Error Line 0, ¿Cómo solucionarlo?

Holaa bueno he tenido un problemilla al que no le he tomado tanta importancia, pero se ha vuelto molesto, y e que al iniciar el equipo me ale una pestaña que dice así:

            AutoIt Error Line 0 (File “C:\streamer\stream.txt”): Error: Error opening the file.

No se como solucionarlo gentee, agradeceria mucho su ayuda. :smile:

Realiza los siguientes pasos, , aunque ya hayas echo alguno, sin cambiar el orden

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware,

Manual Malwarebytes, para que sepas usarlo y configurarlo.

  • Realiza un Análisis Personalizado,marcando Todas las casillas de la derecha y de la Izquierda actualizando si te lo pide.
  • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
  • Para acceder posteriormente al informe del análisis : Informes >> Registro de análisis >> Pulsar en >> Exportar >> Copiar al Portapapeles, y lo pegas en tu respuesta

2) Descarga Adwcleaner en el escritorio.

  • Desactiva tu antivirus :arrow_forward:Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad.

  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Pulsar en el botón Analizar Ahora, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Iniciar Reparacion.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • Si no encuentra nada, pulsamos “Omitir Reparación

  • El log lo encontramos en la pestaña “Informes”, volviendo a abrir el programa, si es necesario o en"C:\AdwCleaner\Logs\AdwCleaner[C0].txt"

Puedes mirar su manual >> Manual de Adwcleaner

3) Descarga Ccleaner

Instalalo y ejecútalo. En la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador. Clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad.

Pega los reportes de Malwarebytes, AdwCleaner y comentas como va el problema.


1 me gusta

estoy en eso… .

Ok,…,…

Esperamos

Malwarebytes

www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 6/8/19
Hora del análisis: 18:52
Archivo de registro: 42ab8bb1-b8a5-11e9-b691-00ff03793524.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.11890
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: HOME-PC\Test

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 450602
Amenazas detectadas: 16
Amenazas en cuarentena: 16
Tiempo transcurrido: 3 hr, 3 min, 18 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 1
Generic.Malware/Suspicious, C:\PROGRAMDATA\KMSAUTO\BIN\TUNMIRROR.EXE, En cuarentena, [0], [392686],1.0.11890

Módulo: 1
Generic.Malware/Suspicious, C:\PROGRAMDATA\KMSAUTO\BIN\TUNMIRROR.EXE, En cuarentena, [0], [392686],1.0.11890

Clave del registro: 1
Generic.Malware/Suspicious, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TunMirror, En cuarentena, [0], [392686],1.0.11890

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 1
PUP.Optional.HuluSearch, HKU\S-1-5-21-1077858803-3640473112-284975635-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Sustituido, [13297], [568546],1.0.11890

