EC}C:\users\a\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe] => (Allow) C:\users\a\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{220D3469-DBCB-4C60-854E-B0BC9AFE6CF7}C:\users\a\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe] => (Allow) C:\users\a\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{BFBD2104-CBC5-4F4C-9C1B-E116C4ABCC10}C:\jts\tradestation\tws.exe] => (Allow) C:\jts\tradestation\tws.exe (Interactive Brokers Group, Inc. -> Interactive Brokers LLC)
FirewallRules: [TCP Query User{5280153D-0E22-4E0C-926D-234890A981EC}C:\jts\tradestation\tws.exe] => (Allow) C:\jts\tradestation\tws.exe (Interactive Brokers Group, Inc. -> Interactive Brokers LLC)
FirewallRules: [UDP Query User{DFB8CA2F-129E-4A7A-B39C-36B0B4132AE6}C:\users\a\appdata\local\it-finance\prorealtime\runtime\bin\java.exe] => (Allow) C:\users\a\appdata\local\it-finance\prorealtime\runtime\bin\java.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [TCP Query User{85742F2B-170A-4FB7-929C-48775AF5DC04}C:\users\a\appdata\local\it-finance\prorealtime\runtime\bin\java.exe] => (Allow) C:\users\a\appdata\local\it-finance\prorealtime\runtime\bin\java.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [TCP Query User{C27DF406-4DAB-4C10-827D-AE6D6FC9EDF0}C:\program files (x86)\bitcomet\bitcomet.exe] => (Block) C:\program files (x86)\bitcomet\bitcomet.exe (Xing Wang -> www.BitComet.com)
FirewallRules: [UDP Query User{B20E5409-D9DB-4E48-9E6B-ED2C5A7AF3F3}C:\program files (x86)\bitcomet\bitcomet.exe] => (Block) C:\program files (x86)\bitcomet\bitcomet.exe (Xing Wang -> www.BitComet.com)
FirewallRules: [{1E1F30FF-E138-42A1-9D83-3E82D882298E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{AA0D21EC-912F-48AC-A790-F224D3AEBA8E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{25FD9E3D-F637-4698-B0C2-A0E3840DD033}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{19602585-BC83-4821-A313-10816474E9AC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F4997B5B-223E-4402-9EED-EFD9E83A850A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{63634B0C-CB00-4D1B-98DC-9F72E6C99683}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B813DD8F-4865-4AB7-9EAB-BCF66B62DB22}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8521EF3E-9756-44AA-BF86-631AA2D7B76C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{65378E5A-F78B-456E-AFFA-6488691240D4}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{1A8BC9FD-6616-498B-9D0E-9664F88E75DF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D4BB3645-AF56-4937-99B6-7477B30CC15C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{449C268C-8DDC-403A-A5C8-63454EFF4028}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3C1B9566-177E-49D7-A6E4-CE897A52BEE4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6077161D-1D3D-4B03-B32D-BCD932892551}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A860CD1E-E791-4FC4-8B90-39552C4CFA89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3FEAE535-9AE1-4E6D-96B4-6C5DDFFC0EDE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{12B749F3-77E2-4BF4-A416-B8733E100B5B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{364AA453-1C7E-40EB-97D0-9282155A654A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================

27-01-2019 14:03:49 Punto de control programado
05-02-2019 20:25:47 Punto de control programado
09-02-2019 14:18:00 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2019 06:39:21 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) No puede encontrar el objeto o propiedad

Error: (02/07/2019 06:39:21 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) No puede encontrar el objeto o propiedad

Error: (02/06/2019 08:49:02 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (2000,G,0) Al intentar abrir el archivo "C:\Users\a\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (02/05/2019 07:36:09 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (7808,G,0) Al intentar abrir el archivo "C:\Users\a\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (02/02/2019 02:11:44 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (4252,G,0) Al intentar abrir el archivo "C:\Users\a\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acceso de sólo lectura se produjo el error de sistema 32 (0x00000020): "El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. ". La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error: (01/26/2019 04:06:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SearchUI.exe, versión: 10.0.17134.523, marca de tiempo: 0x5c2b0d8f
Nombre del módulo con errores: ConstraintIndex.Search.dll, versión: 10.0.17134.1, marca de tiempo: 0x5acd8887
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000029f27
Identificador del proceso con errores: 0x1380
Hora de inicio de la aplicación con errores: 0x01d4b588bdd2d81e
Ruta de acceso de la aplicación con errores: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Ruta de acceso del módulo con errores: C:\Windows\System32\ConstraintIndex.Search.dll
Identificador del informe: 6af167ba-75ab-4caf-b360-9ade38a566ba
Nombre completo del paquete con errores: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy
Identificador de aplicación relativa del paquete con errores: CortanaUI

Error: (01/23/2019 09:32:32 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) No puede encontrar el objeto o propiedad

Error: (01/23/2019 09:32:32 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) No puede encontrar el objeto o propiedad


System errors:
=============
Error: (02/09/2019 02:18:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio NVIDIA Display Container LS terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 6000 milisegundos: Reiniciar el servicio.

