Los programas se cierran solos

Mago · 5 Marzo, 2019 05:53

Buenos días.

Desde hace un par de días se me cierran las carpetas y los programas en uso. Además hay otro par de síntomas que no se si están relacionados o son independientes.

El primero me viene ocurriendo desde hace tiempo, y es que las búsquedas en chrome a veces me llevan a otro lugar. Aparece algo así como cristalsearch continuamente.

El otro no me había ocurrido hasta hoy, y es que creo que el ordenador se encendió solo. Digo creo porque yo juraría que lo apagué, pero igual no me di cuenta y lo dejé a punto de apagar.

Pero bueno, lo más importante para mí ahora es que no se me corten los programas en curso.

Muchas gracias.

JavierHF · 5 Marzo, 2019 09:04

Buenas @Mago

Para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado.

Desactiva temporalmente el Antivirus Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar ) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :

CCleaner + Manual.
Malwarebytes’ Anti-Malware + Manual. revisa en detalle el manual, para que sepas usarlo y configurarlo correctamente.
AdwCleaner + Manual.
Junkware Removal Tool.
Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1] ¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]

Ejecutas las herramientas de una en una y en el orden indicado :

CCleaner.-

Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.
Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.
Realiza un Análisis Completo.
Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.
En el apartado del manual Historial encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

Ejecuta Adwcleaner.exe.
Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.
Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.
El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

Ejecuta JRT.exe.
Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.
Si en algún momento te pide Reiniciar hazlo.
Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

Ejecuta FRST.exe.
En el mensaje de la ventana del Disclaimer, pulsamos Yes
En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Poner los informes en tu próxima respuesta de :

Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado.

Saludos Javier.

Mago · 5 Marzo, 2019 11:39

Ok. Muchas gracias. El fin de semana hago el proceso y les informo.

JavierHF · 5 Marzo, 2019 11:59

Hola.

Cuanto antes puedas hacerlo, mucho mejor.

Saludos.

Mago · 6 Marzo, 2019 11:09

Pues le he hecho caso y he empezado a hacerlo hoy, pero cuando intento ejecutar el JRT me dice que windows no encuentra JRT.exe y no me deja continuar. ¿Qué hago? Gracias.

Mago · 6 Marzo, 2019 12:48

Al final, después de apagar y encender de nuevo el ordenador, funcionó. Es pronto para saber si se sigue saliendo de los programas, pero lo que veo es que mi explorador sigue secuestrado por el any search

Les voy pegando los informes en varios mensajes. Saludos.


Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 6/3/19
Hora del análisis: 10:41
Archivo de registro: 57620cea-3ffc-11e9-8a84-d017c25cf492.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.538
Versión del paquete de actualización: 1.0.9546
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 17134.590)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-GF03O76\Javier

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 289020
Amenazas detectadas: 13
Amenazas en cuarentena: 13
Tiempo transcurrido: 4 min, 26 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 5
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En cuarentena, [213], [236865],1.0.9546
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En cuarentena, [213], [236865],1.0.9546
PUP.Optional.Conduit, HKU\S-1-5-21-461763866-4021664116-3522140865-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, En cuarentena, [213], [236865],1.0.9546
PUP.Optional.DefaultSearch, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\NLADLJMABBOANHIHFKJACNNKGJHNOKHJ, En cuarentena, [298], [550469],1.0.9546
PUP.Optional.DefaultSearch, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nladljmabboanhihfkjacnnkgjhnokhj, En cuarentena, [298], [550469],1.0.9546

Valor del registro: 3
PUP.Optional.Conduit, HKU\S-1-5-21-461763866-4021664116-3522140865-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, En cuarentena, [213], [236865],1.0.9546
PUP.Optional.Conduit, HKU\S-1-5-21-461763866-4021664116-3522140865-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, En cuarentena, [213], [236865],1.0.9546
PUP.Optional.DefaultSearch, HKU\S-1-5-21-461763866-4021664116-3522140865-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|NLADLJMABBOANHIHFKJACNNKGJHNOKHJ, En cuarentena, [298], [550469],1.0.9546

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 5
PUP.Optional.DefaultSearch, C:\USERS\JAVIER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [298], [550469],1.0.9546
PUP.Optional.Conduit, C:\USERS\JAVIER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2EOA59DK.DEFAULT\PREFS.JS, Sustituido, [213], [301520],1.0.9546
PUP.Optional.Conduit, C:\USERS\JAVIER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2EOA59DK.DEFAULT\PREFS.JS, Sustituido, [213], [303091],1.0.9546
PUP.Optional.InstallCore.Generic, C:\USERS\JAVIER\DOWNLOADS\FILEFORUM_INSTALLER.EXE, En cuarentena, [540], [512452],1.0.9546
PUP.Optional.DefaultSearch, C:\USERS\JAVIER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [298], [469798],1.0.9546

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

/CODE

CODE

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-01-25.2 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    03-06-2019
# Duration: 00:00:06
# OS:       Windows 10 Home
# Cleaned:  8
# Failed:   0


***** [ Services ] *****

Deleted       WCAssistantService

***** [ Folders ] *****

Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1972 octets] - [06/03/2019 10:53:06]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Mago · 6 Marzo, 2019 12:50


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64 
Ran by Javier (Administrator) on 06/03/2019 at 12:24:24,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3 

Successfully deleted: C:\ProgramData\lavasoft\web companion (Folder) 
Successfully deleted: C:\Users\Javier\AppData\Roaming\lavasoft\web companion (Folder) 
Successfully deleted: C:\Program Files (x86)\lavasoft\web companion (Folder) 



Registry: 2 

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8F71D12-3F53-40E7-9477-36B75C652888} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8F71D12-3F53-40E7-9477-36B75C652888} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/03/2019 at 12:28:03,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.03.2019
Ran by Javier (administrator) on DESKTOP-GF03O76 (06-03-2019 12:30:33)
Running from C:\Users\Javier\Desktop
Loaded Profiles: Javier (Available Profiles: Javier)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
() [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGService.exe
(CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(MAGIX AG) [File not signed] C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-08-20] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1404656 2015-08-20] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767760 2016-06-15] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-24] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-461763866-4021664116-3522140865-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19646312 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-461763866-4021664116-3522140865-1001\...\MountPoints2: {8026dd5a-ac13-11e7-9bdc-74c63b1bfee5} - "F:\HiSuiteDownLoader.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-25] (Google LLC -> Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3135f455-aa46-4dcf-9150-33ea8d3709c6}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c4e84d96-2037-4b61-97dc-2bee88ab857a}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-461763866-4021664116-3522140865-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-461763866-4021664116-3522140865-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ASUS15.msn.com/?pc=ASTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-461763866-4021664116-3522140865-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-02-21] (McAfee, Inc. -> McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-02-21] (McAfee, Inc. -> McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

