Eliminar virus que causa que el teclado escriba doble y el monitor se reinicie


#1

Buenas tardes amigos del foro,

A continuación describo un problema que tengo con mi pc, que me ha causado muchos dolores de cabeza pues no puedo encontrarlo. Si alguien tiene una solución, le agradezco de antemano si comparte la forma de eliminar este virus. Tengo una pc que corre bajo el S.O. de windows 7. Tiene un disco seagate de 250 GB. Desde hace como un mes más o menos, mi pc comenzó a enlentecerse, y a mostrarse errática pues por ejemplo al encenderla, el monitor se iniciaba correctamente y de repente se apagaba y encendía solo otra vez. Luego el teclado comenzó a fallar pues comenzó a escribir doble acento y doble caracteres, como lo siguiente: Essetteee es un ejeemplo de coomomo mi teclaado eescriiebbe doooblle y con aceento escribe asi´´.

Pensé que era el teclado, así que lo limpié, al conectarlo, todo volvió a la normalidad y pensé que ya había quedado resuelto, pero al siguiente día al encender la máquina otra vez volvió el problema. Tengo el eset instalado y el malwarebytes. corrí los antivirus, luego el Spybot search and destroy, y nada, me decían que no tengo virus. Por casualidad descubrí que si dejo desconectado el teclado y desconecto la pc y el monitor durante la noche, al otro día ya no aparece el problema, pero después, a lo largo del día reaparece. Me atrevería a pensar que es problema del teclado, porque después de seguir este tutorial ya puedo escribir sin tanto problema, pero de vez en cuando aparecen las dobles letraas. Luego el monitor tiene el mismo problema, chrome es muy lento, tenía casi el disco duro a su capacidad tope pero borré como 100 GB de descargas, peroo aún sigue muy lento y a veces se congela unos minutos.

He descargado muchos archivos de internet y por ello tengo mis sospechas de que es un troyano para minar cryptos.

Además cuando este problema se presenta -el de escribir doble- y uso la tecla Shift, me aparece este mensaje:

¿Qué podría hacer ?


#2

Buenas @fisher

Para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

Realiza TODOS los pasos aunque alguno ya lo hayas realizado/usado y descarga de nuevo TODAS las herramientas indicadas aunque alguna ya la hubieras instalado previamente.

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos Javier.


#3

Gracias por la pronta respuesta.

He seguido el proceso al pie de la letra y aunque el chrome funciona un poco más rápido (me imagino que es por el reciente boorrado de caché) el teclado sigue igual. A continuación los reportets:

MALWAREBYTES

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 9/3/19
Hora del análisis: 13:46
Archivo de registro: 149a1a75-42a4-11e9-b069-1078d28287da.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.538
Versión del paquete de actualización: 1.0.9594
Licencia: Gratis

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: Admin-PC\Admin

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 266254
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 5 min, 20 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

ADWCLEANER

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-01-25.2 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    03-09-2019
# Duration: 00:00:02
# OS:       Windows 7 Ultimate
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1253 octets] - [09/03/2019 13:53:16]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64 
Ran by Admin (Administrator) on 09/03/2019 at 13:57:53,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 29 

Successfully deleted: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Users\Public\thunder network (Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6E09T0F5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIKMD7Q6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUYZ8DJB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INA1OM38 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE0EO0YQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OAA72HJN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QR3D19MG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBLDM85A (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z8DIUH9L (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6E09T0F5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIKMD7Q6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUYZ8DJB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INA1OM38 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE0EO0YQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OAA72HJN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QR3D19MG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBLDM85A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z8DIUH9L (Temporary Internet Files Folder) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/03/2019 at 14:52:25,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#4

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.03.2019 01
Ran by Admin (administrator) on ADMIN-PC (09-03-2019 15:35:18)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin &  (Available Profiles: Admin & Invitado)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(BlueStack Systems, Inc. -> BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-11-29] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309492\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-21-1020017746-2564302019-409182911-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-1020017746-2564302019-409182911-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53540200 2019-02-21] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1020017746-2564302019-409182911-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19646312 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53540200 2019-02-21] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19646312 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-06] (Google LLC -> Google Inc.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1020017746-2564302019-409182911-1000] => 178.128.178.93:8080
ProxyServer: [S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960] => 178.128.178.93:8080
Hosts: 127.0.0.1       platform.wondershare.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3D0CBD89-4285-4391-9FFF-890CF6E392CC}: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{912499E2-1079-4136-B3AA-14489ABD953A}: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{96A6B9BC-83EF-4E60-B040-5A613903BD79}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B8AE8C2B-CA46-467B-9837-34226B2C5A26}: [NameServer] 208.67.222.222,209.67.220.220

