Memoria RAM al 100%, cuando no hay nada abierto

Buenas, tengo este problema desde hoy en una de las PC del trabajo.

Hoy cuando la encendí, la PC me andaba muy lento: todo demoraba para abrir y había lucho lag. Cuando abrí el adm de tareas, vi esto:

Tuve que tomar la foto desde mi teléfono sin captura de pantalla porque la PC esta imposible, no se puede hacer nada.

No se que hacer, gracias de antemano por la respuesta.

Hola @Brayand_Chacaltana

Danos mas datos.

1.- Portátil o Sobremesa?

2.- Marca y Modelo de tu equipo?

3.- Sistema Operativo - Versión?


Para descartar que sea infección realiza los pasos que te dejo mas abajo, pero en Modo Seguro con Red.

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad. No es necesario en Modo Seguro

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos:

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.

  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

  • Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Personalizado marcando todas las unidades
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: ¿Como Pegar reportes en el Foro?

Nos comentas.

Salu2.

Buenas @SanMar, perdon por la demora en la respuesta, el analisis sobre todo de Malwarebytes Antimalware tomó la vida en completarse jajajaja!

Es un portátil, Sony Vaio, y tiene Windows 7 Ultimate.

Dejo los reportes solicitados:

ADWCLEANER

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-11-2019
# Duration: 00:00:01
# OS:       Windows 7 Ultimate
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted       C:\Users\Dolly\Downloads\DriverToolkitInstaller.exe

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1311 octets] - [11/07/2019 18:04:19]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

ZHPCLEANER

~ ZHPCleaner v2019.7.11.96 by Nicolas Coolman (2019/07/11)
~ Run by Dolly (Administrator)  (11/07/2019 17:57:44)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparar
~ Report : C:\Users\Dolly\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Dolly\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)

---\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados. (ADS)

---\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados. (Servicio)

---\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados. (Navegador)

---\  Hosts carpeta (1)
~ El archivo hosts es legítimo (1)

---\  Tareas automáticas programadas. (1)
BORRADOS tareas: [DriverToolkit Autorun] [C:\Windows\Tasks\DriverToolkit Autorun.job (Not File) ]  =>.SUP.DriverToolkit

---\  Explorador ( Archivos, Carpetas ) (17)
MOVIDO carpeta: C:\Users\Public\Desktop\DriverToolkit.lnk  [Bad : C:\Program Files\DriverToolkit\DriverToolkit.exe](.Megaify Software Co., Ltd..)  =>.SUP.DriverToolkit
MOVIDO carpeta: C:\Windows\Tasks\DriverToolkit Autorun.job    =>.SUP.DriverToolkit
MOVIDO carpeta: C:\Windows\Installer\wix{C74DCAC0-DDB3-4135-A70C-0553BF9490BC}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVIDO carpeta: C:\Users\Dolly\AppData\Local\Temp\CVR11BF.tmp.cvr    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Dolly\AppData\Local\Temp\CVR19F5.tmp.cvr    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Dolly\AppData\Local\Temp\CVR77ED.tmp.cvr    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Dolly\AppData\Local\Temp\CVRAA52.tmp.cvr    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Dolly\AppData\Local\Temp\CVRDD76.tmp.cvr    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Dolly\AppData\Local\Temp\CVREE92.tmp.cvr    =>.SUP.Temporary.Empty
MOVIDO carpeta: C:\Users\Dolly\AppData\Local\Temp\~DF01DD682397F75EBE.TMP    =>.SUP.Temporary.Other
MOVIDO carpeta: C:\Users\Dolly\AppData\Local\Temp\~DF4077F7360E35F71C.TMP    =>.SUP.Temporary.Other
MOVIDO archivo: C:\Program Files\DriverToolkit  =>.SUP.DriverToolkit
MOVIDO archivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit  =>.SUP.DriverToolkit
MOVIDO archivo: C:\Users\Dolly\AppData\Local\DriverToolkit  =>.SUP.DriverToolkit
MOVIDO archivo: C:\Users\Dolly\AppData\LocalLow\EmieBrowserModeList  =>.SUP.Empty
MOVIDO archivo: C:\Users\Dolly\AppData\LocalLow\EmieSiteList  =>.SUP.Empty
MOVIDO archivo: C:\Users\Dolly\AppData\LocalLow\EmieUserList  =>.SUP.Empty