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 12
Generic.Malware/Suspicious, C:\PROGRAMDATA\KMSAUTO\BIN\TUNMIRROR.EXE, En cuarentena, [0], [392686],1.0.11890
Backdoor.Agent.Generic, C:\USERS\DANIS 2\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\UYJBVSXGHYVHXRB.FR.URL, En cuarentena, [5686], [663262],1.0.11890
Trojan.Agent.VBS, C:\USERS\TEST\APPDATA\ROAMING\VIDEO.3GP, En cuarentena, [1140], [576730],1.0.11890
CrackTool.Agent, C:\PROGRAM FILES\ADOBE\ADOBE PHOTOSHOP CC 2018\AMTEMU.V0.9.2-PAINTER.EXE, En cuarentena, [6060], [445980],1.0.11890
Generic.Malware/Suspicious, C:\PROGRAMDATA\KMSAUTO\KMSAUTO NET.EXE, En cuarentena, [0], [392686],1.0.11890
Generic.Malware/Suspicious, C:\WINDOWS\SETUP\SCRIPTS\TEMP\KMSERVICE.EXE, En cuarentena, [0], [392686],1.0.11890
Heuristics.Shuriken, D:\ARCHIVOS RECUPERADOS DE PC\YEFRI\SOFTWARD\NEW FOLDER\DATOS GERENCIA\CRYSTAL INSTALADOR\SETUP.EXE, Sustituido, [9774], [167],0.0.0
Heuristics.Shuriken, D:\ARCHIVOS RECUPERADOS DE PC\YEFRI\SOFTWARD\NEW FOLDER\DATOS GERENCIA\DRIVERS\AUD_XP_5.10.0.6201_PV\VISTA64\SFAPO64.DLL, En cuarentena, [9774], [167],1.0.11890
Generic.Malware/Suspicious, D:\ARCHIVOS RECUPERADOS DE PC\YEFRI\SOFTWARD\NEW FOLDER\DATOS GERENCIA\EMULADOR WINDOWS 98\VMWARE WORKSTATION 7.0 BUILD 203739 WIN X86 X64\KEYGEN.EXE, En cuarentena, [0], [392686],1.0.11890
Generic.Malware/Suspicious, D:\ARCHIVOS RECUPERADOS DE PC\YEFRI\SOFTWARD\NEW FOLDER\DATOS GERENCIA\GINOPA\EMULADOR WINDOWS 98\VMWARE WORKSTATION 7.0 BUILD 203739 WIN X86 X64\KEYGEN.EXE, En cuarentena, [0], [392686],1.0.11890
MachineLearning/Anomalous.100%, D:\ARCHIVOS RECUPERADOS DE PC\YEFRI\SOFTWARD\NEW FOLDER\SOFTNYXGAME\LOVERITMOLS\LOVERITMO.EXE, En cuarentena, [0], [392687],1.0.11890
PUP.Optional.InstallCore, D:\ARCHIVOS RECUPERADOS DE PC\YEFRI\SOFTWARD\USERS\MIGUEL PAREDES\APPDATA\LOCAL\TEMP\UNINSTALLER.EXE.20130057, En cuarentena, [447], [81571],1.0.11890

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-08-05.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-06-2019
# Duration: 00:00:02
# OS:       Windows 7 Professional
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\AvastBrowserAutoLaunch_2F0BB4BBE6A0AA018E3876C94022C386

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1458 octets] - [06/08/2019 22:21:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

He realizado todo ello y aún esta esa ventana al iniciar la pc :shushing_face:

  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-08-2019 02
Ran by Test (administrator) on HOME-PC (ASUS All Series) (07-08-2019 13:05:27)
Running from C:\Users\Test\Downloads
Loaded Profiles: Test (Available Profiles: Danis 2 & Test)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORP.) C:\Windows\twain_32\escndv\escndv.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1077858803-3640473112-284975635-1003\...\Run: [strdat] => C:\Windows\system32\cmd.exe /c start C:\streamer\streamer.exe /AutoIt3ExecuteScript  "C:\streamer\stream.txt" & exit
HKU\S-1-5-21-1077858803-3640473112-284975635-1003\...\Run: [GoogleChromeAutoLaunch_E1D46C574EBA950FEDF46817FE573EFA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1555952 2019-07-12] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-15] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-08-25]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\Users\Danis 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar a OneNote.lnk [2019-07-07]
ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18E074D1-7637-451E-92AB-4932F3FEEC81} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2206352 2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {1D699391-5FF2-4963-A05A-A6537597E851} - System32\Tasks\AdobeAAMUpdater-1.0-HOME-PC-Danis 2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {2D780D65-C10D-4B77-A7CD-129C0AB67815} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-07-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {3274DE87-DE48-4713-B890-A2D7E54EC7A8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2206352 2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {3C26846A-DCBE-4C11-A558-F3C0837D9E27} - System32\Tasks\AdobeGCInvoker-1.0-HOME-PC-Test => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {7467EDF2-24EE-45DF-8957-CC084D268933} - System32\Tasks\AdobeGCInvoker-1.0-HOME-PC-Danis 2 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {7F5702B2-639E-4B32-A03D-A9B1868040E2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [154072 2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C5A3D92-59C6-48FE-8A35-2544FB488661} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2047368 2019-07-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {C9EB721C-09D5-40F5-83C2-C161E5876636} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {DEEAE7E2-2DCF-4346-A299-3B097B4432C2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [154072 2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0C852C6-5EDB-4DD2-B509-2AE1B1C76BAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-25] (Google Inc -> Google Inc.)
Task: {E5D090E6-0AC7-48E8-8514-B0D79D774E55} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {E5EAC7AE-A73A-48DD-9972-F4C99B274DF0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {F3A744AD-F49F-4DB2-A3C9-15588EA94F42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-25] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.48.225.146 200.48.225.130
Tcpip\..\Interfaces\{F7D1A095-F025-4716-A420-6879FFE2A269}: [DhcpNameServer] 200.48.225.146 200.48.225.130

