Keygen.exe cada vez que arranca mi PC

Buenas tardes Noté mi PC más lenta e instalé Malwarebites y puso en cuarentena un archivo “Keygen.exe” RiskWare.Tool.CK, pero cada vez que inicio mi PC lo detecta y lo vuelve a poner en cuarentena, es decir otro archivo lo genera nuevamente. La PC Windows 7 Profesional Service Pack 1 Procesador Core i5-4460 Ram 16 Antivirus ESET Agradezco de antemano sus amables sugerencias Luis

Hola @Luis2608 bienvenido al foro

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

  • Realiza un Análisis de amenazas, actualizando si te lo pide.
  • Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
  • En el apartado del manual Informes :arrow_forward: Informe de análisis encontrarás el reporte de MBAM, clic en Exportar :arrow_forward: Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

  • Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus.
  • Cierra también todos los programas que tengas abiertos.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
  • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

  • Instala Ccleaner
  • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine :arrow_forward: clic en ejecutar limpiador
  • Clic en la pestaña Registro :arrow_forward: clic en buscar problemas esperas que termine :arrow_forward: clic en Reparar Seleccionadas y haces una copia de seguridad
  • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

Un saludo

Hola Daniela Muy gentil en ayudarme y ante todo muchas gracias.

Pasé todos los programas pero el “keygen.exe” persiste en cada arranque y el Mbam lo envía a cuarentena

Reporte Mbam

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 29/4/19
Hora del análisis: 16:52
Archivo de registro: 227b5c64-6ac9-11e9-87a0-fcaa1437f3b7.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.10392
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: Microsoft_Corp\Usuario

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 268830
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 2 min, 17 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)

(end)

Reporte Adwcleaner

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-29-2019
# Duration: 00:00:01
# OS:       Windows 7 Professional
# Cleaned:  5
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Softonic ES
Deleted       Softonic ES
Deleted       Softonic ES
Deleted       Softonic ES
Deleted       Softonic ES
Not Deleted   Softonic ES

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1492 octets] - [29/04/2019 17:01:36]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Hola

El reporte de Malwarebyte sale ya limpio, no lo ha detectado.

Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1]:arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo

Hola Daniela Una disculpa, pegué el informe Malwarebites después de haber eliminado el archivo de cuarentena Aquí está el archivo después del reinicio de la PC

Malwarebytes www.malwarebytes.com

-Detalles del registro- Fecha del evento de protección: 27/4/19 Hora del evento de protección: 14:05 Archivo de registro: 774e1264-691f-11e9-90aa-fcaa1437f3b7.json

-Información del software- Versión: 3.7.1.2839 Versión de los componentes: 1.0.563 Versión del paquete de actualización: 1.0.10360 Licencia: Prueba

-Información del sistema- SO: Windows 7 Service Pack 1 CPU: x64 Sistema de archivos: NTFS Usuario: System

-Detalles del malware bloqueado- Archivo: 1 RiskWare.Tool.CK, C:\Windows\Keygen.exe, En cuarentena, [5730], [25649],1.0.10360

(end)

El archivo FRST de Farbar

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.04.2019
Ran by Usuario (administrator) on MICROSOFT_CORP (Gigabyte Technology Co., Ltd. H97M-DS3P) (29-04-2019 17:44:36)
Running from C:\Users\Usuario\Malware desinfeccion
Loaded Profiles: Usuario (Available Profiles: Usuario)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\SICAR\MySQL\MySQL Server 5.5\bin\mysqld.exe
(Adobe Systems Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\Illustrator.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CyberLink -> ) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Firebird Project) [File not signed] C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Firebird Project) [File not signed] C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(nppsoft.com) [File not signed] C:\AgendaNpp\agenda.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1087960 2014-03-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478752 2012-12-18] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\Run: [AgendaNpp] => C:\AgendaNpp\agenda.exe [1967616 2015-10-26] (nppsoft.com) [File not signed]
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\MountPoints2: {7636147a-0ee7-11e9-87ed-fcaa1437f3b7} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\MountPoints2: {8b6065ce-0e4d-11e6-b14a-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\MountPoints2: {f4914647-d58b-11e5-90a8-806e6f6e6963} - D:\Run.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.108\Installer\chrmstp.exe [2019-04-24] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Lsa: [Notification Packages] 

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0528CB3B-BC44-4BFA-BAEC-60504A86D73F} - System32\Tasks\{A3123D0B-2AE3-4746-A8F6-4ACE9C199E36} => C:\Windows\system32\pcalua.exe -a "C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDWIKJ0N\Active.exe" -d C:\Users\Usuario\Desktop
Task: {07C363C2-2F41-4A83-AE46-2991AF109C2C} - System32\Tasks\{8A970E18-264A-4229-A05A-E3CFBFEC25A9} => F:\GRANDMA.EXE
Task: {162AECE5-BAF4-4689-8B61-8686BF31E788} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [472576 2017-07-09] (Microsoft) [File not signed]
Task: {19F39F46-EFFA-460D-80C6-8025428C3F2F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1DFFE5C1-C9F2-4DE6-B158-BB6C348BDB6C} - System32\Tasks\{812D7BBE-E7DA-4170-968A-6484D28CD6B2} => C:\Windows\system32\pcalua.exe -a C:\Users\Usuario\Downloads\intelactivemonitor.exe -d C:\Users\Usuario\Downloads
Task: {61B31947-557D-40A6-9CD9-4479AE83A483} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269504 2016-02-17] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {6B454244-79BE-4170-9B84-CD8C59B4EB72} - System32\Tasks\{4EBD2889-12CD-40BE-B18F-796DB58EC4B2} => C:\Program Files (x86)\yvReminder\yvReminder.exe
Task: {9A4115F1-ADB2-4524-8859-1D2B54FE9C56} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2016-02-17] (Google Inc -> Google Inc.)
Task: {A6AD940E-D41D-408B-BFD8-7F4B65A6EFC5} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [744968 2019-03-01] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {A72319AF-F06D-4248-8BF5-0E0AB1C1FA6F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {B5B0C172-786E-48C4-8286-842067D0A01E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2016-02-17] (Google Inc -> Google Inc.)
Task: {D3EEC758-52AB-4CC1-9906-66058773D43C} - System32\Tasks\{7ABAE798-2CCC-4C32-B088-A1A1E39B2FC0} => C:\Windows\system32\pcalua.exe -a C:\Windows\SysWOW64\bdeadmin.cpl -c BDE Administrator
Task: {F9CE51A5-4937-4C89-A379-D2F1A77BAB99} - System32\Tasks\{83D11E85-B005-49B6-ACB1-8F17BC1C8BF4} => F:\GRANDMA.EXE
Task: {FD7BF1F1-C1A5-434E-B674-F4B7A10F4FF4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{0D447432-18CB-4BC0-B444-14CB6C93DF1A}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{DE70B29A-1588-45A1-97DD-CA05B6DD80F8}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-mx/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]