---\  Registro ( Claves, Valores, Datos) (97)
BORRADOS clave*: HKEY_USERS\S-1-5-21-1986104296-3163790973-3246301206-1000\SOFTWARE\DriverToolkit []  =>.SUP.DriverToolkit
BORRADOS clave**: HKCU\Software\DriverToolkit []  =>.SUP.DriverToolkit
BORRADOS clave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1 [Megaify Software]  =>.SUP.Megaify
BORRADOS clave*: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverToolkit Autorun []  =>.SUP.DriverToolkit
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Windows Media Player\wmplayer.exe [Reproductor de Windows Media]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\program files\winamp\winamp.exe [Winamp]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\VideoLAN\VLC\vlc.exe [VLC media player]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Google\Chrome\Application\chrome.exe [Google Chrome]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe [Adobe Reader ]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Internet Explorer\iexplore.exe [Internet Explorer]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\iTunes\iTunes.exe [iTunes]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\IrfanView\i_view32.exe [IrfanView 32-bit]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\PROGRA~1\MICROS~2\Office14\OIS.EXE [Microsoft Office 2010]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Windows Photo Viewer\PhotoViewer.dll [Visualizador de fotos de Windows]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe [Microsoft Visual Studio Version Selector]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Microsoft Office\Office14\WINWORD.EXE [Microsoft Word]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Windows NT\Accessories\WORDPAD.EXE [WordPad]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Dolly\Downloads\avg_free_stb_all_2015_5315_ppc1 (1).exe [AVG Setup Self-Extractor based on 7-Zip]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Dolly\Downloads\aimp_4.51.2084.exe [AIMP Setup]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Dolly\Downloads\A2DVID-00252643-0041.EXE [A2DVID-00252643-0041]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe [MPC-HC]  =>.SUP.Orphan.MUICache
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG2015\Antispam\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG2015\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG2015\log\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG2015\IDS\config\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG2015\IDS\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG2015\avi\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG2015\Cfg\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG2015\lsdb\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG2015\lsdb\prev\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG2015\Chjw\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG2015\admincli\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\Content\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\Notification\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\myapps\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\$AVG\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\$AVG\$VAULT\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\$AVG\$CHJW\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG2015\DB\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\3rd_party\licenses\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\3rd_party\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\Drivers\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\Drivers\Win8\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\html\reportcard\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\html\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\banners\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\driverupdate\component\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\driverupdate\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\familysafety\component\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\familysafety\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\firewallicon\component\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\firewallicon\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\livekive\component\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\livekive\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\mobile\component\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\mobile\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\mobile-ps\component\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\mobile-ps\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\multiscreen-pd\component\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\multiscreen-pd\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\multiscreen-tr\component\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\multiscreen-tr\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\pct.an\component\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\pct.an\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\pct.ok\component\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\pct.ok\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\sounds\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\tablet\component\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\tablet\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\tablet-ps\component\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\tablet-ps\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\techbuddy\component\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\awacs\techbuddy\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\AVG2015\Tuneup\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\Framework\Common\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\Framework\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\Framework\1\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG\log\fmw1\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\AVG\log\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\Zen\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\Avg\log\zen1\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\Avg\Diag\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\Zen\3rd_party\licenses\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AVG\Zen\3rd_party\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Bluetooth Suite\help_normal\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Bluetooth Suite\help_fujisu\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Bluetooth Suite\Modules\HID\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Sony\Vegas Pro 11.0\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Sony\Vegas Pro 11.0\FileIO Plug-Ins\ac3plug\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Sony\Vegas Pro 11.0\FileIO Plug-Ins\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Sony\Vegas Pro 11.0\FileIO Plug-Ins\ac3plug\ac3market\ [No Folder]  =>.SUP.Obsolete.NoFolder
BORRADOS valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Sony\Vegas Pro 11.0\External Control Drivers\ [No Folder]  =>.SUP.Obsolete.NoFolder

---\  Resumen de elementos en su estación de trabajo (7)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.DriverToolkit
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Other
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Megaify
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Orphan.MUICache
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Obsolete.NoFolder

---\ Limpieza adicional. (5)
~ Clave de registro Tracing borrados (3)
~ Quitar los antiguos informes de ZHPCleaner. (2)

---\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ falta este navegador! (Mozilla Firefox)
~ falta este navegador! (Opera Software)

---\ STATISTIQUES
~ Items escaneado : 557
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 12/12
~ Ahorro de espacio (bytes) : 32768
~ End of clean in 00h00mn26s

---\  Reporte (2)
ZHPCleaner-[S]-11072019-17_56_54.txt
ZHPCleaner-[R]-11072019-17_58_10.txt

MALWAREBYTES ANTIMALWARE

   Malwarebytes
    www.malwarebytes.com
    -Detalles del registro-
    Fecha del análisis: 12/7/19
    Hora del análisis: 2:54
    Archivo de registro: 41ef0c90-a47a-11e9-81c4-f0bf97901a8d.json

    -Información del software-
    Versión: 3.8.3.2965
    Versión de los componentes: 1.0.613
    Versión del paquete de actualización: 1.0.11502
    Licencia: Prueba