FireFox:
========
FF DefaultProfile: 2eoa59dk.default
FF ProfilePath: C:\Users\Javier\AppData\Roaming\Mozilla\Firefox\Profiles\2eoa59dk.default [2019-03-06]
FF Homepage: Mozilla\Firefox\Profiles\2eoa59dk.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (signTextJS plus) - C:\Users\Javier\AppData\Roaming\Mozilla\Firefox\Profiles\2eoa59dk.default\Extensions\[email protected] [2018-05-12] [Legacy]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF SearchPlugin: C:\Users\Javier\AppData\Roaming\Mozilla\Firefox\Profiles\2eoa59dk.default\searchplugins\bing-lavasoft-ff59.xml [2018-09-06]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-03-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\PointGrab\Hand Gesture Control\PointGrab.xpi
FF Extension: (PointGrab) - C:\Program Files (x86)\PointGrab\Hand Gesture Control\PointGrab.xpi [2015-05-13] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-12] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-12] (Adobe Systems Incorporated -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-22] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-22] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-461763866-4021664116-3522140865-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Javier\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-01-09] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Javier\AppData\Roaming\mozilla\plugins\npatgpc.dll [2018-03-26]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Javier\AppData\Local\Google\Chrome\User Data\Default [2019-03-06]
CHR Extension: (Documentos) - C:\Users\Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-16]
CHR Extension: (FARMERAMA) - C:\Users\Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkfdgnfefjmciocbhnffnbpkjpdleca [2017-09-16]
CHR Extension: (Hojas de cálculo) - C:\Users\Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-02-15]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-13]
CHR Extension: (Cisco Webex Extension) - C:\Users\Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-07-05]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Recent Tabs) - C:\Users\Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocllfmhjhfmogablefmibmjcodggknml [2018-03-01]
CHR Extension: (Prevent Chrome Close) - C:\Users\Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcbnlaoepamebakfpngkgifmomidfddi [2018-05-29]
CHR Extension: (Gmail) - C:\Users\Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-16]
CHR Extension: (Chrome Media Router) - C:\Users\Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-16] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent Inc -> WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-24] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2017-09-16] (Intel(R) pGFX -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899640 2019-02-21] (McAfee, Inc. -> McAfee, Inc.)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PGService; C:\Program Files (x86)\PointGrab\Hand Gesture Control\PGService.exe [64728 2015-05-13] (PointGrab Ltd -> PointGrab LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] (CyberLink -> )
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] (ASUSTeK Computer Inc. -> )
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] (ASUSTeK Computer Inc. -> )
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-11] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-03-06] (Malwarebytes Corporation -> Malwarebytes)
S3 MHIKEY10; C:\WINDOWS\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Generic USB smartcard reader)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvak.inf_amd64_791beb67a268df58\nvlddmkm.sys [14145584 2017-09-16] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek Semiconductor Corp -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-02-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-22] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-06 12:30 - 2019-03-06 12:31 - 000022207 _____ C:\Users\Javier\Desktop\FRST.txt
2019-03-06 12:30 - 2019-03-06 12:30 - 000000000 ____D C:\FRST
2019-03-06 12:28 - 2019-03-06 12:28 - 000001110 _____ C:\Users\Javier\Desktop\JRT.txt
2019-03-06 11:28 - 2019-03-06 11:28 - 483811407 _____ C:\WINDOWS\MEMORY.DMP
2019-03-06 11:28 - 2019-03-06 11:28 - 000000000 _____ C:\WINDOWS\Minidump\030619-26562-01.dmp
2019-03-06 11:06 - 2019-03-06 11:06 - 001790024 _____ (Malwarebytes) C:\Users\Javier\Desktop\JRT (1).exe
2019-03-06 10:57 - 2019-03-06 10:57 - 000002008 _____ C:\Users\Javier\Desktop\AdwCleaner[C00].txt
2019-03-06 10:55 - 2019-03-06 12:05 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-06 10:48 - 2019-03-06 10:53 - 000000000 ____D C:\AdwCleaner
2019-03-06 10:47 - 2019-03-06 10:47 - 000003603 _____ C:\Users\Javier\Desktop\malwarebytes.txt
2019-03-06 10:40 - 2019-03-06 10:40 - 000000000 ____D C:\Users\Javier\AppData\Local\mbam
2019-03-06 10:39 - 2019-03-06 10:39 - 000171456 _____ C:\Users\Javier\Desktop\cc_20190306_103922.reg
2019-03-06 10:33 - 2019-03-06 11:03 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-03-06 10:33 - 2019-03-06 10:33 - 000002890 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-03-06 10:33 - 2019-03-06 10:33 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-06 10:33 - 2019-03-06 10:33 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-03-06 10:33 - 2019-03-06 10:33 - 000000000 ____D C:\Users\Javier\AppData\Local\mbamtray
2019-03-06 10:33 - 2019-03-06 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-06 10:33 - 2019-03-06 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-03-06 10:33 - 2019-03-06 10:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-06 10:33 - 2019-03-06 10:33 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-06 10:33 - 2019-03-06 10:33 - 000000000 ____D C:\Program Files\CCleaner
2019-03-06 10:33 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-06 10:33 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-06 10:23 - 2019-03-06 10:23 - 002434560 _____ (Farbar) C:\Users\Javier\Desktop\FRST64.exe
2019-03-06 10:21 - 2019-03-06 10:21 - 007316688 _____ (Malwarebytes) C:\Users\Javier\Desktop\adwcleaner_7.2.7.0.exe
2019-03-06 10:21 - 2019-03-06 10:21 - 001790024 _____ (Malwarebytes) C:\Users\Javier\Desktop\JRT.exe
2019-03-06 10:20 - 2019-03-06 10:21 - 062415584 _____ (Malwarebytes ) C:\Users\Javier\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9546.exe
2019-03-06 10:17 - 2019-03-06 10:17 - 019384632 _____ (Piriform Software Ltd) C:\Users\Javier\Desktop\ccsetup553.exe
2019-03-06 10:11 - 2019-03-06 10:12 - 002434560 _____ (Farbar) C:\Users\Javier\Downloads\FRST64 (1).exe
2019-03-05 10:26 - 2019-03-05 10:26 - 000527423 _____ ( ) C:\Users\Javier\Downloads\Lame_v3.99.3_for_Windows.exe
2019-03-05 10:26 - 2019-03-05 10:26 - 000000000 ____D C:\Program Files (x86)\Lame For Audacity
2019-03-05 10:16 - 2019-03-05 10:16 - 000000000 ____D C:\Users\Javier\Documents\Audacity
2019-03-04 08:47 - 2019-03-04 08:47 - 000038341 _____ C:\Users\Javier\Downloads\Darde D-73764825-F.pdf
2019-03-04 04:06 - 2018-09-20 04:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-03-03 21:12 - 2019-03-06 11:28 - 000000000 ____D C:\WINDOWS\Minidump
2019-03-03 11:50 - 2019-03-03 11:50 - 000000000 ____D C:\Users\Javier\AppData\Roaming\dvdcss
2019-03-03 11:46 - 2019-03-03 13:24 - 000000000 ____D C:\Users\Javier\AppData\Roaming\vlc
2019-03-03 11:46 - 2019-03-03 11:46 - 000001146 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-03-03 11:46 - 2019-03-03 11:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-03-03 11:45 - 2019-03-03 11:45 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2019-03-03 11:44 - 2019-03-03 11:44 - 040477384 _____ C:\Users\Javier\Downloads\vlc-3.0.6-win32.exe
2019-03-02 20:01 - 2019-03-05 10:34 - 000000000 ____D C:\Users\Javier\AppData\Roaming\audacity
2019-03-02 20:01 - 2019-03-02 20:01 - 000001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2019-03-02 20:01 - 2019-03-02 20:01 - 000001083 _____ C:\Users\Public\Desktop\Audacity.lnk
2019-03-02 20:01 - 2019-03-02 20:01 - 000000000 ____D C:\Users\Javier\AppData\Local\Audacity
2019-03-02 20:00 - 2019-03-02 20:01 - 000000000 ____D C:\Program Files (x86)\Audacity
2019-03-02 19:57 - 2019-03-02 19:58 - 026693160 _____ (Audacity Team ) C:\Users\Javier\Downloads\audacity-win-2.3.0.exe
2019-03-02 19:54 - 2019-03-02 19:55 - 000000000 ____D C:\Users\Javier\Documents\Grabaciones de sonido
2019-03-02 10:13 - 2019-03-02 18:28 - 000009921 _____ C:\Users\Javier\Documents\Gastos febrero.xlsx
2019-02-27 13:20 - 2019-02-27 13:20 - 000501306 _____ C:\Users\Javier\Downloads\MensagemMae.pdf
2019-02-25 20:12 - 2019-02-25 20:12 - 001921730 _____ C:\Users\Javier\Documents\carnaval.pptx
2019-02-25 19:33 - 2019-02-25 19:33 - 003964135 _____ C:\Users\Javier\Downloads\JUEGOS PREGUNTAS.odp
2019-02-18 23:38 - 2019-02-18 23:38 - 000000000 ____D C:\Users\Javier\Documents\Diablo III
2019-02-18 23:37 - 2019-02-18 23:37 - 000000948 _____ C:\Users\Public\Desktop\Diablo III.lnk
2019-02-18 23:37 - 2019-02-18 23:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2019-02-18 23:32 - 2019-02-19 06:06 - 000000000 ____D C:\Program Files (x86)\Diablo III
2019-02-18 18:48 - 2019-02-18 18:48 - 000044087 _____ C:\Users\Javier\Downloads\S20006674748-0119.pdf
2019-02-18 18:46 - 2019-02-18 18:46 - 000064602 _____ C:\Users\Javier\Downloads\factura.pdf
2019-02-18 08:19 - 2019-02-18 08:20 - 000038643 _____ C:\Users\Javier\Downloads\Another_Love__-_Tom_Odell_Professional.mscz
2019-02-14 06:10 - 2019-02-14 06:10 - 000027109 _____ C:\Users\Javier\Downloads\Lemon_Tree_-_Fools_Garden_-_Piano_Arrangement.mscz
2019-02-13 08:42 - 2019-02-06 07:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-13 08:42 - 2019-02-06 07:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-13 08:42 - 2019-02-06 07:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-13 08:42 - 2019-02-06 07:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-13 08:42 - 2019-02-06 07:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-13 08:42 - 2019-02-06 07:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-13 08:42 - 2019-02-06 06:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-13 08:42 - 2019-02-06 06:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-13 08:42 - 2019-02-06 03:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-13 08:42 - 2019-02-06 03:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-13 08:42 - 2019-02-06 03:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-13 08:42 - 2019-02-06 03:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-13 08:42 - 2019-02-06 03:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-13 08:42 - 2019-02-06 03:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-13 08:42 - 2019-02-06 03:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-13 08:42 - 2019-02-06 03:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-13 08:42 - 2019-02-06 03:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-13 08:42 - 2019-02-06 03:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-13 08:42 - 2019-02-06 03:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-13 08:42 - 2019-02-06 03:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-13 08:42 - 2019-02-06 03:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-13 08:42 - 2019-02-06 03:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-13 08:42 - 2019-02-06 03:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-13 08:42 - 2019-02-06 03:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-13 08:42 - 2019-02-06 03:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-13 08:42 - 2019-02-06 03:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-13 08:42 - 2019-02-06 03:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-13 08:42 - 2019-02-06 03:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-13 08:42 - 2019-02-06 03:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-13 08:42 - 2019-02-06 02:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-13 08:42 - 2019-02-06 02:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-13 08:42 - 2019-02-06 02:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-13 08:42 - 2019-02-06 02:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-13 08:42 - 2019-02-06 02:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-13 08:42 - 2019-02-06 02:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-13 08:42 - 2019-02-06 02:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-13 08:42 - 2019-02-06 02:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-13 08:42 - 2019-02-06 02:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-13 08:42 - 2019-02-06 02:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-13 08:42 - 2019-02-06 02:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-13 08:42 - 2019-02-06 02:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-13 08:42 - 2019-02-06 02:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-13 08:42 - 2019-02-06 02:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-13 08:42 - 2019-02-06 02:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-13 08:42 - 2019-02-06 02:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-13 08:42 - 2019-02-06 02:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-13 08:42 - 2019-02-06 02:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-13 08:42 - 2019-02-06 02:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-13 08:42 - 2019-02-06 02:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-13 08:42 - 2019-02-06 02:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-13 08:42 - 2019-02-06 02:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-13 08:42 - 2019-02-06 02:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-13 08:42 - 2019-02-06 02:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-13 08:42 - 2019-02-06 02:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-13 08:42 - 2019-02-06 02:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-13 08:42 - 2019-02-06 02:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-13 08:42 - 2019-02-06 02:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-13 08:42 - 2019-02-06 02:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-13 08:42 - 2019-02-06 02:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-13 08:42 - 2019-01-12 08:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-13 08:42 - 2019-01-12 02:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-13 08:42 - 2019-01-09 17:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-13 08:42 - 2019-01-09 17:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-13 08:42 - 2019-01-09 17:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-13 08:42 - 2019-01-09 17:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-13 08:42 - 2019-01-09 17:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-13 08:42 - 2019-01-09 09:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-13 08:42 - 2019-01-09 09:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-13 08:42 - 2019-01-09 08:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-13 08:42 - 2019-01-09 08:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-13 08:42 - 2019-01-09 05:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-13 08:42 - 2019-01-09 05:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-13 08:42 - 2019-01-09 05:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-13 08:42 - 2019-01-09 05:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-13 08:42 - 2019-01-09 05:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-13 08:42 - 2019-01-09 05:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-13 08:42 - 2019-01-09 05:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-13 08:42 - 2019-01-09 05:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-13 08:42 - 2019-01-09 05:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-13 08:42 - 2019-01-09 05:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-13 08:42 - 2019-01-09 05:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-13 08:42 - 2019-01-09 05:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-13 08:42 - 2019-01-09 05:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-13 08:42 - 2019-01-09 05:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-13 08:42 - 2019-01-09 05:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-13 08:42 - 2019-01-09 05:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-13 08:42 - 2019-01-09 05:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-13 08:42 - 2019-01-09 05:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-13 08:42 - 2019-01-09 05:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-13 08:42 - 2019-01-09 05:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-13 08:42 - 2019-01-09 05:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-13 08:42 - 2019-01-09 05:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-13 08:42 - 2019-01-09 05:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-13 08:42 - 2019-01-09 05:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-13 08:42 - 2019-01-09 05:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-13 08:42 - 2019-01-09 05:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-13 08:42 - 2019-01-09 05:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-13 08:42 - 2019-01-09 05:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-13 08:42 - 2019-01-09 05:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-13 08:42 - 2019-01-09 05:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-13 08:42 - 2019-01-09 05:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-13 08:42 - 2019-01-09 05:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-13 08:42 - 2019-01-09 05:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-13 08:42 - 2019-01-09 05:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-13 08:42 - 2019-01-09 05:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-13 08:42 - 2019-01-09 05:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-13 08:42 - 2019-01-09 05:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-13 08:42 - 2019-01-09 05:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-13 08:42 - 2019-01-09 05:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-13 08:42 - 2019-01-09 05:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-13 08:42 - 2019-01-09 05:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-13 08:42 - 2019-01-09 05:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-13 08:42 - 2019-01-09 05:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-13 08:42 - 2019-01-09 05:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-13 08:42 - 2019-01-09 05:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-13 08:42 - 2019-01-09 05:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-13 08:42 - 2019-01-09 05:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-13 08:42 - 2019-01-09 05:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-13 08:42 - 2019-01-09 05:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-13 08:42 - 2019-01-09 05:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-13 08:42 - 2019-01-09 05:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-13 08:42 - 2019-01-09 05:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-13 08:42 - 2019-01-09 05:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-13 08:42 - 2019-01-09 05:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-13 08:42 - 2019-01-09 05:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-13 08:42 - 2019-01-09 05:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-13 08:42 - 2019-01-09 05:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-13 08:42 - 2019-01-09 05:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-13 08:42 - 2019-01-09 05:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-13 08:42 - 2019-01-09 05:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-13 08:42 - 2019-01-08 09:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-13 08:42 - 2019-01-08 03:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-13 08:41 - 2019-02-06 07:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-13 08:41 - 2019-02-06 07:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-13 08:41 - 2019-02-06 06:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-13 08:41 - 2019-02-06 06:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-13 08:41 - 2019-02-06 03:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-13 08:41 - 2019-02-06 03:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-13 08:41 - 2019-02-06 03:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-13 08:41 - 2019-02-06 02:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-13 08:41 - 2019-02-06 02:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-13 08:41 - 2019-02-06 02:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-13 08:41 - 2019-02-06 02:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-13 08:41 - 2019-02-06 02:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-13 08:41 - 2019-02-06 02:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-13 08:41 - 2019-02-06 01:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-13 08:41 - 2019-01-09 18:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-13 08:41 - 2019-01-09 17:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-13 08:41 - 2019-01-09 17:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-13 08:41 - 2019-01-09 10:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-13 08:41 - 2019-01-09 05:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-13 08:41 - 2019-01-09 05:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-13 08:41 - 2019-01-09 05:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-13 08:41 - 2019-01-09 05:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-13 08:41 - 2019-01-09 05:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-13 08:41 - 2019-01-09 05:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-13 08:41 - 2019-01-09 05:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-13 08:41 - 2019-01-09 05:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-13 08:41 - 2019-01-09 05:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-13 08:41 - 2019-01-09 05:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-13 08:41 - 2019-01-09 05:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 08:41 - 2019-01-09 05:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-13 08:41 - 2019-01-09 05:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 08:41 - 2019-01-09 05:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-13 08:41 - 2019-01-09 04:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-13 08:41 - 2019-01-09 04:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-13 08:41 - 2019-01-08 03:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-13 08:41 - 2019-01-08 03:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-11 04:49 - 2019-02-12 10:24 - 000036561 _____ C:\Users\Javier\Downloads\Never_Say_Never_-_Fray_.mscz
2019-02-11 04:49 - 2019-02-11 11:01 - 000046345 ____H C:\Users\Javier\Downloads\.Never_Say_Never_-_Fray_.mscz,
2019-02-06 20:35 - 2019-02-06 20:35 - 000061598 _____ C:\Users\Javier\Downloads\Tutorías.pdf
2019-02-06 10:08 - 2019-02-07 10:11 - 000036467 _____ C:\Users\Javier\Downloads\Skinny_Love_for_Piano_by_Birdy.mscz
2019-02-06 10:08 - 2019-02-06 19:46 - 000036615 ____H C:\Users\Javier\Downloads\.Skinny_Love_for_Piano_by_Birdy.mscz,