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-02] (Oracle America, Inc. -> Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2018-03-14] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ssfk7292.default-1533535281217
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ssfk7292.default-1533535281217 [2019-03-09]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-06] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-01-06] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems Incorporated -> Adobe Systems)

Chrome: 
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2019-03-09]
CHR Extension: (Video Scrubber for Instagram) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apondjajmejlodhkaenofcicoiiekghf [2019-02-28]
CHR Extension: (Full Page Screen Capture) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2019-03-06]
CHR Extension: (WordPress Theme Detector and Plugins Detector) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdflfokckhmchfpokjmpcoblghjngjja [2019-02-28]
CHR Extension: (Image blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhbghdfcdepfhgeklhdhlmdldiiaajp [2019-01-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-11] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-11] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-11] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET, spol. s r.o. -> ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Atc002; C:\Windows\System32\DRIVERS\l260x64.sys [34304 2009-06-10] (Microsoft Windows -> Atheros Communications, Inc.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-11] (Bluestack Systems, Inc. -> BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [143448 2018-11-29] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107896 2018-11-29] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [188832 2018-10-17] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50144 2018-10-17] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82304 2018-10-17] (ESET, spol. s r.o. -> ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61528 2018-10-17] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [109864 2018-10-17] (ESET, spol. s r.o. -> ESET)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [6180832 2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-03-09] (Malwarebytes Corporation -> Malwarebytes)
R2 PHYMEM; C:\Windows\system32\ami_ipower.sys [15992 2016-09-28] (American Megatrends India Private Limited -> )
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security S.L. -> Panda Security, S.L.)
S3 RD9700; C:\Windows\System32\DRIVERS\RD9700.sys [21504 2012-01-04] (Microsoft Windows Hardware Compatibility Publisher -> Corechip Semiconductor, Inc. Co Ltd.)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2016-09-21] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [36040 2015-09-11] (SaferSocial Ltd -> The OpenVPN Project)
S3 tap0901_openvpn_accl; C:\Windows\System32\DRIVERS\tap0901_openvpn_accl.sys [37912 2016-09-12] (FlyVPN INC -> The OpenVPN Project)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-09 15:35 - 2019-03-09 15:40 - 000016553 _____ C:\Users\Admin\Desktop\FRST.txt
2019-03-09 15:25 - 2019-03-09 15:25 - 000000000 ____D C:\FRST
2019-03-09 14:52 - 2019-03-09 14:52 - 000005170 _____ C:\Users\Admin\Desktop\JRT.txt
2019-03-09 13:56 - 2019-03-09 15:32 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-03-09 13:52 - 2019-03-09 13:53 - 000000000 ____D C:\AdwCleaner
2019-03-09 13:45 - 2019-03-09 13:45 - 000001879 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-09 13:45 - 2019-03-09 13:45 - 000001879 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-03-09 13:45 - 2019-03-09 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-09 13:45 - 2019-03-09 13:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-09 13:45 - 2019-03-09 13:45 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-09 13:45 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-03-09 13:41 - 2019-03-09 15:05 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-03-09 12:11 - 2019-03-09 12:11 - 007316688 _____ (Malwarebytes) C:\Users\Admin\Desktop\adwcleaner_7.2.7.0.exe
2019-03-09 12:01 - 2019-03-09 12:04 - 002434560 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2019-03-09 11:58 - 2019-03-09 11:58 - 001790024 _____ (Malwarebytes) C:\Users\Admin\Desktop\JRT.exe
2019-03-09 11:56 - 2019-03-09 11:58 - 064296368 _____ (Malwarebytes ) C:\Users\Admin\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9594.exe
2019-03-09 11:49 - 2019-03-09 11:57 - 019384632 _____ (Piriform Software Ltd) C:\Users\Admin\Desktop\ccsetup553.exe
2019-03-07 23:04 - 2019-03-07 23:08 - 000002018 _____ C:\Users\Admin\Desktop\Rkill.txt
2019-03-07 14:38 - 2019-03-07 14:39 - 000000424 __RSH C:\ProgramData\ntuser.pol
2019-03-07 14:10 - 2019-03-07 14:14 - 1846108748 _____ C:\Users\Invitado\Desktop\boda misa y deysi.zip
2019-03-07 14:01 - 2019-03-07 14:01 - 000002561 _____ C:\Windows\diagwrn.xml
2019-03-07 14:01 - 2019-03-07 14:01 - 000001908 _____ C:\Windows\diagerr.xml
2019-03-07 12:02 - 2019-03-07 12:02 - 000000000 ____D C:\ProgramData\Mozilla
2019-03-06 20:14 - 2019-03-06 20:14 - 000000000 ____D C:\Users\Invitado\AppData\Local\ESET
2019-03-05 23:36 - 2019-03-05 23:36 - 000000000 ____D C:\Users\Admin\Downloads\Youtube Advanced Masterclass 2019
2019-03-05 14:13 - 2019-03-05 14:13 - 000030496 _____ C:\Users\Admin\Desktop\relojes.mp4.sfk
2019-03-05 00:15 - 2019-03-07 23:35 - 000000000 ____D C:\Users\Admin\AppData\Local\ESET
2019-03-05 00:15 - 2019-03-05 00:15 - 000001951 _____ C:\Users\Public\Desktop\ESET Protección de pagos y banca online.lnk
2019-03-05 00:15 - 2019-03-05 00:15 - 000001951 _____ C:\ProgramData\Desktop\ESET Protección de pagos y banca online.lnk
2019-03-05 00:08 - 2019-03-05 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2019-03-05 00:08 - 2019-03-05 00:08 - 000000000 ____D C:\ProgramData\ESET
2019-03-05 00:08 - 2019-03-05 00:08 - 000000000 ____D C:\Program Files\ESET
2019-02-28 22:25 - 2019-02-28 22:25 - 000000000 __SHD C:\found.004
2019-02-27 08:52 - 2015-09-14 13:03 - 000039672 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2019-02-27 08:52 - 2015-01-29 18:21 - 000050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2019-02-27 08:51 - 2019-02-27 08:51 - 000000000 ____D C:\Program Files (x86)\Panda Security
2019-02-20 13:07 - 2019-02-20 13:07 - 000000218 _____ C:\Users\Admin\AppData\Local\recently-used.xbel
2019-02-19 09:42 - 2019-03-04 22:33 - 000001324 _____ C:\Users\Public\Desktop\Skype.lnk
2019-02-19 09:42 - 2019-03-04 22:33 - 000001324 _____ C:\ProgramData\Desktop\Skype.lnk
2019-02-19 09:42 - 2019-03-04 22:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-02-19 09:42 - 2019-02-19 09:42 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Skype