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1077858803-3640473112-284975635-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-pe/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2010-11-23] (Google) [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)

Chrome: 
=======
CHR Profile: C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default [2019-08-07]
CHR Extension: (Presentaciones) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-05]
CHR Extension: (Documentos) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-05]
CHR Extension: (Google Drive) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2019-06-03]
CHR Extension: (Aesthetic Width) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blljhfopgephjiocmoddmjbpggogkfch [2018-09-29]
CHR Extension: (YouTube) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-05]
CHR Extension: (Steam Inventory Helper) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2019-06-28]
CHR Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-06-05]
CHR Extension: (Full Page Screen Capture) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2019-08-02]
CHR Extension: (Hojas de cálculo) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-05]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-05]
CHR Extension: (Avast Online Security) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-16]
CHR Extension: (Mejora de la interfaz Wattpad) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpedaoelggnhmcmpkjckffcngagcciol [2019-05-05]
CHR Extension: (Helium Backup) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpglbgbpeobllokpmeagpoagjbfknanl [2018-11-28]
CHR Extension: (Bloqueador de anuncios para Youtube ™) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2019-07-08]
CHR Extension: (Facebook Screen Sharing) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfpggehkhmjpdjpefomjchjafhmbnai [2019-06-01]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-05]
CHR Extension: (Gmail) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-07-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10287216 2019-07-25] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-07-06] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-12-10] (Intel Corporation - pGFX -> Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37320 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [209256 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [263224 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206056 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [61688 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [279336 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42504 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [168896 2019-07-31] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1030784 2019-07-31] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [477288 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [225816 2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [387688 2019-08-05] (AVAST Software s.r.o. -> AVAST Software)
R3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-08] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-07 13:05 - 2019-08-07 13:06 - 000022900 _____ C:\Users\Test\Downloads\FRST.txt
2019-08-07 13:02 - 2019-08-07 13:05 - 000000000 ____D C:\FRST
2019-08-07 12:59 - 2019-08-07 12:59 - 002096640 _____ (Farbar) C:\Users\Test\Downloads\FRST64.exe
2019-08-07 12:56 - 2019-08-07 12:56 - 000000000 ____D C:\Users\Test\AppData\Roaming\EPSON
2019-08-07 01:00 - 2019-08-07 01:00 - 039883210 _____ C:\Users\Test\Downloads\Sketching People Life Drawing Basics - Jeff Mellem.pdf
2019-08-07 00:17 - 2019-08-07 00:18 - 057827778 _____ C:\Users\Test\Downloads\Art of DOOM ( PDFDrive.com ).pdf
2019-08-07 00:10 - 2019-08-07 00:15 - 135671601 _____ C:\Users\Test\Downloads\The Art of the Last of Us.rar
2019-08-07 00:06 - 2019-08-07 00:15 - 248925340 _____ C:\Users\Test\Downloads\Julian Murdoch - The Art of BioShock Infinite - 2013.rar
2019-08-06 23:55 - 2019-08-07 00:04 - 250613183 _____ C:\Users\Test\Downloads\TheArtOfPreyArtbook2017.rar
2019-08-06 23:42 - 2019-08-06 23:47 - 132102541 _____ C:\Users\Test\Downloads\The Art of Wolfenstein II The New Colossus.rar
2019-08-06 23:41 - 2019-08-06 23:57 - 421431523 _____ C:\Users\Test\Downloads\Fallout 4 - Artbook.rar
2019-08-06 23:27 - 2019-08-06 23:31 - 106834902 _____ C:\Users\Test\Downloads\The World of the Witcher – Video Game Compendium.rar
2019-08-06 23:16 - 2019-08-06 23:22 - 165909020 _____ C:\Users\Test\Downloads\The Art of Battlefield 1.rar
2019-08-06 23:15 - 2019-08-06 23:16 - 023106235 _____ C:\Users\Test\Downloads\The Legend of Zelda Breath of the Wild  Master Works.rar
2019-08-06 13:29 - 2019-08-06 13:29 - 000000000 ____D C:\Users\Test\AppData\Local\mbamtray
2019-08-06 13:29 - 2019-08-06 13:29 - 000000000 ____D C:\Users\Test\AppData\Local\mbam
2019-08-03 17:06 - 2019-08-03 18:31 - 000000000 ____D C:\Users\Test\Downloads\Dra
2019-08-03 16:12 - 2019-08-07 12:46 - 000212992 _____ C:\Windows\system32\ClickToRun_Pipeline16
2019-08-03 16:09 - 2019-08-05 17:31 - 000000000 ____D C:\Users\Test\Desktop\ZDoom
2019-08-02 17:41 - 2019-08-02 19:09 - 000000000 ____D C:\Users\Test\AppData\Roaming\Deezloader Remix
2019-07-31 10:56 - 2019-07-31 10:56 - 000000000 ____D C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModManager
2019-07-31 10:28 - 2019-07-31 10:40 - 000000000 ____D C:\Users\Test\Documents\GTA San Andreas User Files
2019-07-31 10:28 - 2019-07-31 10:28 - 000000000 ____D C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2019-07-30 23:20 - 2019-07-30 23:38 - 000000000 ____D C:\Users\Test\AppData\Roaming\Adobe
2019-07-28 19:39 - 2019-07-28 19:39 - 000000000 ____D C:\Users\Test\AppData\Roaming\WinRAR
2019-07-27 18:27 - 2019-07-31 09:12 - 000000000 ____D C:\Users\Test\AppData\Roaming\AVAST Software
2019-07-23 20:49 - 2019-07-23 20:49 - 000051480 _____ C:\Users\Danis 2\Desktop\37694.pdf
2019-07-23 20:48 - 2019-07-23 20:48 - 000047279 _____ C:\Users\Danis 2\Desktop\37693.pdf
2019-07-19 23:19 - 2019-07-19 23:19 - 000109110 _____ C:\Users\Test\Downloads\BLUE BLOOD.patchwad
2019-07-12 20:26 - 2019-07-12 20:26 - 000000222 _____ C:\Users\Test\Desktop\BattleBlock Theater.url