FireFox:
========
FF DefaultProfile: vxur9at4.default
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vxur9at4.default [2019-04-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-03-04] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2013-02-15] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2016-11-18] () [File not signed]
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2017-02-26] () [File not signed]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2019-04-29]
CHR Extension: (Presentaciones) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-28]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-28]
CHR Extension: (Búsqueda de Google) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-28]
CHR Extension: (Hojas de cálculo) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (The QR Code Generator) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2016-08-13]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]
CHR Extension: (Lector de facturas mexicanas XML) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\injbcedkhbdclbdfemgchphcdnkdkbng [2017-08-10]
CHR Extension: ( Calculadora de energía solar) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldpemlidphjhodmnkigeefcggbbpalkh [2016-08-13]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-25]
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc. -> Apple Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-08-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2794224 2018-07-29] (ESET, spol. s r.o. -> ESET)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation - pGFX -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG -> Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-13] (CyberLink -> )
R2 sMySQL; C:\Program Files (x86)\SICAR\MySQL\MySQL Server 5.5\bin\mysqld.exe [8142848 2011-11-01] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665240 2019-02-26] (TeamViewer GmbH -> TeamViewer GmbH)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-01-05] (McAfee, Inc. -> McAfee, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-01-19] (Microsoft Windows -> Microsoft Corporation)
S2 InstallerService;  [X]
S3 TrueKeyServiceHelper;  [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation -> Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [267304 2018-07-29] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [200360 2018-07-29] (ESET, spol. s r.o. -> ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [184184 2018-07-29] (ESET, spol. s r.o. -> ESET)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [181160 2016-11-15] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-04-26] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-04-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73912 2019-04-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-04-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [104784 2019-04-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2013-07-28] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-10-13] (NVIDIA Corporation -> NVIDIA Corporation)
R3 PciPPorts; C:\Windows\System32\DRIVERS\PciPPorts.sys [96768 2016-02-17] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2011-04-08] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-29 17:44 - 2019-04-29 17:44 - 000000000 ____D C:\FRST
2019-04-29 17:43 - 2019-04-29 17:43 - 002429952 _____ (Farbar) C:\Users\Usuario\Downloads\FRST64.exe
2019-04-29 17:18 - 2019-04-29 17:18 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-04-29 17:18 - 2019-04-29 17:18 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-04-29 17:18 - 2019-04-29 17:18 - 000104784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-04-29 17:18 - 2019-04-29 17:18 - 000073912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-04-29 17:11 - 2019-04-29 17:11 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-04-29 17:11 - 2019-04-29 17:11 - 000002824 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-04-29 17:11 - 2019-04-29 17:11 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-04-29 17:11 - 2019-04-29 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-04-29 16:47 - 2019-04-29 16:47 - 063143280 _____ (Malwarebytes ) C:\Users\Usuario\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.586-1.0.10384.exe
2019-04-29 16:46 - 2019-04-29 16:46 - 021254208 _____ (Piriform Software Ltd) C:\Users\Usuario\Downloads\ccsetup556.exe
2019-04-29 16:40 - 2019-04-29 16:40 - 007025360 _____ (Malwarebytes) C:\Users\Usuario\Downloads\adwcleaner_7.3.exe
2019-04-29 15:12 - 2019-04-29 17:44 - 000000000 ____D C:\Users\Usuario\Malware desinfeccion
2019-04-29 15:12 - 2019-04-29 15:13 - 000001914 _____ C:\Users\Usuario\Desktop\Rkill.txt
2019-04-29 15:12 - 2019-04-29 15:12 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Usuario\Downloads\iExplore (1).exe
2019-04-26 17:59 - 2019-04-26 17:59 - 007666296 _____ (ESET spol. s r.o.) C:\Users\Usuario\Downloads\esetonlinescanner_esl.exe
2019-04-26 17:46 - 2019-04-26 18:10 - 000298198 _____ C:\Windows\ntbtlog.txt
2019-04-25 20:50 - 2019-04-25 20:50 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbam
2019-04-25 20:49 - 2019-04-26 17:46 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-04-25 20:49 - 2019-04-25 20:49 - 062917248 _____ (Malwarebytes ) C:\Users\Usuario\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10330.exe
2019-04-25 20:49 - 2019-04-25 20:49 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-04-25 20:49 - 2019-04-25 20:49 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbamtray
2019-04-25 20:49 - 2019-04-25 20:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-25 20:49 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-04-25 20:43 - 2019-04-25 20:43 - 000001594 _____ C:\Users\Usuario\Documents\cc_20190425_204315.reg
2019-04-21 16:21 - 2019-04-21 16:21 - 000313426 _____ C:\Users\Usuario\Downloads\139140602670 (17).pdf
2019-04-21 16:10 - 2019-04-21 16:10 - 000282160 _____ C:\Windows\Minidump\042119-6973-01.dmp
2019-04-20 18:12 - 2019-04-20 18:20 - 305054317 _____ C:\Users\Usuario\Downloads\Living Books.zip
2019-04-20 18:08 - 2019-04-25 20:31 - 000002912 _____ C:\Windows\System32\Tasks\{8A970E18-264A-4229-A05A-E3CFBFEC25A9}
2019-04-20 18:08 - 2019-04-25 20:31 - 000002912 _____ C:\Windows\System32\Tasks\{83D11E85-B005-49B6-ACB1-8F17BC1C8BF4}
2019-04-20 18:06 - 2019-04-20 18:06 - 000000000 ____D C:\Users\Usuario\Documents\CyberLink
2019-04-20 18:06 - 2019-04-20 18:06 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\CyberLink
2019-04-20 18:06 - 2019-04-20 18:06 - 000000000 ____D C:\ProgramData\CyberLink
2019-04-20 11:07 - 2019-04-20 11:07 - 000313427 _____ C:\Users\Usuario\Downloads\139140602670 (16).pdf
2019-04-17 16:31 - 2019-04-17 16:31 - 000105205 _____ C:\Users\Usuario\Downloads\anime-ace-2-0-bb.zip
2019-04-17 16:29 - 2019-04-17 16:29 - 000018408 _____ C:\Users\Usuario\Downloads\AnimeAce2-0BB-Bold.zip
2019-04-17 13:35 - 2019-04-17 13:35 - 011723967 _____ C:\Users\Usuario\Downloads\wetransfer-cc8654.zip
2019-04-16 14:02 - 2019-04-16 14:02 - 038730857 _____ C:\Users\Usuario\Downloads\wetransfer-02a3c1.zip
2019-04-15 15:25 - 2019-04-15 15:25 - 000005260 _____ C:\Users\Usuario\Documents\cc_20190415_152526.reg
2019-04-13 12:52 - 2019-04-13 12:53 - 308367708 _____ C:\Users\Usuario\Downloads\wetransfer-c606e5.zip
2019-04-10 16:56 - 2019-04-10 16:56 - 058035178 _____ C:\Users\Usuario\Downloads\wetransfer-653c47.zip
2019-04-08 09:53 - 2019-04-08 09:53 - 000097476 _____ C:\Users\Usuario\Downloads\Statement_Mar 2019.pdf
2019-04-08 09:52 - 2019-04-08 09:52 - 000424033 _____ C:\Users\Usuario\Downloads\Statement_Apr 2019.pdf
2019-04-07 16:04 - 2019-04-07 16:04 - 000313425 _____ C:\Users\Usuario\Downloads\139140602670 (15).pdf
2019-04-07 13:21 - 2019-04-07 13:21 - 000313426 _____ C:\Users\Usuario\Downloads\139140602670 (14).pdf
2019-04-06 20:15 - 2019-04-06 20:15 - 038736405 _____ C:\Users\Usuario\Downloads\Chente 200x250.pdf
2019-04-05 12:12 - 2019-04-05 12:12 - 055841139 _____ C:\Users\Usuario\Downloads\wetransfer-4a4dfa.zip
2019-04-04 11:40 - 2019-04-04 11:40 - 140910789 _____ C:\Users\Usuario\Downloads\615X724--60--1000REVISTAS COUCHE 150G LAMINADO BRILLANTE TODO.ai
2019-04-02 01:40 - 2019-04-02 01:40 - 000718648 _____ C:\Users\Usuario\Downloads\vinil sobre foamboard1.pdf
2019-04-01 16:46 - 2019-04-01 16:46 - 000118737 _____ C:\Users\Usuario\Downloads\Reporte_Estado_De_Pago (11).pdf
2019-04-01 16:44 - 2019-04-01 16:44 - 000131390 _____ C:\Users\Usuario\Downloads\Reporte_Estado_De_Pago (10).pdf
2019-03-31 13:31 - 2019-03-31 13:31 - 000313968 _____ C:\Users\Usuario\Downloads\771101203839 (19).pdf
2019-03-31 00:19 - 2019-03-31 00:20 - 686637605 _____ C:\Users\Usuario\Downloads\wetransfer-eee4e7.rar
2019-03-30 17:56 - 2019-03-30 17:56 - 182937248 _____ C:\Users\Usuario\Downloads\wetransfer-eee4e7 (1).zip
2019-03-30 17:54 - 2019-03-30 17:55 - 182937248 _____ C:\Users\Usuario\Downloads\wetransfer-eee4e7.zip
2019-03-30 17:36 - 2019-03-30 17:36 - 000282160 _____ C:\Windows\Minidump\033019-5179-01.dmp