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-09 15:38 - 2009-07-13 22:45 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-03-09 15:38 - 2009-07-13 22:45 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-03-09 15:34 - 2018-12-26 19:26 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-03-09 15:30 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-09 13:44 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2019-03-09 13:41 - 2017-04-08 17:09 - 000000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-03-09 13:41 - 2017-04-08 17:09 - 000000828 _____ C:\ProgramData\Desktop\CCleaner.lnk
2019-03-09 13:41 - 2017-04-08 17:09 - 000000000 ____D C:\Program Files\CCleaner
2019-03-09 13:41 - 2016-11-27 20:51 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2019-03-08 23:36 - 2016-09-23 23:47 - 000001456 _____ C:\Users\Admin\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2019-03-08 19:16 - 2016-09-09 02:30 - 000220416 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2019-03-08 11:22 - 2018-10-28 21:16 - 000000000 ____D C:\Users\Admin\AppData\Roaming\inkscape
2019-03-08 11:22 - 2016-10-10 18:11 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2019-03-07 23:35 - 2016-09-13 16:05 - 000000000 ____D C:\Program Files (x86)\Opera
2019-03-07 21:13 - 2009-07-13 22:45 - 007215296 _____ C:\Windows\system32\FNTCACHE.DAT
2019-03-07 18:55 - 2017-04-13 12:50 - 000000000 ____D C:\Users\Admin\AppData\Roaming\TeamViewer
2019-03-07 14:38 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2019-03-07 12:02 - 2018-08-05 23:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-03-07 12:02 - 2016-12-23 12:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-03-07 12:01 - 2018-01-25 13:31 - 000000000 ____D C:\Users\Admin\Desktop\DATA
2019-03-06 13:24 - 2019-01-06 19:14 - 000002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-06 13:24 - 2019-01-06 19:14 - 000002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-03-06 13:24 - 2019-01-06 19:14 - 000002193 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-03-05 21:51 - 2016-09-10 14:25 - 000007700 _____ C:\Users\Admin\Desktop\newdata2019.txt
2019-03-05 00:20 - 2009-07-14 03:31 - 000751176 _____ C:\Windows\system32\perfh00A.dat
2019-03-05 00:20 - 2009-07-14 03:31 - 000160200 _____ C:\Windows\system32\perfc00A.dat
2019-03-05 00:20 - 2009-07-13 23:13 - 001686082 _____ C:\Windows\system32\PerfStringBackup.INI
2019-03-03 16:20 - 2017-10-22 08:08 - 000000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2019-03-01 12:34 - 2016-09-13 16:08 - 000003854 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1473804455
2019-02-27 11:50 - 2018-12-26 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2019-02-27 11:50 - 2018-12-25 12:59 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bryxen Software
2019-02-23 23:39 - 2016-09-11 12:26 - 000002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-19 10:34 - 2017-04-21 13:14 - 000000000 ____D C:\Users\Admin\AppData\Local\TeamViewer
2019-02-19 08:59 - 2016-09-09 10:14 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-02-14 19:57 - 2016-09-11 12:27 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2016-09-29 08:16 - 2016-09-29 08:48 - 000002432 _____ () C:\Users\Admin\AppData\Roaming\droid4xinstaller.log
2019-01-11 16:55 - 2019-03-07 13:13 - 000015372 _____ () C:\Users\Admin\AppData\Roaming\Safer-Networking.log
2016-09-26 22:32 - 2016-09-26 22:49 - 000000006 _____ () C:\Users\Admin\AppData\Roaming\sc_client.pid
2016-09-23 23:47 - 2019-03-08 23:36 - 000001456 _____ () C:\Users\Admin\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2018-09-28 08:24 - 2018-09-28 08:24 - 000000000 _____ () C:\Users\Admin\AppData\Local\oobelibMkey.log
2018-11-23 12:10 - 2018-11-23 12:10 - 000000600 _____ () C:\Users\Admin\AppData\Local\PUTTY.RND
2019-02-20 13:07 - 2019-02-20 13:07 - 000000218 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2016-09-10 11:38 - 2016-09-10 11:38 - 000000000 _____ () C:\Users\Admin\AppData\Local\{9B7F615F-4BD1-45D5-A8C8-484928F64C88}
2018-10-29 04:11 - 2018-10-29 04:11 - 000000000 _____ () C:\Users\Admin\AppData\Local\{C1371400-063C-4B69-BB9B-F82A2B7CC96C}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-03-07 00:14