    -Información del sistema-
    SO: Windows 7 Service Pack 1
    CPU: x86
    Sistema de archivos: NTFS
    Usuario: System

    -Resumen del análisis-
    Tipo de análisis: Análisis de amenazas
    Análisis iniciado por:: Programador de tareas
    Resultado: Completado
    Objetos analizados: 189485
    Amenazas detectadas: 4
    Amenazas en cuarentena: 4
    Tiempo transcurrido: 9 min, 4 seg

    -Opciones de análisis-
    Memoria: Activado
    Inicio: Activado
    Sistema de archivos: Activado
    Archivo: Activado
    Rootkits: Desactivado
    Heurística: Activado
    PUP: Detectar
    PUM: Detectar

    -Detalles del análisis-
    Proceso: 0
    (No hay elementos maliciosos detectados)

    Módulo: 0
    (No hay elementos maliciosos detectados)

    Clave del registro: 1
    PUP.Optional.DriverToolkit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1F0D7256-97D7-4CF3-B39E-8E9624B2B415}, En cuarentena, [1024], [559429],1.0.11502

    Valor del registro: 1
    PUP.Optional.DriverToolkit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1F0D7256-97D7-4CF3-B39E-8E9624B2B415}|PATH, En cuarentena, [1024], [559429],1.0.11502

    Datos del registro: 0
    (No hay elementos maliciosos detectados)

    Secuencia de datos: 0
    (No hay elementos maliciosos detectados)

    Carpeta: 0
    (No hay elementos maliciosos detectados)

    Archivo: 2
    PUP.Optional.DriverToolkit, C:\USERS\DOLLY\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\DRIVERTOOLKIT\DRIVERTOOLKIT.EXE, En cuarentena, [1024], [512879],1.0.11502
    PUP.Optional.InstallCore, C:\USERS\DOLLY\DOWNLOADS\BLUETOOTHDRIVERINSTALLER_0108278239.EXE, En cuarentena, [446], [579700],1.0.11502

    Sector físico: 0
    (No hay elementos maliciosos detectados)

    WMI: 0
    (No hay elementos maliciosos detectados)

    (end)