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-29 17:26 - 2009-07-13 23:45 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-29 17:26 - 2009-07-13 23:45 - 000021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-29 17:18 - 2016-03-02 14:03 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-04-29 17:18 - 2016-02-17 23:51 - 000000000 ____D C:\ProgramData\NVIDIA
2019-04-29 17:18 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-29 17:13 - 2016-03-02 14:03 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\TeamViewer
2019-04-29 17:13 - 2011-04-12 04:10 - 018201904 _____ C:\Windows\system32\perfh00A.dat
2019-04-29 17:13 - 2011-04-12 04:10 - 005968600 _____ C:\Windows\system32\perfc00A.dat
2019-04-29 17:13 - 2009-07-14 00:13 - 000006228 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-29 17:11 - 2016-02-19 20:20 - 000000000 ____D C:\Program Files\CCleaner
2019-04-29 17:01 - 2016-03-04 19:49 - 000000000 ____D C:\AdwCleaner
2019-04-29 15:12 - 2016-02-17 22:38 - 000000000 ____D C:\Users\Usuario
2019-04-26 18:00 - 2018-12-07 10:49 - 000000000 ____D C:\Users\Usuario\AppData\Local\ESET
2019-04-25 20:49 - 2016-03-05 12:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-25 20:13 - 2016-02-17 23:23 - 000000000 __SHD C:\Users\Usuario\IntelGraphicsProfiles
2019-04-25 20:04 - 2017-07-25 22:53 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2019-04-24 18:43 - 2016-02-17 23:39 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-24 18:43 - 2016-02-17 23:39 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-21 16:10 - 2017-12-09 23:28 - 894618154 _____ C:\Windows\MEMORY.DMP
2019-04-21 16:10 - 2016-03-02 16:58 - 000000000 ____D C:\Windows\Minidump
2019-04-21 16:10 - 2009-07-13 23:45 - 005677304 _____ C:\Windows\system32\FNTCACHE.DAT
2019-04-20 18:06 - 2016-02-17 22:50 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2019-04-18 11:12 - 2016-02-28 00:34 - 000169752 _____ C:\Users\Usuario\AppData\Local\GDIPFONTCACHEV1.DAT
2019-04-16 14:30 - 2016-02-24 23:59 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\FileZilla
2019-04-07 13:22 - 2016-03-02 14:26 - 000000068 _____ C:\Users\Usuario\Documents\gpfax.adr
2019-04-02 16:43 - 2016-08-18 16:44 - 000000000 ____D C:\Users\Usuario\Documents\Archivos de Outlook
2019-03-30 17:36 - 2016-11-18 16:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-03-30 17:36 - 2016-02-19 00:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2019-02-07 13:20 - 2019-02-07 13:20 - 000000132 _____ () C:\Users\Usuario\AppData\Roaming\Prefs. de filtro IllExport de Adobe CS6
2016-04-15 12:18 - 2018-01-04 18:55 - 000000132 _____ () C:\Users\Usuario\AppData\Roaming\Prefs. de formato BMP de Adobe CS6
2016-03-03 18:42 - 2017-02-08 16:29 - 000000132 _____ () C:\Users\Usuario\AppData\Roaming\Prefs. de formato GIF de Adobe CS6
2016-12-22 14:54 - 2019-03-26 13:39 - 000000132 _____ () C:\Users\Usuario\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2016-03-02 23:12 - 2018-09-20 18:30 - 000001456 _____ () C:\Users\Usuario\AppData\Local\Adobe Guardar para Web 13.0 Prefs
2018-12-08 19:56 - 2018-12-08 19:56 - 000003584 _____ () C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-05 20:14 - 2018-06-11 09:50 - 000007629 _____ () C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
2016-04-06 12:10 - 2016-04-06 12:10 - 000000000 _____ () C:\Users\Usuario\AppData\Local\{0ACB6476-C936-4CE6-B3A8-2EC31A6CFE4E}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-04-23 00:01
==================== End of FRST.txt ============================