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-06 12:32 - 2018-04-11 23:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-06 12:25 - 2018-06-02 08:20 - 000000000 ____D C:\Users\Javier\AppData\Roaming\Lavasoft
2019-03-06 12:25 - 2018-06-02 08:20 - 000000000 ____D C:\ProgramData\Lavasoft
2019-03-06 12:25 - 2018-06-02 08:20 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2019-03-06 12:05 - 2018-05-21 22:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-06 12:05 - 2018-05-21 22:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-06 12:05 - 2017-09-16 12:43 - 000000000 __SHD C:\Users\Javier\IntelGraphicsProfiles
2019-03-06 12:05 - 2017-09-16 12:36 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-03-06 12:05 - 2016-05-11 03:59 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-06 11:30 - 2018-05-21 22:13 - 000000000 ____D C:\Users\Javier
2019-03-06 11:23 - 2018-05-21 22:29 - 000004220 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{265BA993-4824-4185-8C40-DB5BE77939CC}
2019-03-06 11:05 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-03-06 10:58 - 2018-05-21 22:20 - 001772030 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-06 10:58 - 2018-04-12 16:18 - 000787540 _____ C:\WINDOWS\system32\perfh00A.dat
2019-03-06 10:58 - 2018-04-12 16:18 - 000155670 _____ C:\WINDOWS\system32\perfc00A.dat
2019-03-06 10:58 - 2018-04-11 23:36 - 000000000 ____D C:\WINDOWS\INF
2019-03-06 10:54 - 2018-04-11 21:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-03-06 10:53 - 2018-06-02 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-03-06 10:38 - 2018-06-02 08:20 - 000000000 ____D C:\Users\Javier\AppData\Roaming\uTorrent
2019-03-06 10:37 - 2018-05-21 11:13 - 000000000 ___DC C:\WINDOWS\Panther
2019-03-06 10:37 - 2017-09-16 17:21 - 000000000 ____D C:\Users\Javier\AppData\Local\CrashDumps
2019-03-06 10:33 - 2018-04-11 23:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-06 08:46 - 2018-10-27 08:26 - 000000569 _____ C:\Users\Javier\Desktop\Varios.txt
2019-03-06 07:55 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-06 07:48 - 2017-09-16 17:17 - 000000000 ____D C:\Users\Javier\AppData\Local\Battle.net
2019-03-06 05:12 - 2018-04-11 23:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-05 00:17 - 2018-04-11 23:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-03 18:49 - 2018-12-01 19:11 - 000000000 ____D C:\Users\Javier\Desktop\Office Toolkit 2010 [activa cualquier edicion 2010]
2019-03-03 11:50 - 2017-09-28 15:52 - 000000399 _____ C:\Users\Javier\Desktop\Unidad de CD - Acceso directo.lnk
2019-03-02 06:50 - 2018-05-21 22:29 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-461763866-4021664116-3522140865-1001
2019-03-02 06:50 - 2018-05-21 22:13 - 000002453 _____ C:\Users\Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-02 06:50 - 2017-09-16 12:49 - 000000000 ___RD C:\Users\Javier\OneDrive
2019-03-01 16:24 - 2017-09-16 20:40 - 000000000 ____D C:\Program Files\rempl
2019-02-27 06:44 - 2017-09-16 17:19 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2019-02-25 22:35 - 2017-09-16 16:08 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-25 12:07 - 2019-01-22 07:49 - 000000000 ____D C:\Users\Javier\AppData\Roaming\MuseScore
2019-02-24 07:05 - 2017-09-17 17:00 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-22 21:21 - 2018-03-12 03:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-02-22 17:01 - 2018-04-08 09:19 - 000000000 ____D C:\Users\Javier\Desktop\Varios
2019-02-22 04:43 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-18 23:38 - 2017-09-16 17:20 - 000000000 ____D C:\Users\Javier\AppData\Roaming\Battle.net
2019-02-16 14:02 - 2018-10-15 09:45 - 000000000 ____D C:\Users\Javier\Desktop\Doc Iara
2019-02-14 23:47 - 2018-05-21 22:29 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-02-13 11:56 - 2018-05-21 22:07 - 000518704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-13 10:51 - 2018-04-11 23:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-13 10:51 - 2018-04-11 23:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-13 10:51 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-13 10:50 - 2018-04-11 23:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-13 10:50 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-13 10:50 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-13 08:41 - 2017-09-16 20:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-13 08:36 - 2017-09-16 20:36 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-12 11:38 - 2018-09-23 20:56 - 000004620 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-02-12 11:38 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-02-12 11:38 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-02-08 07:52 - 2018-06-12 21:19 - 000000000 ____D C:\ProgramData\Packages
2019-02-05 23:38 - 2017-09-16 17:21 - 000000000 ____D C:\Program Files (x86)\Hearthstone