==================== End of FRST.txt ============================

#5

ADDITION

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.03.2019 01
Ran by Admin (09-03-2019 15:41:34)
Running from C:\Users\Admin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-09-09 08:19:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-1020017746-2564302019-409182911-1000 - Administrator - Enabled) => C:\Users\Admin
Administrador (S-1-5-21-1020017746-2564302019-409182911-500 - Administrator - Disabled)
Invitado (S-1-5-21-1020017746-2564302019-409182911-501 - Limited - Enabled) => C:\Users\Invitado

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: ESET Security (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Cortafuegos (Disabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Authy Desktop (HKU\S-1-5-21-1020017746-2564302019-409182911-1000\...\authy) (Version: 1.6.0 - Twilio Inc.)
Authy Desktop (HKU\S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960\...\authy) (Version: 1.6.0 - Twilio Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.4.44.6257 - BlueStack Systems, Inc.)
Camtasia 9 (HKLM\...\{8AD50DED-EE14-4FEC-BC2C-F229C3BEFE58}) (Version: 9.0.3.1627 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{1d9398f4-c133-41a0-9ea1-1600af791234}) (Version: 9.0.3.1627 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.53 - Piriform)
Compatibilidad con Aplicaciones de Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Electroneum Pool Miner BETA v1.1 (HKLM-x32\...\Electroneum Pool Miner BETA v1.1) (Version:  - )
ESET Security (HKLM\...\{F1544F11-BFCC-43CC-9D0C-169A7E99369E}) (Version: 12.0.31.0 - ESET, spol. s r.o.)
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
FileZilla Client 3.38.0 (HKU\S-1-5-21-1020017746-2564302019-409182911-1000\...\FileZilla Client) (Version: 3.38.0 - Tim Kosse)
FileZilla Client 3.38.0 (HKU\S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960\...\FileZilla Client) (Version: 3.38.0 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Inkscape 0.92.3 (HKLM-x32\...\Inkscape) (Version: 0.92.3 - Inkscape Project)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 0.0.0.0000 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 - Microsoft Corporation)
Mozilla Firefox 65.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 65.0.2 (x86 en-US)) (Version: 65.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team)
Opera Stable 58.0.3135.79 (HKLM-x32\...\Opera 58.0.3135.79) (Version: 58.0.3135.79 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PDF24 Creator 7.9.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 2.2 - Vaclav Slavik)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Skype versión 8.40 (HKLM-x32\...\Skype_is1) (Version: 8.40 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Update for Skype for Business 2015 (KB4461446) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFBBF6D0-F140-40E9-B5AE-BDE708FC4817}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4461446) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFBBF6D0-F140-40E9-B5AE-BDE708FC4817}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4461446) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{BFBBF6D0-F140-40E9-B5AE-BDE708FC4817}) (Version:  - Microsoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{204DC300-0BC8-11E5-B87F-F04DA23A5C58}) (Version: 13.0.453 - Sony)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1020017746-2564302019-409182911-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1020017746-2564302019-409182911-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1020017746-2564302019-409182911-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1020017746-2564302019-409182911-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1020017746-2564302019-409182911-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1020017746-2564302019-409182911-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1020017746-2564302019-409182911-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-09-21] (Notepad++ -> )