Y el Addittion

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.04.2019
Ran by Usuario (29-04-2019 17:45:21)
Running from C:\Users\Usuario\Malware desinfeccion
Windows 7 Professional Service Pack 1 (X64) (2016-02-18 03:38:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2117271867-4276607553-1121630274-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2117271867-4276607553-1121630274-1002 - Limited - Enabled)
Invitado (S-1-5-21-2117271867-4276607553-1121630274-501 - Limited - Enabled)
Usuario (S-1-5-21-2117271867-4276607553-1121630274-1000 - Administrator - Enabled) => C:\Users\Usuario

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET NOD32 Antivirus (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actualización de NVIDIA 17.12.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 17.12.8 - NVIDIA Corporation) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.02 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
AgendaNpp (HKLM-x32\...\{907FC027-FA18-4BE1-9153-63E6E8B1BD32}_is1) (Version:  - www.nppsoft.com)
Apple Application Support (32 bits) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.36.1601 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon D1100 Series (HKLM\...\{44457AA8-E4D1-4c61-A575-4EF39D9FBDC8}) (Version:  - )
Canon MF Toolbox 4.9.1.1.mf17 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.)
CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)
CMS2000 version 1.0 (HKLM-x32\...\CMS2000_is1) (Version: 1.0 - )
Corel Uninstaller (HKLM-x32\...\Corel Uninstaller) (Version:  - )
DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
ESET NOD32 Antivirus (HKLM\...\{3FA0C8FD-AC18-4031-907A-79FBA69F1899}) (Version: 9.0.318.20 - ESET, spol. s r.o.)
Firebird 2.5.0.26074 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version:  - Firebird Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.108 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.12.108.1 - Intel Security)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
LABEL MATRIX 8.20.00 (HKLM-x32\...\{26EC51DB-5C69-42E5-9DFD-61E30052AE1C}) (Version: 8.20.00 - Teklynx International)
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.14044.0 - Linksys LLC)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
MosChip PCI Multi-IO Controller (HKLM\...\MosChip Semiconductor Technology Ltd) (Version:  - )
Mozilla Firefox 60.0.2 (x64 es-ES) (HKLM\...\Mozilla Firefox 60.0.2 (x64 es-ES)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.6.1.7023 - Mozilla)
Mozilla Thunderbird 60.6.1 (x86 es-ES) (HKLM-x32\...\Mozilla Thunderbird 60.6.1 (x86 es-ES)) (Version: 60.6.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{1596098A-FCEC-48F0-B7C7-08A31B771033}) (Version: 7.03.0918 - Nero AG)
NetSurveillance (HKLM-x32\...\NetSurveillance) (Version:  - )
NVIDIA Controlador de 3D Vision 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Panel de control de NVIDIA 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 341.92 - NVIDIA Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.a - CyberLink Corporation)
PowerProducer (HKLM-x32\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
Recuerda Cumpleaños (HKLM-x32\...\{BFF46BAC-C197-4414-B075-9EBEC7C4946A}) (Version: 1.0.0 - Nombre predeterminado de la compañía)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SICAR (HKLM-x32\...\{434A8893-CB3F-451D-8563-9E2E6E6317DA}_is1) (Version: 3.0 - Ahora Resulta SA de CV)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel(R) Corporation) Hidden
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.18533 - TeamViewer)
Visualizador de Facturas (HKLM-x32\...\{1941665A-046A-4829-832A-089ED0352E6D}) (Version: 2.2.0.0 - Soporte Proscai SC)
WinOrganizer (HKLM-x32\...\WinOrganizer) (Version: 4.2 (Build 1581) - )
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2117271867-4276607553-1121630274-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6718864 2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4220304 2011-02-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [Cover Designer] -> [CC]{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} =>  -> No File
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2018-07-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers1-x32: [VersionsMenu] -> {03170921-4754-11cf-AB9A-00C0F00683EB} => C:\COREL\Versions\CVersion.dll [1997-11-03] (Corel Corporation Limited) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2018-07-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2015-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-10-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2018-07-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6-x32: [VersionsMenu] -> {03170921-4754-11cf-AB9A-00C0F00683EB} => C:\COREL\Versions\CVersion.dll [1997-11-03] (Corel Corporation Limited) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2010-09-17 13:14 - 2010-09-17 13:14 - 000098304 _____ (Firebird Project) [File not signed] C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
2012-09-23 12:44 - 2012-09-23 12:44 - 000010240 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\es_es\Acrobat Elements\ContextMenuShim64.esp
2018-01-11 17:56 - 2011-11-01 12:29 - 008142848 _____ () [File not signed] C:\Program Files (x86)\SICAR\MySQL\MySQL Server 5.5\bin\mysqld.exe
2010-09-17 13:14 - 2010-09-17 13:14 - 003735552 _____ (Firebird Project) [File not signed] C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
2018-12-24 11:03 - 2015-10-26 21:44 - 001967616 _____ (nppsoft.com) [File not signed] C:\AgendaNpp\agenda.exe
2012-12-18 14:09 - 2012-12-18 14:09 - 000133120 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Locale\es_es\PDFMaker\PDFMOfficeAddin.ESP
2009-11-09 15:27 - 2009-11-09 15:27 - 002259968 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Microsoft Office\OFFICE14\PROOF\3082\MSGR3ES.DLL
2009-11-09 15:27 - 2009-11-09 15:27 - 005339136 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Microsoft Office\OFFICE14\PROOF\1033\MSGR3EN.DLL