==================== Files in the root of some directories =======

2018-02-11 10:18 - 2018-05-29 09:36 - 000534528 _____ (Dirección General de la Policía) C:\Users\Javier\AppData\Local\DNIeService.exe
2018-01-07 06:47 - 2018-01-07 06:47 - 000000017 _____ () C:\Users\Javier\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-21 22:07

==================== End of FRST.txt ============================

Mago · 6 Marzo, 2019 12:50

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.03.2019
Ran by Javier (06-03-2019 12:32:47)
Running from C:\Users\Javier\Desktop
Windows 10 Home Version 1803 17134.590 (X64) (2018-05-21 22:30:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-461763866-4021664116-3522140865-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-461763866-4021664116-3522140865-503 - Limited - Disabled)
Invitado (S-1-5-21-461763866-4021664116-3522140865-501 - Limited - Disabled)
Javier (S-1-5-21-461763866-4021664116-3522140865-1001 - Administrator - Enabled) => C:\Users\Javier
WDAGUtilityAccount (S-1-5-21-461763866-4021664116-3522140865-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-461763866-4021664116-3522140865-1001\...\uTorrent) (Version: 3.5.3.44428 - BitTorrent Inc.)
Actualización de NVIDIA 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{11AA4167-E283-4D74-883F-9E73AD35CB8C}) (Version: 20.6.44.04472 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{11AA4167-E283-4D74-883F-9E73AD35CB8C}) (Version: 20.6.44.04472 - Alcor Micro Corp.)
Aplicación de Blizzard (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Astro-Nex 1.2.3 (HKLM-x32\...\Astro-Nex_is1) (Version:  - )
ASUS App Box (HKLM-x32\...\{F0CE6060-50B1-401E-8357-B6E24DB98D21}) (Version: 1.01.08 - ASUSTeK Computer Inc.)
ASUS Key Suite (HKLM-x32\...\{71E2F4D6-191A-4A36-8A5C-8AFEA92729C9}) (Version: 1.03.05 - ASUSTeK Computer Inc.)
ASUS Manager - Ai Booting (HKLM-x32\...\{2DCE446C-D090-4458-8782-8F16DF94351E}) (Version: 2.01.16 - ASUSTeK Computer Inc.)
ASUS Manager - Ai Charger II (HKLM-x32\...\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}) (Version: 2.01.11 - ASUSTeK Computer Inc.)
ASUS Manager - Backup & Recovery (HKLM-x32\...\{34D67DE5-2ECF-4E6B-A243-2C16E2792787}) (Version: 2.01.17 - ASUSTeK Computer Inc.)
ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.01.15 - ASUSTeK Computer Inc.)
ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.02.06 - ASUSTeK Computer Inc.)
ASUS Manager - SyncUp (HKLM-x32\...\{C2294792-457D-4DF7-9486-B630754C73D0}) (Version: 2.00.11 - ASUSTeK Computer Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.05.05 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.11.01 - ASUSTeK Computer Inc.)
ASUS Music Maker (HKLM\...\{5FDB730E-6091-4125-AA5D-1143A091E32B}) (Version: 21.0.3.44 - MAGIX Software GmbH) Hidden
ASUS Music Maker (HKLM-x32\...\MX.{5FDB730E-6091-4125-AA5D-1143A091E32B}) (Version: 21.0.3.44 - MAGIX Software GmbH)
ASUS Music Maker Soundpools (HKLM\...\{15634847-BDA3-4A0D-84C7-C5175E49C745}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
AutoFirma (HKLM-x32\...\AutoFirma) (Version: 1.6.2 - Gobierno de España)
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.11.0.591 - Ilya Morozov)
CCleaner (HKLM\...\CCleaner) (Version: 5.53 - Piriform)
Cisco WebEx Meetings (HKU\S-1-5-21-461763866-4021664116-3522140865-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Configurador_FNMT (HKLM-x32\...\{438D4C4C-B703-4971-9C3D-33FF8A010ADB}) (Version: 3.7 - FNMT-RCM)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4307 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4307 - CyberLink Corp.)
Desinstalar impresora EPSON XP-422 423 425 Series (HKLM\...\EPSON XP-422 423 425 Series) (Version:  - SEIKO EPSON Corporation)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.22 - ASUSTek Computer Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Easy Photo Scan (HKLM-x32\...\{9C366320-A91D-423A-A6D5-38CB1A90CC47}) (Version: 1.00.0013 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP Deskjet 2050 J510 series Ayuda (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Software básico del dispositivo (HKLM\...\{A8A0667A-82F1-4F71-BC10-5A1D33FF9183}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Instalable DNIe (HKLM\...\{D2CE0562-13E0-4FC9-85F2-CA3D0392310E}) (Version: 14.0.0 - Cuerpo Nacional de Policía)
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.5230.111 - Waves Audio Ltd.) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.26 - McAfee, Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-461763866-4021664116-3522140865-1001\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 56.0.1 (x64 es-ES) (HKLM\...\Mozilla Firefox 56.0.1 (x64 es-ES)) (Version: 56.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MuseScore 3 (HKLM\...\{83BD358C-9DE0-4A7C-9EA3-5CFAF1DD9CD8}) (Version: 3.0.1.5087 - Werner Schweer and Others)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.2.2 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Controlador de 3D Vision 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.63 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.63 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Panel de control de NVIDIA 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 375.63 - NVIDIA Corporation) Hidden
Performance Enhancement (HKLM-x32\...\{14979165-9D9E-4246-9FAD-9FAFE7398F75}) (Version: 1.0.5 - ASUSTeK Computer Inc.)
PointGrab Hand Gesture Control (HKLM-x32\...\{8A8084E2-4168-46E2-BFA6-4B3FE7BF1857}) (Version: 04.12.01.6775 - PointGrab)
PointGrab Hand Gesture Control (HKLM-x32\...\{D5233548-501F-4508-B357-420EECBD9856}) (Version: 04.12.01.6775 - ) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7586 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
SWF File Player (HKLM-x32\...\{6A86F611-906C-422D-B34A-103662CBC195}_is1) (Version:  - swffileplayer.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateAssistant (HKLM-x32\...\{61B90E2F-2DD9-4581-8856-C2441B61571A}) (Version: 1.7.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WBFS Manager 4.0 (HKLM\...\{D34C07CA-DCF0-4A5C-A4DD-55522B17F4F2}) (Version: 4.0 - WBFS)
Web Companion (HKLM-x32\...\{72e8ff4d-d986-43ec-9cb3-51350c8546b6}) (Version: 4.3.1917.3743 - Lavasoft)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.16 - WildTangent)
Windows Driver Package - Dirección General de la Policía (UMPass) SmartCard  (11/23/2017 1.0.2.6) (HKLM\...\4156F59B733E1BC3DE3D5DA2299224A42B2FF794) (Version: 11/23/2017 1.0.2.6 - Dirección General de la Policía)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-461763866-4021664116-3522140865-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-461763866-4021664116-3522140865-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-461763866-4021664116-3522140865-1001_Classes\CLSID\{B1F2E1BE-C9DB-46AC-81E0-F4AF949335AA} -> [Azucena] => D:\Azucena [2017-09-16 17:10]
CustomCLSID: HKU\S-1-5-21-461763866-4021664116-3522140865-1001_Classes\CLSID\{FDF90197-7680-460A-A232-A7554992DF49} -> [MEGA] => D:\Mega [2017-09-16 17:51]
CustomCLSID: HKU\S-1-5-21-461763866-4021664116-3522140865-1001_Classes\CLSID\{FEF0AEE0-E009-4B41-B374-0B37091DCE30} -> [Fotos y videos] => D:\Fotos y videos [2017-12-20 15:27]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-11-17] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-11-17] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-11-17] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-11-17] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-11-17] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-11-17] () [File not signed]
ContextMenuHandlers1: [Balabolka] -> {6CB83A5A-AA68-4895-9F54-175E789AE149} => C:\Program Files (x86)\Balabolka\BFileExt.dll [2013-02-28] (Ilya Morozov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-11-17] () [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-11-17] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-11-17] () [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-11-17] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-09-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-10-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05DC08BC-1057-44A5-879A-8B335EB2C9AE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {14CB8549-E635-4794-94F5-82B8307A98DA} - System32\Tasks\ASUS\Performance Enhancement => C:\Program Files (x86)\ASUS\Performance Enhancement\AsPerformancePower.exe (ASUSTeK Computer Inc. -> ASUSTeK COMPUTER INC.)
Task: {1E9292D2-B5EB-4027-9E5D-46ADB696947E} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {38BA4D00-C552-42C3-9737-83E19F95098D} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe (ASUSTeK Computer Inc. -> )
Task: {3C3767A0-8BFA-4F30-BB62-F2AD4983677A} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe (ASUSTeK Computer Inc. -> )
Task: {3CAD14F7-94D8-4E8F-9CAA-081BDD14A0C3} - System32\Tasks\ASUS\ASUS Key Suite Helper => C:\Program Files (x86)\ASUS\ASUS Key Suite\AsKeySuite.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {440A705C-D458-4B56-9F3C-470D6F6BF293} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {56EAB452-1CD7-47A0-BAF0-6BBB42AB2657} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) <==== ATTENTION
Task: {58F00F34-6D6A-47BF-8E1F-97857C642160} - System32\Tasks\EPSON XP-422 423 425 Series Update {C9543B2D-C135-42B1-8185-D7DD82EC5A78} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNDE.EXE (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {60DD920A-8BAE-4187-9D1C-7B725E9ACA84} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {69ABF186-BDCE-4034-A054-D70EF5E18D00} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe (ASUSTeK Computer Inc. -> )
Task: {73C06270-42B8-4FD7-B35B-1732355A6245} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {7752E10D-71DD-42BF-820D-FA3E4480719B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {860DAED6-9CFF-4497-B7B7-4B2BCB71B539} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {89C8CA41-4AD6-4893-9794-57AF6F78DF51} - System32\Tasks\ASUS\SyncUp => C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {9FDB4D1E-704B-42CF-B4C5-EA54AC2527B5} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe (ASUSTeK Computer Inc. -> ) [File not signed]
Task: {B5BC8387-0DD1-4D72-BAF9-BAF855AC3505} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B98DB455-2705-4BFF-A6DA-BDF4E68E58BB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {C45DAB98-82E9-4E2F-B5AF-E8917AC71439} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {C502ED87-2853-480C-ABE0-4C224049E360} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E7005236-B6F2-4706-BC73-2390E7A70341} - System32\Tasks\ASUS\Power_Manager_background => C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe (ASUSTeK Computer Inc. -> ASUSTeK)
Task: {F15D6220-D183-480E-9B48-EB450E57D95E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F7E443B0-81EF-4770-B3A5-8008BCC57D5D} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe (ASUSTeK Computer Inc. -> ASUSTeK)
Task: {FB0A1715-D0E2-4E20-9251-E99F00D2C11C} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-461763866-4021664116-3522140865-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe (Mega Limited -> Mega Limited)
Task: {FEBFD3FF-35BD-4EDD-857A-733752564EB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON XP-422 423 425 Series Update {C9543B2D-C135-42B1-8185-D7DD82EC5A78}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNDE.EXE:/EXE:{C9543B2D-C135-42B1-8185-D7DD82EC5A78} /F:UpdateWORKGROUP\DESKTOP-GF03O76$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-05-11 03:59 - 2016-06-15 01:12 - 001298640 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2015-05-19 17:11 - 2015-05-19 17:11 - 000007680 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2018-05-21 22:10 - 2016-10-22 05:22 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\_nvstapisvr64.dll
2017-06-07 20:09 - 2017-11-17 04:56 - 000598528 _____ () [File not signed] C:\ProgramData\MEGAsync\ShellExtX64.dll
2016-05-11 04:34 - 2014-03-12 22:51 - 000907776 _____ () [File not signed] C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandler.dll
2013-02-28 21:31 - 2013-02-28 21:31 - 000360960 _____ (Ilya Morozov) [File not signed] C:\Program Files (x86)\Balabolka\BFileExt.dll
2012-01-24 02:19 - 2012-01-24 02:19 - 001858048 _____ (MAGIX AG) [File not signed] C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
2019-03-06 10:33 - 2019-02-01 09:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-06 10:33 - 2019-02-01 09:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-06 10:33 - 2019-02-01 09:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2015-06-24 00:00 - 2015-06-24 00:00 - 000285696 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-06-24 00:00 - 2015-06-24 00:00 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-461763866-4021664116-3522140865-1001\...\fnmt.es -> hxxp://fnmt.es
IE trusted site: HKU\S-1-5-21-461763866-4021664116-3522140865-1001\...\fnmt.es -> hxxps://fnmt.es
IE trusted site: HKU\S-1-5-21-461763866-4021664116-3522140865-1001\...\fnmt.gob.es -> hxxps://fnmt.gob.es
IE trusted site: HKU\S-1-5-21-461763866-4021664116-3522140865-1001\...\fnmt.gob.es -> hxxp://fnmt.gob.es
IE trusted site: HKU\S-1-5-21-461763866-4021664116-3522140865-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 11:04 - 2015-07-10 11:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