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-07 12:54 - 2009-07-13 23:45 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-08-07 12:54 - 2009-07-13 23:45 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-08-07 12:48 - 2018-09-05 22:30 - 000000000 __SHD C:\Users\Test\IntelGraphicsProfiles
2019-08-07 12:46 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-08-06 23:59 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-08-06 22:51 - 2018-09-27 16:33 - 000003546 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-HOME-PC-Test
2019-08-06 22:35 - 2018-08-25 14:09 - 000003472 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-08-06 22:35 - 2018-08-25 14:09 - 000003344 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-08-06 22:30 - 2018-08-25 23:12 - 000000000 ____D C:\Program Files (x86)\Steam
2019-08-06 18:50 - 2018-08-25 22:40 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-08-06 12:50 - 2019-03-02 08:21 - 000000000 ____D C:\Windows\pss
2019-08-05 16:30 - 2018-08-26 16:31 - 000003504 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-HOME-PC-Danis 2
2019-08-05 16:30 - 2018-08-26 16:30 - 000003460 _____ C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-HOME-PC-Danis 2
2019-08-05 16:30 - 2018-08-25 22:40 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-08-05 15:41 - 2018-08-25 22:40 - 000387688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-08-03 16:14 - 2018-08-25 15:12 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-03 16:13 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-08-03 16:12 - 2018-08-25 15:10 - 000000000 ____D C:\Program Files\Microsoft Office
2019-08-02 19:09 - 2019-05-15 18:37 - 000000000 ___HD C:\Users\Test\AppData\Local\GeometryDash
2019-08-01 14:22 - 2018-08-25 14:07 - 000000000 __SHD C:\Users\Danis 2\IntelGraphicsProfiles
2019-07-31 10:53 - 2018-09-05 22:29 - 000000000 ____D C:\Users\Test\AppData\Local\VirtualStore
2019-07-31 09:12 - 2018-08-25 22:40 - 001030784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-07-31 09:11 - 2019-06-25 19:29 - 000168896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-07-30 23:41 - 2019-03-12 18:40 - 000000000 ____D C:\Users\Test\Desktop\ENd
2019-07-27 19:16 - 2018-09-05 22:29 - 000000000 ___HD C:\Users\Test
2019-07-21 22:20 - 2010-11-21 02:09 - 000746992 _____ C:\Windows\system32\perfh00A.dat
2019-07-21 22:20 - 2010-11-21 02:09 - 000158464 _____ C:\Windows\system32\perfc00A.dat
2019-07-21 22:20 - 2009-07-14 00:13 - 001675926 _____ C:\Windows\system32\PerfStringBackup.INI
2019-07-21 22:17 - 2019-04-27 15:41 - 000000000 ____D C:\Users\Test\Deezloader Music
2019-07-15 16:16 - 2018-08-25 14:10 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-15 16:16 - 2018-08-25 14:10 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-13 20:38 - 2018-10-04 16:12 - 000000000 ____D C:\Users\Test\Downloads\WhatsApp
2019-07-13 13:19 - 2018-10-23 16:23 - 000000000 ____D C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2019-07-11 23:40 - 2018-11-05 17:38 - 000000000 ____D C:\Users\Test\Documents\My Games
2019-07-11 15:11 - 2018-08-25 15:49 - 000000000 _RSHD C:\streamer