2010-09-17 13:13 - 2010-09-17 13:13 - 000548864 _____ (Firebird Project) [File not signed] C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbclient.dll
2010-09-17 12:56 - 2010-09-17 12:56 - 000675840 _____ (IBM Corporation and others) [File not signed] C:\Program Files (x86)\Firebird\Firebird_2_5\bin\icuuc30.dll
2010-09-17 12:56 - 2010-09-17 12:56 - 001568768 _____ (IBM Corporation and others) [File not signed] C:\Program Files (x86)\Firebird\Firebird_2_5\bin\icudt30.dll
2018-12-24 11:03 - 2009-07-22 19:33 - 002752512 _____ (Firebird Project) [File not signed] C:\AgendaNpp\gds32.dll
2018-12-24 11:03 - 2009-07-22 19:13 - 000675840 _____ (IBM Corporation and others) [File not signed] C:\AgendaNpp\icuuc30.dll
2018-12-24 11:03 - 2009-07-22 19:15 - 001339392 _____ (IBM Corporation and others) [File not signed] C:\AgendaNpp\icudt30.dll
2016-02-17 23:17 - 2014-02-21 00:56 - 000074240 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2012-09-23 12:44 - 2012-09-23 12:44 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\es_es\acrotray.esp
2019-04-25 20:49 - 2019-03-13 09:22 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-04-25 20:49 - 2019-03-13 09:22 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll
2016-03-05 13:32 - 2016-03-05 13:32 - 001793672 _____ (Adobe Systems Incorporated -> Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\amtlib.dll
2012-03-09 17:26 - 2012-03-09 17:26 - 000249344 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\libcurl.dll
2012-03-09 17:26 - 2012-03-09 17:26 - 001106944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\LIBEAY32.dll
2012-03-09 17:26 - 2012-03-09 17:26 - 000237056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\SSLEAY32.dll
2012-03-09 17:26 - 2012-03-09 17:26 - 000100352 _____ () [File not signed] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2017-04-15 21:10 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{25DAFD2F-D77E-44C6-A2F4-24BC6061595A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD\PowerDVD.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{99011199-EE8F-4C73-8C21-3A3E5ABC0E63}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DC1C8D80-52B7-4B7B-AFDE-613582A83EB6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D249F20D-A350-4A07-93F9-C6EDED78B52F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{93625058-E1FE-4B85-A1CE-A88CD12C46E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DED8F3F0-138F-488E-9C09-437FC61C6636}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{61B69198-71B4-4F28-A830-26159CB53E1D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7056DE1A-FF04-40CF-8EAB-8812DE228F72}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1F534081-475C-4398-90A6-07EFCC07DF72}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C5D90402-E6C1-456A-91B1-B283B2710B86}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{F3ADD4C8-84DA-4331-B113-36745D1B9588}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B3BEB79D-DCEE-4474-8D24-09DF6E141A27}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{CF203D39-CE80-47E9-A1BA-BED29E557CB3}C:\users\usuario\downloads\manageengine_opmanager_64bit.exe] => (Allow) C:\users\usuario\downloads\manageengine_opmanager_64bit.exe (ZOHO Corporation -> ManageEngine)
FirewallRules: [UDP Query User{4A6685CF-57DC-44E3-9664-926C0A87A31E}C:\users\usuario\downloads\manageengine_opmanager_64bit.exe] => (Allow) C:\users\usuario\downloads\manageengine_opmanager_64bit.exe (ZOHO Corporation -> ManageEngine)
FirewallRules: [TCP Query User{5D686ED1-C8CE-4F55-9EC2-CF495630AFF6}C:\users\usuario\downloads\manageengine_opmanager_64bit (1).exe] => (Block) C:\users\usuario\downloads\manageengine_opmanager_64bit (1).exe (ZOHO Corporation -> ManageEngine)
FirewallRules: [UDP Query User{194DBF97-57FD-462B-A374-4BCBDC764C77}C:\users\usuario\downloads\manageengine_opmanager_64bit (1).exe] => (Block) C:\users\usuario\downloads\manageengine_opmanager_64bit (1).exe (ZOHO Corporation -> ManageEngine)
FirewallRules: [{817C0024-DC33-4AD9-9825-62D77D9C4FE4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0B53B51D-1603-404D-BDFA-8FCBC0D292F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F99E8B92-F5D8-4CBF-8F51-F9C6A544FC65}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2EABD924-035A-4727-9B6C-C396E77FAA71}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{80EB7D88-93F0-40FF-9479-96C34EA08A40}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{E3C4743D-B3AE-4277-A4A9-C4F36DFB5A26}C:\cms2000\cms2000.exe] => (Allow) C:\cms2000\cms2000.exe () [File not signed]
FirewallRules: [UDP Query User{1C4FA080-225D-40A6-8EB6-31C6F27735BA}C:\cms2000\cms2000.exe] => (Allow) C:\cms2000\cms2000.exe () [File not signed]
FirewallRules: [{807B5839-EFE4-4F78-A59C-CE589DD86CA9}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{C5DFCAD2-BBDC-4CD5-85AF-2A55C9E18DAC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{7A63E896-D786-492C-9327-4DE93DC7811D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{50BDB040-ACAE-4A4F-98C4-9DCF043B9891}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{D3DE47C3-CFE1-4833-89D4-33B3291BF586}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A69C85EB-F1EC-4420-8040-21D5E9290DF2}] => (Allow) LPort=3306
FirewallRules: [{2A3F18E0-35BB-4054-85DA-F64D220F2580}] => (Allow) LPort=3306
FirewallRules: [{ECC434AF-0FEA-46CC-98E1-DA17E963606E}] => (Allow) LPort=3306
FirewallRules: [{95EFBAE4-6BA5-493F-8480-CB7C1FD86A47}] => (Allow) LPort=3306
FirewallRules: [{E65832CD-1F26-4272-BA5C-8604E07CF5DD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{0118C167-216B-4B99-9C04-EBA6C762CE32}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{69198826-219B-4B68-8560-B2E3DBC1666B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{8A6E843F-82AB-4D1A-AC8C-56776EAD6EE2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E1F26780-8EC6-4D09-BED3-F838E4CB1492}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