Error: (02/09/2019 02:15:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (02/09/2019 02:15:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (02/09/2019 02:15:53 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: El controlador Bluetooth esperaba un evento HCI con un tamaño determinado pero no lo recibió.

Error: (02/09/2019 02:15:32 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QFMMTIU)
Description: El servidor {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (02/09/2019 02:15:32 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QFMMTIU)
Description: El servidor {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (02/09/2019 02:15:32 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QFMMTIU)
Description: El servidor {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (02/09/2019 02:15:32 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QFMMTIU)
Description: El servidor {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} no se registró con DCOM dentro del tiempo de espera requerido.


CodeIntegrity:
===================================

Date: 2018-11-18 11:30:43.083
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-18 11:30:43.077
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 15%
Total physical RAM: 16337.59 MB
Available physical RAM: 13786.48 MB
Total Virtual: 18769.59 MB
Available Virtual: 14812.19 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:117.89 GB) (Free:45.07 GB) NTFS
Drive d: () (Fixed) (Total:901.02 GB) (Free:900.82 GB) NTFS

\\?\Volume{0f75e50f-77b8-4fea-ae89-af99223e241e}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.59 GB) NTFS
\\?\Volume{5a5ddc44-61f2-46f6-a134-25cdab4d0d9c}\ (LENOVO_PART) (Fixed) (Total:30 GB) (Free:18.35 GB) NTFS
\\?\Volume{963a74b2-3a2c-446e-b280-406df9527a4b}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 05E1EF38)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 05E1EF0C)

Partition: GPT.

==================== End of Addition.txt ============================

#7

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Task: {0AE4A8D9-98E7-498F-ADD7-7AE52F705390} - no filepath
Task: {0F611018-B3A8-47D9-81C3-826523829192} - no filepath
Task: {31BCBEC1-3519-47DB-8A51-C919410DA6EB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2019-01-16] (AVAST Software s.r.o. -> AVAST Software)
Task: {40DDC8E6-CC5C-4688-97E4-94D69771077E} - no filepath
Task: {AA4F8AF4-F862-4B9F-BB27-039E5CE7ECBF} - no filepath
ShortcutWithArgument: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /c C:\Users\a\AppData\Local\bomgar-scc-cb\kaspersky.bomgarcloud.com\start.bat
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath
2018-11-10 12:47 - 2018-11-10 12:47 - 000000000 _____ () C:\Users\a\AppData\Roaming\fastboot.log
2018-06-25 18:16 - 2018-05-08 14:20 - 000108896 _____ (Bomgar) C:\Users\a\AppData\Local\[email protected]!-261232145547952553816-32.tmp
2018-06-25 18:16 - 2018-05-08 14:20 - 000126736 _____ (Bomgar) C:\Users\a\AppData\Local\[email protected]!-261232145547952553816-64.tmp
C:\Windows\Tasks\{7006D61F-73BE-4BCF-BE15-D207B9A90C33}.job
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.


#8

Envio el reporter de los pasos indicados , pero el programa freeyoutube sigue sin poder desinstalarse no hay forma. muchas gracias un saludo