==================== Files in the root of some directories ================

2019-04-06 17:38 - 2019-02-05 17:38 - 000000032 ____R () C:\ProgramData\hash.dat
2018-10-19 18:05 - 2018-10-19 18:05 - 000000305 ____H () C:\Users\Test\mdatac.dat
2018-09-27 16:33 - 2018-09-27 16:33 - 000000000 ____H () C:\Users\Test\AppData\Local\oobelibMkey.log
2019-05-26 16:53 - 2019-05-26 16:53 - 000007597 ____H () C:\Users\Test\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-07-24 23:35
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-08-2019 02
Ran by Test (07-08-2019 13:06:28)
Running from C:\Users\Test\Downloads
Windows 7 Professional Service Pack 1 (X64) (2018-08-25 18:50:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1077858803-3640473112-284975635-500 - Administrator - Disabled)
Danis 2 (S-1-5-21-1077858803-3640473112-284975635-1000 - Administrator - Enabled) => C:\Users\Danis 2
HomeGroupUser$ (S-1-5-21-1077858803-3640473112-284975635-1002 - Limited - Enabled)
Invitado (S-1-5-21-1077858803-3640473112-284975635-501 - Limited - Disabled)
Test (S-1-5-21-1077858803-3640473112-284975635-1003 - Administrator - Enabled) => C:\Users\Test

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.1.435 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_6) (Version: 19.1.6 - Adobe Systems Incorporated)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 19.1.7734 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Deezloader Remix 4.2.0 (HKU\S-1-5-21-1077858803-3640473112-284975635-1003\...\5eed4b40-1ed5-51be-ab52-56cdb94a998f) (Version: 4.2.0 - RemixDevs)
Desinstalar impresora EPSON L355 Series (HKLM\...\EPSON L355 Series) (Version:  - SEIKO EPSON Corporation)
Download Navigator (HKLM-x32\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{79D0F056-39DE-4FDD-83FD-1554CE2C6443}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM-x32\...\EEPPPlugIn) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (HKLM-x32\...\{7B7044AE-6D1F-456D-B2BA-28BFFFAF3F71}) (Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Earth (HKLM-x32\...\{6DB7AD00-F781-11DF-9EEF-001279CD8240}) (Version: 6.0.0.1735 - Google)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4338 - Intel Corporation)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Profesional 2016 - es-es (HKLM\...\ProfessionalRetail - es-es) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7770 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-25] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Helium Backup.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=gpglbgbpeobllokpmeagpoagjbfknanl