15-04-2019 13:50:46 Copias de seguridad de Windows
21-04-2019 19:00:11 Copias de seguridad de Windows
23-04-2019 04:51:49 Windows Update
28-04-2019 19:00:13 Copias de seguridad de Windows

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2019 05:18:14 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001

Error: (04/29/2019 05:18:14 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001

Error: (04/29/2019 05:18:14 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001

Error: (04/29/2019 05:18:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (04/29/2019 05:13:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Error al descargar las cadenas del contador de rendimiento para el servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene el código de error.

Error: (04/29/2019 05:13:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

Error: (04/29/2019 05:13:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Las cadenas de rendimiento del valor del Registro de rendimiento están dañadas al procesar el proveedor de contador de extensión Performance. El valor BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección de datos.

Error: (04/29/2019 05:02:33 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: Event-ID 2001


System errors:
=============
Error: (04/29/2019 05:18:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Agrupación de red del mismo nivel depende del servicio Protocolo de resolución de nombres de mismo nivel, el cual no pudo iniciarse debido al siguiente error: 
%%-2140993535

Error: (04/29/2019 05:18:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Protocolo de resolución de nombres de mismo nivel se cerró con el siguiente error: 
%%-2140993535

Error: (04/29/2019 05:18:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Agrupación de red del mismo nivel depende del servicio Protocolo de resolución de nombres de mismo nivel, el cual no pudo iniciarse debido al siguiente error: 
%%-2140993535

Error: (04/29/2019 05:18:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Protocolo de resolución de nombres de mismo nivel se cerró con el siguiente error: 
%%-2140993535

Error: (04/29/2019 05:18:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Agrupación de red del mismo nivel depende del servicio Protocolo de resolución de nombres de mismo nivel, el cual no pudo iniciarse debido al siguiente error: 
%%-2140993535

Error: (04/29/2019 05:18:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Protocolo de resolución de nombres de mismo nivel se cerró con el siguiente error: 
%%-2140993535

Error: (04/29/2019 05:18:37 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: El Protocolo de resolución de nombres de mismo nivel no se inició debido a un error de creación de la identidad predeterminada con código de error: 0x80630801.

Error: (04/29/2019 05:18:37 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: El Protocolo de resolución de nombres de mismo nivel no se inició debido a un error de creación de la identidad predeterminada con código de error: 0x80630801.