2018-12-03 22:23 - 2018-12-03 22:52 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\AutoFirma\AutoFirma;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-461763866-4021664116-3522140865-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\asus.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4F7FEEFE-4A5D-4AE3-B390-C12C4606DD1D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6E96C137-F14D-46C6-BE55-4AB9FB4E642E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{17745D31-502D-4484-B276-6029BE7922FB}C:\windows\system32\sihost.exe] => (Allow) C:\windows\system32\sihost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{CF822195-0458-4C92-87A6-DBB948AA5650}C:\windows\system32\sihost.exe] => (Allow) C:\windows\system32\sihost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{0AED11FF-FF63-4AC9-9F10-B9303CF7C973}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{27E8979B-46D0-4A71-999C-04CCB29E17F9}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AC8E1FBC-5001-443D-A78D-D31581BA4183}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D6CC1F52-BD27-4A91-A2E4-60BE36DCC97B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{52C92A14-7702-4A62-9E09-610B3B30B8BA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{10834EEC-950D-4090-9462-57BB6E23F6D6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{294C0F39-729A-4744-82A5-2D0EDABDF3C5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{22789AD3-023F-4778-9C85-FE2811361EA0}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{AC51E0EB-F92E-4A68-AA03-CAF10B6411E0}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{81155C48-9F0B-4EE8-9022-9BAE80C4AB0B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{B31966FD-1565-44C3-815D-4E47457DBD7F}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{FD5CD6E4-AA14-4798-8C85-877E1DD34305}] => (Allow) C:\Users\Javier\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{592210C2-6719-4D39-80D5-D78C25A497B4}] => (Allow) C:\Users\Javier\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A1766762-4C6F-467B-9C83-1435E62CFF4A}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{902F2272-09B1-42FB-9FAA-33163AA234D1}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{46FE2B8B-B8E5-4AA6-BF3E-4F7D3399DAF9}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9EF21166-49A5-4FC1-805A-E6CD35FD9649}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0F010227-DCC2-43B8-931B-A8AF69A13F25}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B452E06C-92AF-4AE2-8C40-D22068F31E39}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6B63C0D9-4D7C-41DB-AF03-A9EC2DB5B681}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E7344CBC-4D2B-4BAA-9412-7DB03818392A}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B94B76F9-481C-40CD-BE23-1C70FEE6E3D1}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{4B551676-162B-4D8D-994C-180E44F44072}C:\program files\autofirma\autofirma\jre\bin\javaw.exe] => (Allow) C:\program files\autofirma\autofirma\jre\bin\javaw.exe
FirewallRules: [UDP Query User{19201745-7E12-4E04-AAFD-71D0802CCED7}C:\program files\autofirma\autofirma\jre\bin\javaw.exe] => (Allow) C:\program files\autofirma\autofirma\jre\bin\javaw.exe
FirewallRules: [{6773B5B4-D193-4D2F-ADE4-6F9F6570A412}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A4A68FF9-B7FA-491A-AE21-38C1CBD99087}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FE43D6F8-CE4F-4C04-A3B2-CB4F9A4C0765}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6EC72636-00C7-44B3-834B-885D6C48DDD8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F6828ECA-67F6-4A3D-B37D-A31A390A7C7E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DF34B9A7-B715-4A94-B1B7-E99EBED95D81}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D054FEF3-358C-4892-820D-CE63BEB2457B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{91B22ACC-2C62-4F18-BE8D-AA1E508BF4E4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{BB56BF74-3C4E-4BC3-8D01-BE6737A02A03}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{D5591013-51DE-4F10-8695-C9D9D1E1240E}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{31891C81-FC8F-4C63-9E58-8FC744A7D685}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{4E6AD795-3E02-46AB-95A3-AF406204F947}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{93053DC6-1F6B-4935-BE6C-9D317CFD2F1A}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{F4882098-21ED-4ABB-ACF7-736210CD5862}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\ASUSDMS.exe No File
FirewallRules: [{2DF9AED6-BF13-48E9-89AE-DD9F652B35B0}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\ASUSDMS.exe No File

==================== Restore Points =========================

23-02-2019 07:50:26 Punto de control programado
01-03-2019 16:22:34 Windows Update
05-03-2019 00:16:15 Windows Update
06-03-2019 12:24:28 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2019 12:53:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Explorer.EXE, versión: 10.0.17134.165, marca de tiempo: 0x4031a9f8
Nombre del módulo con errores: UxTheme.dll, versión: 10.0.17134.1, marca de tiempo: 0x66e92861
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000007a4f
Identificador del proceso con errores: 0x19c0
Hora de inicio de la aplicación con errores: 0x01d4d350ea2aa1f6
Ruta de acceso de la aplicación con errores: C:\WINDOWS\Explorer.EXE
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\UxTheme.dll
Identificador del informe: 38242e51-ade4-40a7-807c-da1a2dbb8615
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/05/2019 01:03:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: svchost.exe_UserDataSvc, versión: 10.0.17134.556, marca de tiempo: 0xf23cada5
Nombre del módulo con errores: ucrtbase.dll, versión: 10.0.17134.319, marca de tiempo: 0x40b70dec
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000038e88
Identificador del proceso con errores: 0xf20
Hora de inicio de la aplicación con errores: 0x01d4d2e75a887b8e
Ruta de acceso de la aplicación con errores: c:\windows\system32\svchost.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\ucrtbase.dll
Identificador del informe: f53b51fd-f6b0-45ac-88b9-76814e9aa154
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/03/2019 05:48:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: explorer.exe, versión: 10.0.17134.165, marca de tiempo: 0x4031a9f8
Nombre del módulo con errores: UxTheme.dll, versión: 10.0.17134.1, marca de tiempo: 0x66e92861
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00000000000079c0
Identificador del proceso con errores: 0x1fcc
Hora de inicio de la aplicación con errores: 0x01d4d1e8ce8eb418
Ruta de acceso de la aplicación con errores: C:\WINDOWS\explorer.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\UxTheme.dll
Identificador del informe: 11e474ca-a32d-4966-8363-bc1baefb7edc
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/03/2019 05:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: explorer.exe, versión: 10.0.17134.165, marca de tiempo: 0x4031a9f8
Nombre del módulo con errores: gdiplus.dll, versión: 10.0.17134.590, marca de tiempo: 0x5ad7d6b2
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000001c293
Identificador del proceso con errores: 0x1e74
Hora de inicio de la aplicación con errores: 0x01d4d1e86eed2154
Ruta de acceso de la aplicación con errores: C:\WINDOWS\explorer.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.590_none_2c288ee48afc5a56\gdiplus.dll
Identificador del informe: 9dee94d1-d479-4385-911d-8d802bc12d08
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/03/2019 05:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: explorer.exe, versión: 10.0.17134.165, marca de tiempo: 0x4031a9f8
Nombre del módulo con errores: msvcrt.dll, versión: 7.0.17134.1, marca de tiempo: 0x5cbba6fd
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00000000000746b7
Identificador del proceso con errores: 0x2594
Hora de inicio de la aplicación con errores: 0x01d4d1e762ad02fc
Ruta de acceso de la aplicación con errores: C:\WINDOWS\explorer.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\msvcrt.dll
Identificador del informe: a8ad61ee-beed-4b95-a8e1-d502ac45c0c4
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/03/2019 05:34:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: explorer.exe, versión: 10.0.17134.165, marca de tiempo: 0x4031a9f8
Nombre del módulo con errores: windowscodecs.dll, versión: 10.0.17134.345, marca de tiempo: 0xf48454dd
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000003acfb
Identificador del proceso con errores: 0x2614
Hora de inicio de la aplicación con errores: 0x01d4d1e67ddecb48
Ruta de acceso de la aplicación con errores: C:\WINDOWS\explorer.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\system32\windowscodecs.dll
Identificador del informe: c743418a-3928-4b17-9dad-ee1c1adfd73e
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/03/2019 05:28:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: explorer.exe, versión: 10.0.17134.165, marca de tiempo: 0x4031a9f8
Nombre del módulo con errores: msvcrt.dll, versión: 7.0.17134.1, marca de tiempo: 0x5cbba6fd
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00000000000746b7
Identificador del proceso con errores: 0x27f0
Hora de inicio de la aplicación con errores: 0x01d4d1e5afcf4d8d
Ruta de acceso de la aplicación con errores: C:\WINDOWS\explorer.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\msvcrt.dll
Identificador del informe: b3467a32-5a9f-41c4-9809-1fc304b0415d
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (03/03/2019 05:22:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Explorer.EXE, versión: 10.0.17134.165, marca de tiempo: 0x4031a9f8
Nombre del módulo con errores: msvcrt.dll, versión: 7.0.17134.1, marca de tiempo: 0x5cbba6fd
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000074678
Identificador del proceso con errores: 0x1ae8
Hora de inicio de la aplicación con errores: 0x01d4d1e2157575e7
Ruta de acceso de la aplicación con errores: C:\WINDOWS\Explorer.EXE
Ruta de acceso del módulo con errores: C:\WINDOWS\System32\msvcrt.dll
Identificador del informe: 877e5b54-2b4b-4084-814b-599f6f603b5d
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:


System errors:
=============
Error: (03/06/2019 12:18:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/06/2019 12:18:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GF03O76)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-GF03O76\Javier con SID (S-1-5-21-461763866-4021664116-3522140865-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/06/2019 12:15:27 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GF03O76)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-GF03O76\Javier con SID (S-1-5-21-461763866-4021664116-3522140865-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/06/2019 12:06:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/06/2019 12:06:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/06/2019 12:06:17 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GF03O76)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-GF03O76\Javier con SID (S-1-5-21-461763866-4021664116-3522140865-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (03/06/2019 12:05:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media se cerró con el siguiente error: 
Se intentó hacer referencia a un token que no existe.