==================== Loaded Modules (Whitelisted) ==============

2018-08-25 22:50 - 2016-09-12 15:53 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
2008-04-11 11:54 - 2008-04-11 11:54 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\MSVCR71.dll
2018-08-25 21:54 - 2011-08-30 13:38 - 000558080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2018-08-25 21:54 - 2011-08-01 18:24 - 000252416 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enpres.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2019-01-04 08:34 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-1077858803-3640473112-284975635-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Test\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.48.225.146 - 200.48.225.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: EpsonCustomerParticipation => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^Test^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Enviar a OneNote.lnk => C:\Windows\pss\Enviar a OneNote.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Test^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^supercpuchecker.js => C:\Windows\pss\supercpuchecker.js.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true                                                                                                                                                         
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Discord => C:\Users\Test\AppData\Local\Discord\app-0.0.301\Discord.exe
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"                                                                                                                                                                                                  
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: GoogleChromeAutoLaunch_E1D46C574EBA950FEDF46817FE573EFA => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"                                                                                                                                                                                                       

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{ED31EC32-EAB5-4184-9910-462FCE4E6053}] => (Allow) C:\Users\Danis 2\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1C73B98F-01C4-491D-92D0-4803E46D1E62}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe (Google) [File not signed]
FirewallRules: [UDP Query User{242A197F-9ADD-4132-B8AB-4984E49BA68E}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe (Google) [File not signed]
FirewallRules: [{4895A6FC-7105-4EE1-BD37-07A679BDA3C8}] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe (Google) [File not signed]
FirewallRules: [{0D540E2A-C83A-48E8-803D-1BB3EAE8B11E}] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe (Google) [File not signed]
FirewallRules: [{30B398DE-6913-4603-8A04-F0B454419994}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{396F86DE-D83D-439B-ADDE-D80D11F659B4}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{EDAD2DFB-E924-421A-A455-BF936ACF22BF}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{E4A3C1F0-BCB6-4507-BC58-C0B93BACDDED}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{A06A4927-0EEA-4BF9-B1F0-6269B0B070C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5E5CCFC1-D1A4-4777-A623-B280F4062F33}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{AB20AFB8-F694-49EE-94CE-76D9E4637776}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{7E3CB440-4E6D-4247-A3A5-D1354F9BB172}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{F8A75BEF-A776-4E33-9548-655864AFD47D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4AE271B0-B58E-4C9D-ABE4-8D592EBE9B47}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{7B3BDE9C-9E1F-4499-B525-E66F099C9802}C:\users\test\appdata\local\programs\deezloader remix\deezloader remix.exe] => (Allow) C:\users\test\appdata\local\programs\deezloader remix\deezloader remix.exe (RemixDevs) [File not signed]
FirewallRules: [UDP Query User{EDB5ED01-8610-4616-96DA-77665E77DE51}C:\users\test\appdata\local\programs\deezloader remix\deezloader remix.exe] => (Allow) C:\users\test\appdata\local\programs\deezloader remix\deezloader remix.exe (RemixDevs) [File not signed]
FirewallRules: [{E70CB5AD-E606-4F27-B9D0-59A5D9F78B6B}] => (Allow) D:\SteamLibrary\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox ) [File not signed]
FirewallRules: [{41F6A43A-E492-4B9A-87B4-782D3941E8EB}] => (Allow) D:\SteamLibrary\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox ) [File not signed]
FirewallRules: [{98B98BD8-566B-40E1-87CB-A2867F361A73}] => (Allow) D:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{F9DAE603-02D8-4323-80E9-632AD590B1D6}] => (Allow) D:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{4C3097F9-3DD5-4BFB-BA63-C4C3171A5DBF}] => (Allow) D:\SteamLibrary\steamapps\common\Geometry Dash\GeometryDash.exe () [File not signed]
FirewallRules: [{6D2A22B4-2B73-4561-8AED-B30217653A10}] => (Allow) D:\SteamLibrary\steamapps\common\Geometry Dash\GeometryDash.exe () [File not signed]
FirewallRules: [{E4509BC7-40EF-4A99-B695-BC55AA04308E}] => (Allow) D:\SteamLibrary\steamapps\common\The Red Strings Club\TRSC2017.exe ( ) [File not signed]
FirewallRules: [{BF4F8ECD-972E-47E2-AE08-D5FF439C790E}] => (Allow) D:\SteamLibrary\steamapps\common\The Red Strings Club\TRSC2017.exe ( ) [File not signed]
FirewallRules: [{4C1A264E-72E6-4B8A-91DC-B03D0AA7DEAB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6F529303-FB18-431A-95F6-BE3F38123E2F}] => (Allow) D:\SteamLibrary\steamapps\common\Hotline Miami 2\HotlineMiami2.exe () [File not signed]
FirewallRules: [{D60C3ADB-3285-4257-9970-223AEE5D7137}] => (Allow) D:\SteamLibrary\steamapps\common\Hotline Miami 2\HotlineMiami2.exe () [File not signed]
FirewallRules: [{DAAD63B2-8AE0-4BFF-BED1-0CB09649C8B6}] => (Allow) D:\SteamLibrary\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe () [File not signed]
FirewallRules: [{88329C9B-0151-4C22-AB44-1AED0AA536B3}] => (Allow) D:\SteamLibrary\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe () [File not signed]
FirewallRules: [{4938D0B3-CD04-4B3D-9B9B-C7A352312600}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{7E8701AB-9977-4AC0-B16A-EC044125482B}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout Shelter\FalloutShelter.exe () [File not signed]
FirewallRules: [{F24E8214-E642-4010-BAF0-F6040A8B12FB}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout Shelter\FalloutShelter.exe () [File not signed]