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D89EEB8-53A5-4D94-998C-BD2D3FED0C6F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {209EE874-0C8F-4B7B-AED1-103B2304B8E6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3CE6E7E1-BB8E-4548-97DA-3CA7E377D516} - System32\Tasks\Opera scheduled Autoupdate 1473804455 => C:\Program Files (x86)\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {4345A477-5673-49CB-8F8E-80145FE10A17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {47104B5B-2BC3-4893-82E2-406BEEDD9956} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {4F69EA0D-FC33-4EEF-90CC-EA87BBE9154D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {537A3DAF-EDFF-44AB-B555-C3FADE756540} - System32\Tasks\{C5BC44AD-9020-4727-B6B1-775E229EFF2F} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Downloads\intel_g31_14374645218_xp64.exe -d C:\Users\Admin\Downloads
Task: {5CB1F682-49F5-47EF-8FD0-ED304CA7E071} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {74CCB1DD-E724-4031-9AD2-704AAFF346BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {A484F3A3-FE1E-426B-A4AE-DA108F8320D3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
Task: {B141C890-0B2A-43EA-9F52-263197DC5E68} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {BCD2D9EA-5FBC-4B80-A743-2E0155C50B05} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
Task: {CA12F2D9-6084-4BF2-8A66-30C7FE41B618} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {F396854E-49DD-4542-9450-AEF620ED6667} - System32\Tasks\AdobeGCInvoker-1.0-Admin-PC-Admin => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {FF0F9BE5-641E-436F-AB79-63190EAAF4D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Persona 2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2018-12-26 19:34 - 2016-09-21 11:09 - 004088608 _____ (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
2018-12-26 19:34 - 2016-11-24 11:34 - 000235984 _____ (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
2018-09-07 16:29 - 2018-04-30 06:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-09 13:45 - 2019-02-01 09:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-09 13:45 - 2019-02-01 09:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2016-10-02 23:25 - 000000889 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1       platform.wondershare.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-1020017746-2564302019-409182911-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1020017746-2564302019-409182911-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309960\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1020017746-2564302019-409182911-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153310506\Control Panel\Desktop\\Wallpaper -> C:\Users\Invitado\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jarvee.lnk => C:\Windows\pss\Jarvee.lnk.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{96DE26B5-B6B0-4278-8624-4A05887C4C68}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9D8FB349-B3C4-4ED9-8304-BEE4C70EA9E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CCDC90AE-4BD2-4FC3-BA4A-8BC9D938C639}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D66DEE5B-3FA9-4E16-A716-BC016EA02B48}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0F85EF77-7686-4A16-9CCD-F0D0B341FC15}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{81E01555-F3BF-4C7C-8F32-ACED2BE2B934}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{74E772CB-4FFD-4A31-9225-F29F1260CA5F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{387E2024-C02E-4278-9EF2-9DBED0128C0F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0F6C4D73-6A81-45CF-9C83-8FFD80A8ECBB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EC8B7AA2-3DE1-4FC4-8142-CA94C579809C}] => (Allow) LPort=8318
FirewallRules: [{37800449-F20C-4895-B31C-5A500BB595C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5B379CA5-94DF-4FF9-85AC-398C13CEB123}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1F0FE0D9-A0C6-4E4E-887C-5EABD46647BF}] => (Allow) LPort=21
FirewallRules: [{C05D8967-5DC4-4272-AD50-A60E18264AD0}] => (Allow) C:\Program Files (x86)\Opera\58.0.3135.68\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{E3A32A7C-72B9-473A-A9FC-4A2A93331DB6}] => (Allow) C:\Program Files (x86)\Opera\58.0.3135.79\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{F2C67385-245C-4C17-B12F-93BFD882144E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1E6F7B04-5CC5-46ED-A624-87649BAF552D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7D5D100D-9FC5-459D-AC08-ED4889AB191A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

09-03-2019 13:57:56 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2019 11:27:12 AM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2019-03-09T19:21:12Z. Error Code: 0x80070005.