Error: (03/06/2019 12:05:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: El cierre anterior del sistema a las 11:28:23 del ‎06/‎03/‎2019 resultó inesperado.


Windows Defender:
===================================
Date: 2019-03-05 10:15:39.814
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {A359115A-FA42-479D-9881-1853B88228C5}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-04 08:18:38.270
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {36F9991C-EFB3-4FB9-B739-A9CD31E53D5B}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-04 06:22:48.312
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {39C9A093-48BE-4216-A228-1AC5C7C384F5}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-04 05:42:17.871
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {B693C48C-ABF1-4450-A932-4743202B790D}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-03-04 05:21:39.753
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {E7171D36-9559-4E4B-8298-8FE36F636E18}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-02-18 05:23:06.548
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.287.189.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15700.8
Código de error: 0x80070643
Descripción del error: Error irrecuperable durante la instalación. 

CodeIntegrity:
===================================

Date: 2019-03-06 10:42:56.419
Description: 
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-03-06 10:42:54.717
Description: 
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-03-05 05:05:03.345
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-03-05 05:05:03.338
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-03-05 05:05:03.318
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-06 17:29:09.027
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-06 17:29:09.020
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-01-06 17:29:09.010
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 53%
Total physical RAM: 4006.64 MB
Available physical RAM: 1863.38 MB
Total Virtual: 6566.64 MB
Available Virtual: 4239.86 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:149.64 GB) (Free:28.24 GB) NTFS
Drive d: (Data) (Fixed) (Total:780.91 GB) (Free:699.22 GB) NTFS
Drive e: (NVE2_VRDVD) (CDROM) (Total:0.69 GB) (Free:0 GB) UDF
Drive f: (TOSHIBA) (Removable) (Total:7.21 GB) (Free:5.15 GB) FAT32

\\?\Volume{58a9fda7-0c32-4acd-8802-0791825462cc}\ () (Fixed) (Total:0.84 GB) (Free:0.45 GB) NTFS
\\?\Volume{5354f2de-542d-4eec-95e8-df27790561fa}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0B4AEAA8)

Partition: GPT.

========================================================
Disk: 1 (Size: 7.2 GB) (Disk ID: 1A411DFE)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0B)

==================== End of Addition.txt ============================

JavierHF · 6 Marzo, 2019 15:40

Bien… y ahora sigue estos pasos, MUY Importante Realiza una copia de seguridad del registro :

Para hacerlo descarga DelFix.exe(en tu escritorio).
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
Atención, ahora marca/selecciona únicamente la casilla Create registry backup, las demás casillas NO.
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.

Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-461763866-4021664116-3522140865-1001\...\MountPoints2: {8026dd5a-ac13-11e7-9bdc-74c63b1bfee5} - "F:\HiSuiteDownLoader.exe"
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-461763866-4021664116-3522140865-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
2019-03-06 12:05 - 2017-09-16 12:36 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.

Nota Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
Presionar el botón FIX y aguardar a que termine.
La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.

Mago · 7 Marzo, 2019 11:21

Buenos días. He hecho lo que me han dicho. Hasta ahora, y desde ayer, no se me ha vuelto a cerrar ningún programa ni carpeta, pero como es algo que sucedía aleatoriamente no puedo todavía asegurar que el programa esté resuelto. Por otra parte, mi navegador sigue secuestrado por el any search. Les pego el reporte del fixlist. Muchas gracias.


Fix result of Farbar Recovery Scan Tool (x64) Version: 03.03.2019
Ran by Javier (07-03-2019 11:10:44) Run:1
Running from C:\Users\Javier\Desktop
Loaded Profiles: Javier (Available Profiles: Javier)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
START

CREATERESTOREPOINT:

CLOSEPROCESSES:

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)

HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)

HKU\S-1-5-21-461763866-4021664116-3522140865-1001\...\MountPoints2: {8026dd5a-ac13-11e7-9bdc-74c63b1bfee5} - "F:\HiSuiteDownLoader.exe"

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-461763866-4021664116-3522140865-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File

FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]

2019-03-06 12:05 - 2017-09-16 12:36 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

HOSTS:

REMOVEPROXY:

EMPTYTEMP:

CMD: netsh winsock reset

CMD: ipconfig /renew

CMD: ipconfig /flushdns

CMD: bitsadmin /reset /allusers

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
HKU\S-1-5-21-461763866-4021664116-3522140865-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8026dd5a-ac13-11e7-9bdc-74c63b1bfee5} => removed successfully
HKLM\Software\Classes\CLSID\{8026dd5a-ac13-11e7-9bdc-74c63b1bfee5} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-461763866-4021664116-3522140865-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => not found
C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => path removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-461763866-4021664116-3522140865-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-461763866-4021664116-3522140865-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Wi-Fi mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 5 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 6 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 16 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::c827:3085:1100:5c77%9
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.157
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

Adaptador de LAN inal mbrica Wi-Fi:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 5:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 6:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 16:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to connect to BITS - 0x8007043c
El servicio no puede iniciarse en modo a prueba de errores



========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 11296768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 153725855 B
Java, Flash, Steam htmlcache => 1154 B
Windows/system/drivers => 2823732 B
Edge => 4262355 B
Chrome => 149116791 B
Firefox => 29099192 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 9678 B
NetworkService => 0 B
Javier => 125924553 B

RecycleBin => 0 B
EmptyTemp: => 454.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:12:10 ====

JavierHF · 7 Marzo, 2019 17:43

Hola.

Entendido puedes seguir usando tu equipo para verificar si el problema del cierre de programas sigue correctamente o se reproduce.

Eso SI, de momento Por Favor, mientras estemos desinfectando/arreglando tu maquina :

No realices pasos/acciones que NOSOTROS no te hayamos indicado.

No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.

No instales NADA (programas/software/complementos/extensiones del navegador…)

No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…)

No realices por tu cuenta otros procedimientos.

Usa tu equipo EXCLUSIVAMENTE para desinfectarlo/arreglarlo siguiendo nuestras indicaciones.

En cuanto al problema de Chrome…una pregunta, tienes ese navegador con la opción de “Sincronizacion” activada.??

Revisalo siguiendo estos pasos :

Escribes en la barra de direcciones chrome://settings/syncSetup

Y comprueba/desactiva la opción “Sincronizar todo” y después de hacerlo :

Escribes en la barra de direcciones chrome://settings/resetProfileSettings y aceptas la opción de “Restablecer la configuración”.

Despues de hacerlo cierras el navegador lo vuelves a iniciar y compruebas el problema.

Nos comentas resultados.

Saludos.

Mago · 8 Marzo, 2019 04:52

Buenos días.

Pues he hecho esto último que dicen y a primera vista parece que el navegador vuelve a estar bien. Ya no me sale todo el montón de publicidad que me salía y hasta el momento no me ha redirigido. A ver qué pasa en los próximos días. ¿Vuelvo a conectar la opción que he desconectado? Tampoco, de momento, parece que se cierran los programas y carpetas.

Les estoy muy agradecido por su tiempo. ¿Tienen algún botón para donaciones?

Saludos.

Mago · 8 Marzo, 2019 09:51

Bueno, hay un problema que me había ocurrido esporádicamente pero que cada vez me está pasando más, y es que se me pone una pantalla azul diciendo que ha ocurrido un error y que necesita reiniciarse. El error es de “stop code” y “memory management”. No sé si esto estará relacionado con los otros problemas que me ocurrían. He pasado el solucionador de windows para la pantalla azul pero me dice que no encuentra ningún problema.

JavierHF · 8 Marzo, 2019 15:52

Hola.

De momento NO re-conectes la opción de “Sincronizar todo” de Chrome.

Esos problemas que indicas del pantallazo azul hemos intentado explicarlos por aquí ¿Cómo solucionar un error de “Pantallazo Azul”? (Error BSoD)

Suelen ser problemas bastante arduos de resolver y para intentar verificar ese tipo de problemas puedes seguir estos pasos Analizar Archivos MiniDump con BlueScreenView.

Cuando tengas el informe nos los pones en tu próxima respuesta y veremos si somos capaces de encontrar al culpable.

Saludos.

Mago · 9 Marzo, 2019 11:12

Aquí va el informe.