==================== Restore Points =========================

30-07-2019 21:39:59 Punto de control programado

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/06/2019 11:59:16 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: El servicio Windows Search no pudo procesar la lista de ubicaciones incluidas y excluidas. Error: <30, 0x80040d07, "iehistory://{S-1-5-21-1077858803-3640473112-284975635-1003}/">.

Error: (08/06/2019 10:30:30 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: El servicio Windows Search no pudo procesar la lista de ubicaciones incluidas y excluidas. Error: <30, 0x80040d07, "iehistory://{S-1-5-21-1077858803-3640473112-284975635-1003}/">.

Error: (07/27/2019 07:17:05 PM) (Source: MsiInstaller) (EventID: 11720) (User: HOME-PC)
Description: Producto: NVIDIA PhysX -- Error 1720. Hay un problema con este paquete de Windows Installer. No se puede ejecutar un script necesario para que esta instalación se complete. Póngase en contacto con el personal de soporte técnico o el proveedor del paquete.  Acción personalizada Add64Bit_Reg error de secuencia de comandos -2147024770, :  Línea 71, Columna 5,

Error: (07/13/2019 01:16:26 PM) (Source: EPCP) (EventID: 23) (User: )
Description: Event-ID 23

Error: (07/12/2019 12:04:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa UNKNOWN, versión 0.0.0.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 1038

Hora de inicio: 01d5386ea7ebc67a

Hora de finalización: 5

Ruta de acceso de la aplicación: UNKNOWN

Identificador de informe: 82960e3d-a462-11e9-9b90-10c37b50fa6b

Error: (07/11/2019 11:44:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa UNKNOWN, versión 0.0.0.0, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 560

Hora de inicio: 01d5386bf5744171

Hora de finalización: 4

Ruta de acceso de la aplicación: UNKNOWN

Identificador de informe: a8db4d47-a45f-11e9-9b90-10c37b50fa6b

Error: (06/30/2019 11:16:03 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: HOME-PC)
Description: No se pudo cerrar la aplicación o el servicio 'Send to OneNote Tool'.

Error: (06/21/2019 02:01:18 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: El servicio Windows Search no pudo procesar la lista de ubicaciones incluidas y excluidas. Error: <30, 0x80040d07, "iehistory://{S-1-5-21-1077858803-3640473112-284975635-1003}/">.