Windows Defender:
===================================
Date: 2018-06-13 10:38:41.676
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{068A5B7F-56DB-4BFE-B69E-4B8948207CBC}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:NT AUTHORITY\Servicio de red

Date: 2016-05-05 08:20:01.642
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{DA9916C0-672D-46B1-ACE6-F6DB3B5C2ED4}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:NT AUTHORITY\Servicio de red

Date: 2016-04-29 16:03:38.398
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

Date: 2016-04-29 16:03:38.388
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior:
Origen de actualización:Carpeta de actualizaciones de firmas
Tipo de firma:AntiSpyware
Tipo de actualización:Diferencia
Usuario:NT AUTHORITY\SYSTEM
Versión de motor actual:
Versión de motor anterior:
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 

Date: 2016-04-04 11:43:48.767
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

Date: 2016-04-04 11:43:48.767
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior:
Origen de actualización:Carpeta de actualizaciones de firmas
Tipo de firma:AntiSpyware
Tipo de actualización:Diferencia
Usuario:NT AUTHORITY\SYSTEM
Versión de motor actual:
Versión de motor anterior:
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 

Date: 2016-03-28 09:16:02.365
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

==================== Memory info =========================== 

BIOS: American Megatrends Inc. F4 06/28/2014
Motherboard: Gigabyte Technology Co., Ltd. H97M-DS3P
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 36%
Total physical RAM: 16249.2 MB
Available physical RAM: 10312 MB
Total Virtual: 32496.57 MB
Available Virtual: 25093.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:447.03 GB) (Free:133.19 GB) NTFS
Drive d: (BLOCK) (Fixed) (Total:1863.01 GB) (Free:574.08 GB) NTFS
Drive e: (MIOS) (Fixed) (Total:931.51 GB) (Free:4.87 GB) NTFS

\\?\Volume{f4914643-d58b-11e5-90a8-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 8BB4277B)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6858D084)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 28FD28FC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Hola

No descargaste y ejecutaste FRST desde el escritorio como te indiqué, muévelo allí para realizar el siguiente paso si no no funcionará.

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación inicia tu equipo desde el Modo Seguro de Windows sin función de red

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\Run: [AgendaNpp] => C:\AgendaNpp\agenda.exe [1967616 2015-10-26] (nppsoft.com) [File not signed]
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\MountPoints2: {7636147a-0ee7-11e9-87ed-fcaa1437f3b7} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\MountPoints2: {8b6065ce-0e4d-11e6-b14a-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\MountPoints2: {f4914647-d58b-11e5-90a8-806e6f6e6963} - D:\Run.exe
Task: {162AECE5-BAF4-4689-8B61-8686BF31E788} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [472576 2017-07-09] (Microsoft) [File not signed]
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-03-04] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2016-11-18] () [File not signed]
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2017-02-26] () [File not signed]
CHR Extension: (The QR Code Generator) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2016-08-13]
CHR Extension: (Lector de facturas mexicanas XML) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\injbcedkhbdclbdfemgchphcdnkdkbng [2017-08-10]
CHR Extension: ( Calculadora de energía solar) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldpemlidphjhodmnkigeefcggbbpalkh [2016-08-13]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-25]
S2 InstallerService;  [X]
S3 TrueKeyServiceHelper;  [X]
2019-04-20 18:08 - 2019-04-25 20:31 - 000002912 _____ C:\Windows\System32\Tasks\{8A970E18-264A-4229-A05A-E3CFBFEC25A9}
2019-04-20 18:08 - 2019-04-25 20:31 - 000002912 _____ C:\Windows\System32\Tasks\{83D11E85-B005-49B6-ACB1-8F17BC1C8BF4}
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\ChromeHTML: ->  <==== ATTENTION
ContextMenuHandlers1: [Cover Designer] -> [CC]{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} =>  -> No File
ContextMenuHandlers1: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers1-x32: [VersionsMenu] -> {03170921-4754-11cf-AB9A-00C0F00683EB} => C:\COREL\Versions\CVersion.dll [1997-11-03] (Corel Corporation Limited) [File not signed]
ContextMenuHandlers2: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers6-x32: [VersionsMenu] -> {03170921-4754-11cf-AB9A-00C0F00683EB} => C:\COREL\Versions\CVersion.dll [1997-11-03] (Corel Corporation Limited) [File not signed]
FirewallRules: [TCP Query User{E3C4743D-B3AE-4277-A4A9-C4F36DFB5A26}C:\cms2000\cms2000.exe] => (Allow) C:\cms2000\cms2000.exe () [File not signed]
FirewallRules: [UDP Query User{1C4FA080-225D-40A6-8EB6-31C6F27735BA}C:\cms2000\cms2000.exe] => (Allow) C:\cms2000\cms2000.exe () [File not signed]

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

Hola Daniela Disculpa la demora en ejecutar tus instrucciones, hice todo como me indicaste y al arrancar la PC Malwarebites no detectó nada, parece que el KEYGEN ya no apareció.

El FixLog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-05.2019
Ran by Usuario (03-05-2019 12:32:59) Run:1
Running from C:\Users\Usuario\Desktop
Loaded Profiles: Usuario (Available Profiles: Usuario)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START

CREATERESTOREPOINT:

CLOSEPROCESSES:

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]

HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\Run: [AgendaNpp] => C:\AgendaNpp\agenda.exe [1967616 2015-10-26] (nppsoft.com) [File not signed]

HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\MountPoints2: {7636147a-0ee7-11e9-87ed-fcaa1437f3b7} - G:\HiSuiteDownLoader.exe

HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\MountPoints2: {8b6065ce-0e4d-11e6-b14a-806e6f6e6963} - F:\Setup.exe

HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\MountPoints2: {f4914647-d58b-11e5-90a8-806e6f6e6963} - D:\Run.exe

Task: {162AECE5-BAF4-4689-8B61-8686BF31E788} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [472576 2017-07-09] (Microsoft) [File not signed]

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]

FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-03-04] [Legacy] [not signed]

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]

FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2016-11-18] () [File not signed]

FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2017-02-26] () [File not signed]

CHR Extension: (The QR Code Generator) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2016-08-13]