==================================================
Archivo de volcado: 030919-25453-01.dmp
Hora del fallo    : 09/03/2019 8:53:27
Cadena de comprobación de error: MEMORY_MANAGEMENT
Código de comprobación de error: 0x0000001a
Parámetro 1       : 00000000`00003453
Parámetro 2       : ffffcd87`e2fee300
Parámetro 3       : 00000000`00119600
Parámetro 4       : 00000000`00000003
Causado por controlador: ntoskrnl.exe
Causado por dirección: ntoskrnl.exe+1aa0c0
Descripción       : NT Kernel & System
Nombre            : Microsoft® Windows® Operating System
Companía          : Microsoft Corporation
Versión           : 10.0.17134.590 (WinBuild.160101.0800)
Procesador        : x64
Dirección de bloqueo: ntoskrnl.exe+1aa0c0
Dirección de pila 1: 
Dirección de pila 2: 
Dirección de la pila 3: 
Nombre del equipo : 
Ruta completa     : C:\WINDOWS\Minidump\030919-25453-01.dmp
Recuento de procesadores: 4
Versión principal : 15
Versión menor     : 17134
Tamaño del archivo de volcado: 881.588
Tiempo de archivo de volcado: 09/03/2019 8:56:50
==================================================

==================================================
Archivo de volcado: 030919-24640-01.dmp
Hora del fallo    : 09/03/2019 0:34:09
Cadena de comprobación de error: MEMORY_MANAGEMENT
Código de comprobación de error: 0x0000001a
Parámetro 1       : 00000000`00003453
Parámetro 2       : ffffdd8c`056be080
Parámetro 3       : 00000000`00041500
Parámetro 4       : 00000000`00000003
Causado por controlador: ntoskrnl.exe
Causado por dirección: ntoskrnl.exe+1aa0c0
Descripción       : NT Kernel & System
Nombre            : Microsoft® Windows® Operating System
Companía          : Microsoft Corporation
Versión           : 10.0.17134.590 (WinBuild.160101.0800)
Procesador        : x64
Dirección de bloqueo: ntoskrnl.exe+1aa0c0
Dirección de pila 1: 
Dirección de pila 2: 
Dirección de la pila 3: 
Nombre del equipo : 
Ruta completa     : C:\WINDOWS\Minidump\030919-24640-01.dmp
Recuento de procesadores: 4
Versión principal : 15
Versión menor     : 17134
Tamaño del archivo de volcado: 1.063.724
Tiempo de archivo de volcado: 09/03/2019 0:37:26
==================================================

==================================================
Archivo de volcado: 030819-23781-01.dmp
Hora del fallo    : 08/03/2019 18:00:26
Cadena de comprobación de error: MEMORY_MANAGEMENT
Código de comprobación de error: 0x0000001a
Parámetro 1       : 00000000`00003453
Parámetro 2       : ffffb004`e4fb12c0
Parámetro 3       : 00000000`0005a100
Parámetro 4       : 00000000`00000003
Causado por controlador: ntoskrnl.exe
Causado por dirección: ntoskrnl.exe+1aa0c0
Descripción       : NT Kernel & System
Nombre            : Microsoft® Windows® Operating System
Companía          : Microsoft Corporation
Versión           : 10.0.17134.590 (WinBuild.160101.0800)
Procesador        : x64
Dirección de bloqueo: ntoskrnl.exe+1aa0c0
Dirección de pila 1: 
Dirección de pila 2: 
Dirección de la pila 3: 
Nombre del equipo : 
Ruta completa     : C:\WINDOWS\Minidump\030819-23781-01.dmp
Recuento de procesadores: 4
Versión principal : 15
Versión menor     : 17134
Tamaño del archivo de volcado: 1.186.004
Tiempo de archivo de volcado: 08/03/2019 18:03:40
==================================================

JavierHF · 9 Marzo, 2019 12:13

Hola.

El informe que proporciona BlueScreenView NO es determinante o indica problemas en el Kernel(ntoskrnl) de Windows, lo que es lo mismo que NO decir nada.

De forma genérica el error de tipo “MEMORY_MANAGEMENT” con código “0x0000001a” puede hacer referencia a problemas con la memoria RAM, el disco duro o algún malware(que ya hemos comprobado) en nuestro equipo.

Vas a probar subiendo el archivo de error(C:\WINDOWS\Minidump\030919-25453-01.dmp) a un servicio web de análisis de archivos Analizar los Archivos Minidump en una pagina Web

Es probable que primero tengas que copiar ese archivo a TU escritorio para que te permita subirlo correctamente.

Cuando tengas el resultado del informe lo pones para ver si en este caso nos da mas ayuda.

Saludos.

Mago · 9 Marzo, 2019 19:54

Hola de nuevo.

Aquí va el informe. Saludos.


Instant Online Crash Analysis, brought to you by OSR Open Systems Resources, Inc.
Show DivPrimary Analysis
Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
Online Crash Dump Analysis Service
See http://www.osronline.com for more information
Windows 8 Kernel Version 17134 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 17134.1.amd64fre.rs4_release.180410-1804
Machine Name:
Kernel base = 0xfffff803`ebe12000 PsLoadedModuleList = 0xfffff803`ec1c0150
Debug session time: Sat Mar  9 09:47:39.416 2019 (UTC - 5:00)
System Uptime: 0 days 4:30:21.333
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000003453, The subtype of the bugcheck.
Arg2: ffffb507782dd080
Arg3: 00000000000ac920
Arg4: 0000000000000003

Debugging Details:
------------------

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

BUGCHECK_STR:  0x1a_3453

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

PROCESS_NAME:  explorer.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff803ec00a29c to fffff803ebfbc0c0

STACK_TEXT:  
ffff9c8c`2a492618 fffff803`ec00a29c : 00000000`0000001a 00000000`00003453 ffffb507`782dd080 00000000`000ac920 : nt!KeBugCheckEx
ffff9c8c`2a492620 fffff803`ec382e8f : ffffb507`782dd080 00000000`00000000 ffffb507`782dd358 ffffb507`782dd640 : nt!MiDeleteFinalPageTables+0xfd358
ffff9c8c`2a4926d0 fffff803`ebf0abcf : ffffb507`782dd080 ffffb507`782dd358 ffffb507`77501080 ffffb507`6e497350 : nt!MmDeleteProcessAddressSpace+0x5f
ffff9c8c`2a492720 fffff803`ec310c00 : ffffb507`77501080 ffffb507`782dd050 ffffb507`782dd358 00000000`00000000 : nt!PspProcessDelete+0x13f
ffff9c8c`2a4927b0 fffff803`ebea70a6 : 00000000`00000000 00000000`00000000 ffffb507`782dd358 ffffb507`782dd080 : nt!ObpRemoveObjectRoutine+0x80
ffff9c8c`2a492810 fffff803`ec382512 : 00000000`00000000 ffffb507`75843da8 ffffb507`75843da8 ffffb507`75843da8 : nt!ObfDereferenceObjectWithTag+0xc6
ffff9c8c`2a492850 fffff803`ec310c00 : ffff9c8c`2a4929f8 ffffb507`758436d0 00000000`00000000 fffff803`ebe888d6 : nt!PspThreadDelete+0x1d2
ffff9c8c`2a4928c0 fffff803`ebea70a6 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffb507`75843700 : nt!ObpRemoveObjectRoutine+0x80
ffff9c8c`2a492920 fffff803`ec3065d9 : 00000000`00000000 ffffb507`6faa3310 ffffde04`6e902c80 ffffde04`6e902c80 : nt!ObfDereferenceObjectWithTag+0xc6
ffff9c8c`2a492960 fffff803`ec30df1d : 00000000`00000001 00007ff8`00000000 ffff9c8c`00000001 ffff9c8c`2a492b00 : nt!ObCloseHandleTableEntry+0x259
ffff9c8c`2a492aa0 fffff803`ebfcc743 : ffffb507`77501080 00000000`00000000 ffffb507`77501080 ffff9c8c`2a492b80 : nt!NtClose+0xcd
ffff9c8c`2a492b00 00007ff8`b123ab84 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000ef`a767f2a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7ff8`b123ab84


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!MiDeleteFinalPageTables+fd358
fffff803`ec00a29c cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!MiDeleteFinalPageTables+fd358

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  5c5a45ab

IMAGE_NAME:  memory_corruption

FAILURE_BUCKET_ID:  X64_0x1a_3453_nt!MiDeleteFinalPageTables+fd358

BUCKET_ID:  X64_0x1a_3453_nt!MiDeleteFinalPageTables+fd358

Followup: MachineOwner
---------

JavierHF · 10 Marzo, 2019 01:21

Pues pasemos a verificar como tienes el disco duro de tu equipo, para hacerlo sigue el 3er. MÉTODO: descrito en esta Faq de ayuda ¿Cómo usar CHKDSK para realizar una comprobación del disco?, que es válida también para un Windows 10.

Una vez terminado el proceso, que puede/debe durar bastante rato, debes poner el informe que se habrá guardado por parte de Windows y que tienes que encontrar siguiendo estos pasos ¿Cuándo y cómo usar el visor de eventos (eventvwr.msc)?

Fíjate bien en como es el informe que viene en ese tema, para que busques algo similar y NO pongas cualquier otra cosa.

Nos pones el informe y comentas como sigue el problema del equipo.

Saludos.