System errors:
=============
Error: (08/06/2019 10:22:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (08/06/2019 10:22:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Protección de software terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (08/06/2019 10:22:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Adaptador de rendimiento de WMI terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (08/06/2019 10:22:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Presentation Foundation Font Cache 3.0.0.0 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (08/06/2019 10:22:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio Hacer clic y ejecutar de Microsoft Office terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (08/06/2019 10:22:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Adobe Genuine Software Integrity Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (08/06/2019 10:22:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio ABBYY FineReader 9.0 Sprint Licensing Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (08/06/2019 10:22:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Adobe Genuine Monitor Service se terminó de manera inesperada. Esto ha sucedido 1 veces.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. 0803 04/15/2014
Motherboard: ASUSTeK COMPUTER INC. H81M-K
Processor: Intel(R) Pentium(R) CPU G3220 @ 3.00GHz
Percentage of memory in use: 92%
Total physical RAM: 3968.39 MB
Available physical RAM: 295.76 MB
Total Virtual: 7934.93 MB
Available Virtual: 3594.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:390.53 GB) (Free:310.51 GB) NTFS
Drive d: (Disco local) (Fixed) (Total:540.89 GB) (Free:456.26 GB) NTFS

\\?\Volume{e3c995c4-a896-11e8-994e-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 4C55CAA0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=540.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Primeramente corta y pega Frst.exe en el escritorio, pues se indicaba muy remarcado que se ejecutase desde ahi y no desde:

Running from C:\Users\Test\Downloads

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-1077858803-3640473112-284975635-1003\...\Run: [strdat] => C:\Windows\system32\cmd.exe /c start C:\streamer\streamer.exe /AutoIt3ExecuteScript  "C:\streamer\stream.txt" & exit
C:\streamer\streamer.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Helium Backup.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=gpglbgbpeobllokpmeagpoagjbfknanl


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows. (Usa el Metodo 1 y si no puedes, usa el Metodo 2)

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el pc

1 me gusta

Muchas gracias!! :star_struck: ya no sale más esa incómoda ventana… Por cierto el problema se trataba de un virus? o que sucedía… :thinking: ?

Pdt: todos los archivos usados los guardo? o ya no serán útiles.

Pega el log último con el resultado que te pedí, para comprobar y después de darle las indicaciones finales

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-08-2019 02
Ran by Test (07-08-2019 14:06:51) Run:1
Running from C:\Users\Test\Desktop
Loaded Profiles: Test (Available Profiles: Danis 2 & Test)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-1077858803-3640473112-284975635-1003\...\Run: [strdat] => C:\Windows\system32\cmd.exe /c start C:\streamer\streamer.exe /AutoIt3ExecuteScript  "C:\streamer\stream.txt" & exit
C:\streamer\streamer.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Helium Backup.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=gpglbgbpeobllokpmeagpoagjbfknanl


HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKU\S-1-5-21-1077858803-3640473112-284975635-1003\Software\Microsoft\Windows\CurrentVersion\Run\\strdat" => removed successfully
C:\streamer\streamer.exe => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
"HKU\\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKU\\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKU\\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\AIMP => removed successfully
HKLM\Software\Classes\CLSID\{1F77B17B-F531-44DB-ACA4-76ABB5010A28} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Helium Backup.lnk => Shortcut argument removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1077858803-3640473112-284975635-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1077858803-3640473112-284975635-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local 3 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local 2 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Conexi¢n de  rea local 3:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Conexi¢n de  rea local 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : hitronhub.home
   V¡nculo: direcci¢n IPv6 local. . . : fe80::448a:742a:82a8:b9e4%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.7
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

Adaptador de t£nel isatap.{B06BB3BD-3FE8-4A41-9643-2A26F30F1A44}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.hitronhub.home:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23579720 B
Java, Flash, Steam htmlcache => 375362042 B
Windows/system/drivers => 678283 B
Edge => 0 B
Chrome => 407655304 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 66228 B
Danis 2 => 186992143 B
Test => 270193465 B

RecycleBin => 67529 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:07:59 ====

Para eliminar las herramientas usadas en la desinfección, realizas:

  • Descargas y Ejecutas >> Delfix, en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)

  • Marca solamente la casilla Remove disinfection tools

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.


Me alegro de haberte podido ayudar! :+1:


TEMA SOLUCIONADO

Este tema se cerró automáticamente 2 días después del último post. No se permiten nuevas respuestas.