Fix result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by a (10-02-2019 12:25:40) Run:1
Running from C:\Users\a\Desktop
Loaded Profiles: a (Available Profiles: a)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Task: {0AE4A8D9-98E7-498F-ADD7-7AE52F705390} - no filepath
Task: {0F611018-B3A8-47D9-81C3-826523829192} - no filepath
Task: {31BCBEC1-3519-47DB-8A51-C919410DA6EB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2019-01-16] (AVAST Software s.r.o. -> AVAST Software)
Task: {40DDC8E6-CC5C-4688-97E4-94D69771077E} - no filepath
Task: {AA4F8AF4-F862-4B9F-BB27-039E5CE7ECBF} - no filepath
ShortcutWithArgument: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /c C:\Users\a\AppData\Local\bomgar-scc-cb\kaspersky.bomgarcloud.com\start.bat
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath
2018-11-10 12:47 - 2018-11-10 12:47 - 000000000 _____ () C:\Users\a\AppData\Roaming\fastboot.log
2018-06-25 18:16 - 2018-05-08 14:20 - 000108896 _____ (Bomgar) C:\Users\a\AppData\Local\[email protected]!-261232145547952553816-32.tmp
2018-06-25 18:16 - 2018-05-08 14:20 - 000126736 _____ (Bomgar) C:\Users\a\AppData\Local\[email protected]!-261232145547952553816-64.tmp
C:\Windows\Tasks\{7006D61F-73BE-4BCF-BE15-D207B9A90C33}.job
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AE4A8D9-98E7-498F-ADD7-7AE52F705390}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AE4A8D9-98E7-498F-ADD7-7AE52F705390}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F611018-B3A8-47D9-81C3-826523829192}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F611018-B3A8-47D9-81C3-826523829192}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{31BCBEC1-3519-47DB-8A51-C919410DA6EB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31BCBEC1-3519-47DB-8A51-C919410DA6EB}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40DDC8E6-CC5C-4688-97E4-94D69771077E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40DDC8E6-CC5C-4688-97E4-94D69771077E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA4F8AF4-F862-4B9F-BB27-039E5CE7ECBF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA4F8AF4-F862-4B9F-BB27-039E5CE7ECBF}" => removed successfully
C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\.lnk => Shortcut argument removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
C:\Users\a\AppData\Roaming\fastboot.log => moved successfully
C:\Users\a\AppData\Local\[email protected]!-261232145547952553816-32.tmp => moved successfully
C:\Users\a\AppData\Local\[email protected]!-261232145547952553816-64.tmp => moved successfully
C:\Windows\Tasks\{7006D61F-73BE-4BCF-BE15-D207B9A90C33}.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1661841887-1548056966-1185284758-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1661841887-1548056966-1185284758-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet 3 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::29a4:ff1a:b298:6147%5
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.34
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

Adaptador de Ethernet Ethernet 3:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores



========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows Defender. Aseg£rate de que el servicio se est  ejecutando e intenta la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 505592214 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => 24168 B
Edge => 3144712 B
Chrome => 24514032 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
a => 7560919 B

RecycleBin => 33315680 B
EmptyTemp: => 557.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:25:58 ====

#9

Hola.

Que ocurre exactamente cuando intentas hacer la desinstalación desde el apartado del panel de programas instalados.??


#10

hola javier disculpa que no haya podido responder antes, pues veras intento descargarlo desde el panel de control y no hay forma y desde le ccleaner herramientas tampoco…los selecciono le doy a desisntalar y nada siguen sin desaparecer y funcionando claro. te adjunto foto del proceso desde ccleaner


#11

por supuesto he realizado todos los pasos que me indicaste anteriormente


#12

lo tengo como una garrapa no hay forma de eliminarlo con los pasos y programas anteriores que me djiste de hacer , parece que no lo reconoce como virus


#13

Bien… pues haces lo siguiente, descarga e instala este programa :arrow_right: Manual de Revo Uninstaller :+1:

Y úsalo para desinstalar todos los programas que encuentres que se llamen o tengan en su nombre, cualquiera de estas denominaciones :

Cuando Revo te pida, que selecciones el método de desinstalación, seleccionas “Avanzado”.

Si durante el proceso te solicita “Reiniciar” NO lo hagas, dile que NO y deja que Revo siga trabajando.

Cuando termines todos los procesos de desinstalación ya REINICIAS tú el ordenador.

Compruebas y nos comentas.

Saludos.


#14

ahora si Javier por fin lo elimine con Revo no sabes cuanto te lo agradezco pedazo garrapata que no había forma de eliminar jj…muchas gracias eres un Crack Un saludo y muchas gracias, dejare instalado el Revo creo que es bastante practico


#15

Perfecto :+1: excelente, nos alegra ver que ya está el problema inicial completamente arreglado, ahora solo queda eliminar las herramientas usadas.

Para hacerlo descarga :arrow_forward: DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador -).

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.

RevoUninstaller puedes dejarlo para futuras desinstalaciones que tengas que hacer, es un excelente programa. :clap:


Para cualquier otro problema, no dudes en volver a postear., ya sabes dónde estamos. :+1:

Tema Solucionado.

Saludos, Javier.


cerrado #16