Error: (03/09/2019 09:27:12 AM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2019-03-09T17:21:12Z. Error Code: 0x80070005.

Error: (03/09/2019 09:17:12 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/08/2019 01:43:01 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2019-03-08T21:36:54Z. Error Code: 0x80070005.

Error: (03/08/2019 11:42:53 AM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2019-03-08T19:36:52Z. Error Code: 0x80070005.

Error: (03/08/2019 11:22:04 AM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (660) WebCacheLocal: Error inesperado al recuperar o restaurar la base de datos -551.

Error: (03/08/2019 11:22:04 AM) (Source: ESENT) (EventID: 517) (User: )
Description: taskhost (660) WebCacheLocal: Error -551 al recuperar la base de datos: se encontraron referencias a la base de datos 'C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat', que no coincide con el conjunto de registros actual. El motor de base de datos no permitirá que se complete la recuperación de esta instancia hasta que se restablezca la base de datos no coincidente. Si la base de datos ya no está disponible o no es necesaria, encontrará los procedimientos para recuperarse de este error en Microsoft Knowledge Base o en el vínculo "más información" en la parte inferior de este mensaje.

Error: (03/08/2019 11:22:04 AM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (660) WebCacheLocal: Se detectaron daños durante la recuperación parcial en el archivo de registro C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log. El registro de suma de comprobación no válido se encuentra en la posición END. Los datos que no coinciden con el modelo de relleno del archivo de registro aparecen por primera vez en el sector 396 (0x0000018C). El archivo de registro está dañado y no se puede utilizar.


System errors:
=============
Error: (03/09/2019 03:29:56 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: NT AUTHORITY)
Description: El servicio de inicio de sesión de eventos detectó un error al inicializar recursos de publicación para el canal Microsoft-RMS-MSIPC/Debug. Si el tipo de canal es Analítico o Depurador, podría indicar también un error de inicialización de recursos de registro.

Error: (03/09/2019 03:29:56 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: NT AUTHORITY)
Description: El servicio de inicio de sesión de eventos detectó un error al inicializar recursos de publicación para el canal DebugChannel. Si el tipo de canal es Analítico o Depurador, podría indicar también un error de inicialización de recursos de registro.

Error: (03/09/2019 03:29:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Centro de seguridad se cerró con el siguiente error: 
No se conoce el servicio de autenticación.

Error: (03/09/2019 03:28:45 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: NT AUTHORITY)
Description: El servicio de inicio de sesión de eventos detectó un error al inicializar recursos de publicación para el canal Microsoft-RMS-MSIPC/Debug. Si el tipo de canal es Analítico o Depurador, podría indicar también un error de inicialización de recursos de registro.

Error: (03/09/2019 03:28:45 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: NT AUTHORITY)
Description: El servicio de inicio de sesión de eventos detectó un error al inicializar recursos de publicación para el canal DebugChannel. Si el tipo de canal es Analítico o Depurador, podría indicar también un error de inicialización de recursos de registro.

Error: (03/09/2019 03:28:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: El cierre anterior del sistema a las 15:27:03 del ‎09/‎03/‎2019 resultó inesperado.

Error: (03/09/2019 01:54:44 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: NT AUTHORITY)
Description: El servicio de inicio de sesión de eventos detectó un error al inicializar recursos de publicación para el canal Microsoft-RMS-MSIPC/Debug. Si el tipo de canal es Analítico o Depurador, podría indicar también un error de inicialización de recursos de registro.

Error: (03/09/2019 01:54:44 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 22) (User: NT AUTHORITY)
Description: El servicio de inicio de sesión de eventos detectó un error al inicializar recursos de publicación para el canal DebugChannel. Si el tipo de canal es Analítico o Depurador, podría indicar también un error de inicialización de recursos de registro.


Windows Defender:
===================================
Date: 2019-01-06 17:42:49.766
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

Date: 2018-05-30 13:10:27.413
Description: 
El motor de %1 se detuvo debido a un error inesperado.
Tipo de error:%5
Código de excepción:%6
Recurso:%3

Date: 2018-02-27 14:21:03.828
Description: 
El motor de %1 se detuvo debido a un error inesperado.
Tipo de error:%5
Código de excepción:%6
Recurso:%3

Date: 2017-02-19 12:02:48.086
Description: 
El motor de %1 se detuvo debido a un error inesperado.
Tipo de error:%5
Código de excepción:%6
Recurso:%3