CHR Extension: (Lector de facturas mexicanas XML) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\injbcedkhbdclbdfemgchphcdnkdkbng [2017-08-10]

CHR Extension: ( Calculadora de energ�a solar) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldpemlidphjhodmnkigeefcggbbpalkh [2016-08-13]

CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-25]

S2 InstallerService;  [X]

S3 TrueKeyServiceHelper;  [X]

2019-04-20 18:08 - 2019-04-25 20:31 - 000002912 _____ C:\Windows\System32\Tasks\{8A970E18-264A-4229-A05A-E3CFBFEC25A9}

2019-04-20 18:08 - 2019-04-25 20:31 - 000002912 _____ C:\Windows\System32\Tasks\{83D11E85-B005-49B6-ACB1-8F17BC1C8BF4}

HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\...\ChromeHTML: ->  <==== ATTENTION

ContextMenuHandlers1: [Cover Designer] -> [CC]{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} =>  -> No File

ContextMenuHandlers1: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File

ContextMenuHandlers1-x32: [VersionsMenu] -> {03170921-4754-11cf-AB9A-00C0F00683EB} => C:\COREL\Versions\CVersion.dll [1997-11-03] (Corel Corporation Limited) [File not signed]

ContextMenuHandlers2: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

ContextMenuHandlers6: [Glary Utilities] -> [CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File

ContextMenuHandlers6-x32: [VersionsMenu] -> {03170921-4754-11cf-AB9A-00C0F00683EB} => C:\COREL\Versions\CVersion.dll [1997-11-03] (Corel Corporation Limited) [File not signed]

FirewallRules: [TCP Query User{E3C4743D-B3AE-4277-A4A9-C4F36DFB5A26}C:\cms2000\cms2000.exe] => (Allow) C:\cms2000\cms2000.exe () [File not signed]

FirewallRules: [UDP Query User{1C4FA080-225D-40A6-8EB6-31C6F27735BA}C:\cms2000\cms2000.exe] => (Allow) C:\cms2000\cms2000.exe () [File not signed]



HOSTS:

REMOVEPROXY:

EMPTYTEMP:

CMD: netsh winsock reset

CMD: ipconfig /renew

CMD: ipconfig /flushdns

CMD: bitsadmin /reset /allusers

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard" => removed successfully
"HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AgendaNpp" => removed successfully
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7636147a-0ee7-11e9-87ed-fcaa1437f3b7} => removed successfully
HKLM\Software\Classes\CLSID\{7636147a-0ee7-11e9-87ed-fcaa1437f3b7} => not found
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b6065ce-0e4d-11e6-b14a-806e6f6e6963} => removed successfully
HKLM\Software\Classes\CLSID\{8b6065ce-0e4d-11e6-b14a-806e6f6e6963} => not found
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4914647-d58b-11e5-90a8-806e6f6e6963} => removed successfully
HKLM\Software\Classes\CLSID\{f4914647-d58b-11e5-90a8-806e6f6e6963} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{162AECE5-BAF4-4689-8B61-8686BF31E788}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{162AECE5-BAF4-4689-8B61-8686BF31E788}" => removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\ms-help => removed successfully
HKLM\Software\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294} => removed successfully
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn => moved successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected]" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation PE Sign v2014" => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation PE Sign v2014" => not found
HKLM\Software\Wow6432Node\MozillaPlugins\JFGuide => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\JFWeb => removed successfully
CHR Extension: (The QR Code Generator) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2016-08-13] => Error: No automatic fix found for this entry.
CHR Extension: (Lector de facturas mexicanas XML) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\injbcedkhbdclbdfemgchphcdnkdkbng [2017-08-10] => Error: No automatic fix found for this entry.
CHR Extension: ( Calculadora de energ�a solar) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldpemlidphjhodmnkigeefcggbbpalkh [2016-08-13] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-25] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\InstallerService => removed successfully
InstallerService => service removed successfully
HKLM\System\CurrentControlSet\Services\TrueKeyServiceHelper => removed successfully
TrueKeyServiceHelper => service removed successfully
C:\Windows\System32\Tasks\{8A970E18-264A-4229-A05A-E3CFBFEC25A9} => moved successfully
C:\Windows\System32\Tasks\{83D11E85-B005-49B6-ACB1-8F17BC1C8BF4} => moved successfully
HKU\S-1-5-21-2117271867-4276607553-1121630274-1000_Classes\ChromeHTML => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Cover Designer => removed successfully
HKLM\Software\Classes\CLSID\[CC]{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\VersionsMenu => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{03170921-4754-11cf-AB9A-00C0F00683EB} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\VersionsMenu => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{03170921-4754-11cf-AB9A-00C0F00683EB} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E3C4743D-B3AE-4277-A4A9-C4F36DFB5A26}C:\cms2000\cms2000.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1C4FA080-225D-40A6-8EB6-31C6F27735BA}C:\cms2000\cms2000.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2117271867-4276607553-1121630274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c

========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54272736 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 2421040 B
Edge => 0 B
Chrome => 50799502 B
Firefox => 32984412 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 35894 B
systemprofile32 => 2234203 B
LocalService => 0 B
NetworkService => 430478 B
Usuario => 65134319 B

RecycleBin => 18365202705 B
EmptyTemp: => 17.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:33:21 ====

Agradezco tus finas atenciones y me congratulo por la suerte de recibir tu profesional ayuda Mil gracias Luis

Hola Luis

No te preocupes por la demora, no hay problema :+1:

Sigue estos pasos, para eliminar las herramientas utilizadas:

Para hacerlo utiliza de nuevo/descarga >> DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.


Gracias a ti por confiar en ForoSpyware. Ha sido un placer ayudarte :handshake:

Nos alegramos que se te haya resuelto :Bien: Damos el tema por solucionado.

Solucionado

Un saludo