CodeIntegrity:
===================================

Date: 2017-04-12 17:40:04.822
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security Premium\Drivers\eelam\eelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2017-04-12 17:40:04.822
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security Premium\Drivers\eelam\eelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2017-04-12 17:40:04.812
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security Premium\Drivers\eelam\eelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2017-04-11 15:35:18.510
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security Premium\Drivers\eelam\eelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2017-04-11 15:35:18.510
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security Premium\Drivers\eelam\eelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2017-04-11 15:35:18.510
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security Premium\Drivers\eelam\eelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2017-04-10 17:23:08.475
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security Premium\Drivers\eelam\eelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2017-04-10 17:23:08.472
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security Premium\Drivers\eelam\eelam.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU E3400 @ 2.60GHz
Percentage of memory in use: 93%
Total physical RAM: 2038.24 MB
Available physical RAM: 127.34 MB
Total Virtual: 4076.48 MB
Available Virtual: 689.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:163.08 GB) NTFS

\\?\Volume{a09be119-7664-11e6-a36a-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: EA6B7398)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#6

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
Task: {537A3DAF-EDFF-44AB-B555-C3FADE756540} - System32\Tasks\{C5BC44AD-9020-4727-B6B1-775E229EFF2F} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Downloads\intel_g31_14374645218_xp64.exe -d C:\Users\Admin\Downloads
GroupPolicy: Restriction ? <==== ATTENTION
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309492\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
GroupPolicy: Restriction ? <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security S.L. -> Panda Security, S.L.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-09-29 08:16 - 2016-09-29 08:48 - 000002432 _____ () C:\Users\Admin\AppData\Roaming\droid4xinstaller.log
2019-01-11 16:55 - 2019-03-07 13:13 - 000015372 _____ () C:\Users\Admin\AppData\Roaming\Safer-Networking.log
2016-09-26 22:32 - 2016-09-26 22:49 - 000000006 _____ () C:\Users\Admin\AppData\Roaming\sc_client.pid
2018-09-28 08:24 - 2018-09-28 08:24 - 000000000 _____ () C:\Users\Admin\AppData\Local\oobelibMkey.log
2018-11-23 12:10 - 2018-11-23 12:10 - 000000600 _____ () C:\Users\Admin\AppData\Local\PUTTY.RND
2019-02-20 13:07 - 2019-02-20 13:07 - 000000218 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2016-09-10 11:38 - 2016-09-10 11:38 - 000000000 _____ () C:\Users\Admin\AppData\Local\{9B7F615F-4BD1-45D5-A8C8-484928F64C88}
2018-10-29 04:11 - 2018-10-29 04:11 - 000000000 _____ () C:\Users\Admin\AppData\Local\{C1371400-063C-4B69-BB9B-F82A2B7CC96C}
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora inicia tu equipo desde el :arrow_forward: Modo Seguro – con funciones de Red, de Windows

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.


#7

Siguiendo las indicaciones, este es el reporte que arroja FRST:

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.03.2019 01
Ran by Admin (09-03-2019 20:14:18) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Invitado)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
Task: {537A3DAF-EDFF-44AB-B555-C3FADE756540} - System32\Tasks\{C5BC44AD-9020-4727-B6B1-775E229EFF2F} => C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Downloads\intel_g31_14374645218_xp64.exe -d C:\Users\Admin\Downloads
GroupPolicy: Restriction ? <==== ATTENTION
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309492\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
GroupPolicy: Restriction ? <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security S.L. -> Panda Security, S.L.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-09-29 08:16 - 2016-09-29 08:48 - 000002432 _____ () C:\Users\Admin\AppData\Roaming\droid4xinstaller.log
2019-01-11 16:55 - 2019-03-07 13:13 - 000015372 _____ () C:\Users\Admin\AppData\Roaming\Safer-Networking.log
2016-09-26 22:32 - 2016-09-26 22:49 - 000000006 _____ () C:\Users\Admin\AppData\Roaming\sc_client.pid
2018-09-28 08:24 - 2018-09-28 08:24 - 000000000 _____ () C:\Users\Admin\AppData\Local\oobelibMkey.log
2018-11-23 12:10 - 2018-11-23 12:10 - 000000600 _____ () C:\Users\Admin\AppData\Local\PUTTY.RND
2019-02-20 13:07 - 2019-02-20 13:07 - 000000218 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2016-09-10 11:38 - 2016-09-10 11:38 - 000000000 _____ () C:\Users\Admin\AppData\Local\{9B7F615F-4BD1-45D5-A8C8-484928F64C88}
2018-10-29 04:11 - 2018-10-29 04:11 - 000000000 _____ () C:\Users\Admin\AppData\Local\{C1371400-063C-4B69-BB9B-F82A2B7CC96C}
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
HKLM\Software\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
HKLM\Software\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
HKLM\Software\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{537A3DAF-EDFF-44AB-B555-C3FADE756540}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{537A3DAF-EDFF-44AB-B555-C3FADE756540}" => removed successfully
C:\Windows\System32\Tasks\{C5BC44AD-9020-4727-B6B1-775E229EFF2F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C5BC44AD-9020-4727-B6B1-775E229EFF2F}" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092019153309492\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 => Error: No automatic fix found for this entry.
"C:\Windows\system32\GroupPolicy\Machine" => not found
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\System\CurrentControlSet\Services\PSKMAD => removed successfully
PSKMAD => service removed successfully
HKLM\System\CurrentControlSet\Services\Synth3dVsc => removed successfully
Synth3dVsc => service removed successfully
HKLM\System\CurrentControlSet\Services\tsusbhub => removed successfully
tsusbhub => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
C:\Users\Admin\AppData\Roaming\droid4xinstaller.log => moved successfully
C:\Users\Admin\AppData\Roaming\Safer-Networking.log => moved successfully
C:\Users\Admin\AppData\Roaming\sc_client.pid => moved successfully
C:\Users\Admin\AppData\Local\oobelibMkey.log => moved successfully
C:\Users\Admin\AppData\Local\PUTTY.RND => moved successfully
C:\Users\Admin\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Admin\AppData\Local\{9B7F615F-4BD1-45D5-A8C8-484928F64C88} => moved successfully
C:\Users\Admin\AppData\Local\{C1371400-063C-4B69-BB9B-F82A2B7CC96C} => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1020017746-2564302019-409182911-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKU\S-1-5-21-1020017746-2564302019-409182911-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1020017746-2564302019-409182911-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : rga.ip
   Direcci¢n IPv6 . . . . . . . . . . : 2806:105e:1f:5c1c:61a8:b2ac:1bba:165
   Direcci¢n IPv6 temporal. . . . . . : 2806:105e:1f:5c1c:f444:2b3e:a65c:b213
   V¡nculo: direcci¢n IPv6 local. . . : fe80::61a8:b2ac:1bba:165%10
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.66
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : fe80::1%10
                                       192.168.1.254

Adaptador de t£nel isatap.rga.ip:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14539155 B
Java, Flash, Steam htmlcache => 510 B
Windows/system/drivers => 845520 B
Edge => 0 B
Chrome => 153199316 B
Firefox => 16916745 B
Opera => 147692 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 36431624 B
systemprofile32 => 66088 B
LocalService => 66228 B
NetworkService => 66228 B
Admin => 5096616 B
Invitado => 19092841 B

RecycleBin => 15726 B
EmptyTemp: => 235.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:14:38 ====

Sobre el funcionamiento de la máquina: En general, es el mismo. El teclado todavía funciona igual.


#8

Actualización: tenía la extensión Hola VPN para chrome y después de realizar el proceso anterior, la extensión dejó de funcionar y en More Tools/Extensions de Chrome deciá que la extensión estaba corrupta así que la eliminé, junto ccn otras que tenía y ahora el chrome funciona un poco más rápido. Sin embargo el teclado sigue ioual.

Saludos.


#9

Hola.

El problema del teclado es muy probable que sea problema físico/hardware de ese teclado, :smirk: podrías conseguir o que te dejen algún otro teclado para probarlo. :thinking:

Para restablecer correctamente Chrome sigue estos pasos :

  • Escribes en la barra de direcciones chrome://settings/syncSetup

Y comprueba/desactiva la opción “Sincronizar todo” y después de hacerlo :

  • Escribes en la barra de direcciones chrome://settings/resetProfileSettings y aceptas la opción de “Restablecer la configuración”.

Después de hacerlo cierras el navegador lo vuelves a iniciar y compruebas que NO te quede ninguna extensión EXTRAÑA en el apartado de las extensiones de Chrome y verificas de nuevo el problema.

Nos comentas resultados. :thinking:

Saludos.


#10

Buenos días,

Actualmente no cuento con otro teclado para probar la pc. El navegador ya funciona normal, sin embargo los síntomas del monitor y teclado siguen. Quizás se deba a mal funcionamiento del hardware como dices.

Al parecer está limpia la pc, así que quizás sea eso. Gracias por la ayuda para ocregir el problema. Saludos.


#11

Hola.

Si quieres podemos hacer un par de comprobaciones mas con otras herramientas, por dejarlo mas seguro y descartar. :thinking:

Tu nos comentas y te damos otros pasos.

Saludos.