Hola @Brayand_Chacaltana

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

Buenas @SanMar, te dejo los reportes solicitados:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2019
Ran by Dolly (administrator) on MASTERVAIO (Sony Corporation VPCYB35AL) (14-07-2019 13:27:23)
Running from C:\Users\Dolly\Downloads
Loaded Profiles: Dolly &  (Available Profiles: Dolly)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.) [File not signed]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1873192 2011-01-17] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Run: [BtTray] => C:\Program Files\Bluetooth Suite\BtTray.exe [851584 2014-09-18] (Qualcomm Atheros -> Qualcomm Atheros) [File not signed]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [232840 2019-07-12] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [123520 2014-09-18] (Qualcomm Atheros -> Atheros Communications) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\...\Run: [strdat] => C:\Windows\system32\cmd.exe /c start C:\streamer\streamer.exe /AutoIt3ExecuteScript  "C:\streamer\stream.txt" & exit
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\...\Run: [flaterem] => C:\streamer\streamer.exe [862216 2017-12-08] (Alfredo Anibal Santos Silva -> Carifred)
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16664352 2019-06-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\...\MountPoints2: {46776bba-8639-11e9-ab88-60d819ede91f} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\...\MountPoints2: {5a752ef6-7757-11e9-a592-60d819ede91f} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\Run: [strdat] => C:\Windows\system32\cmd.exe /c start C:\streamer\streamer.exe /AutoIt3ExecuteScript  "C:\streamer\stream.txt" & exit
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\Run: [flaterem] => C:\streamer\streamer.exe [862216 2017-12-08] (Alfredo Anibal Santos Silva -> Carifred)
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16664352 2019-06-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\MountPoints2: {46776bba-8639-11e9-ab88-60d819ede91f} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\MountPoints2: {5a752ef6-7757-11e9-a592-60d819ede91f} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\system32\huffyuv.dll [39936 2004-05-18] (Disappearing Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\system32\lameACM.acm [473088 2015-02-25] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-21] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files\CyberLink\YouCam\CLCredProv\x86\CLCredProv.dll [2011-09-09] (CyberLink -> CyberLink)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-09-18] (Qualcomm Atheros -> Qualcomm Atheros) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files\CyberLink\YouCam\CLCredProv\x86\CLCredProv.dll [2011-09-09] (CyberLink -> CyberLink)
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-09-18] (Qualcomm Atheros -> Qualcomm Atheros) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B44FD86-D8BE-4551-A858-F2B0BF732BB7} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {0E6FE292-9936-494C-9925-C7A8CDEDC6D4} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1722880 2019-06-25] () [File not signed]
Task: {2163EBA2-87B1-4D0D-AB6F-569A5AA36894} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-07-09] (Google Inc -> Google Inc.)
Task: {294B02A3-0105-4B69-AEAA-9D1BEE7A2A97} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16664352 2019-06-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {85454358-F211-4B74-80D1-8375C55166DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-07-09] (Google Inc -> Google Inc.)
Task: {B93C6B93-AE94-494A-8803-EF38A499530D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3228552 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {BBB0B46D-9B5B-44F6-BA76-D735D86CC1B5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1913648 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {C01ED511-B991-4CE8-8825-E78D98089B7A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [192704 2014-03-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Dolly\Downloads\adwcleaner_7.3.exe
Task: C:\Windows\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{DF7D4A36-592C-4B74-804D-C443FA2C7DE3}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-pe/?ocid=iehp
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-pe/?ocid=iehp
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-16] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-16] (Google Inc -> Google LLC)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) [File not signed]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com.pe/"
CHR Profile: C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default [2019-07-14]
CHR Extension: (Presentaciones) - C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-24]
CHR Extension: (Documentos) - C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-24]
CHR Extension: (Google Drive) - C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-15]
CHR Extension: (YouTube) - C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-05]
CHR Extension: (Búsqueda de Google) - C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-09]
CHR Extension: (Hojas de cálculo) - C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-05]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-20]
CHR Extension: (Avast Online Security) - C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-12]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-05]
CHR Extension: (Gmail) - C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-02]
CHR Extension: (Chrome Media Router) - C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [176128 2011-06-20] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [294400 2011-05-24] (Advanced Micro Devices, Inc.) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5551168 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
S2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [272000 2014-09-18] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [365048 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5394136 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-03-01] (Microsoft Windows -> Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdiox86; C:\Windows\System32\DRIVERS\amdiox86.sys [37944 2010-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [7800832 2011-06-20] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [245760 2011-06-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [34696 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [174472 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225816 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [171216 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [56504 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
S1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [214944 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40904 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [140080 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101192 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [73008 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783232 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [403952 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [167576 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [312968 2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [77952 2014-09-18] (Qualcomm Atheros -> Qualcomm Atheros)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [1096704 2009-10-09] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [100880 2011-06-20] (ATI Technologies, Inc -> Advanced Micro Devices)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [292992 2014-09-18] (Qualcomm Atheros -> Qualcomm Atheros)
S3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [96896 2014-09-18] (Qualcomm Atheros -> Qualcomm Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [25728 2014-09-18] (Qualcomm Atheros -> Qualcomm Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [156288 2014-09-18] (Qualcomm Atheros -> Qualcomm Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [64640 2014-09-18] (Qualcomm Atheros -> Qualcomm Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [117888 2014-09-18] (Qualcomm Atheros -> Qualcomm Atheros)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128552 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [50688 2009-07-13] (Microsoft Windows -> Atheros Communications, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [173512 2019-07-14] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [190624 2019-07-14] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [64296 2019-07-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [241760 2019-07-14] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [86768 2019-07-14] (Malwarebytes Corporation -> Malwarebytes)
R3 SFEP; C:\Windows\System32\DRIVERS\SFEP.sys [9344 2007-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Sony Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2018-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-14 13:27 - 2019-07-14 13:29 - 000022656 _____ C:\Users\Dolly\Downloads\FRST.txt
2019-07-14 13:27 - 2019-07-14 13:27 - 000000000 ____D C:\FRST
2019-07-14 13:26 - 2019-07-14 13:26 - 001446912 _____ (Farbar) C:\Users\Dolly\Downloads\FRST.exe
2019-07-14 13:08 - 2019-07-14 13:08 - 000190624 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-07-14 13:08 - 2019-07-14 13:08 - 000086768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-07-14 13:08 - 2019-07-14 13:08 - 000064296 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-07-14 13:07 - 2019-07-14 13:20 - 000241760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-07-14 13:07 - 2019-07-14 13:07 - 000000000 ___RD C:\Users\Dolly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2019-07-12 17:10 - 2019-07-12 17:10 - 000000000 ____D C:\Users\Dolly\AppData\Roaming\AVAST Software
2019-07-12 17:09 - 2019-07-12 17:09 - 000002012 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-07-12 17:09 - 2019-07-12 17:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-07-12 16:41 - 2019-07-11 17:24 - 000312200 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-07-12 16:07 - 2019-07-12 16:07 - 000002089 _____ C:\Users\Dolly\Desktop\reporte malware.txt
2019-07-11 18:08 - 2019-07-14 13:20 - 000153756 _____ C:\Windows\ntbtlog.txt
2019-07-11 18:07 - 2019-07-11 18:07 - 000000284 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2019-07-11 18:03 - 2019-07-11 18:07 - 000000000 ____D C:\AdwCleaner
2019-07-11 18:01 - 2019-07-11 18:02 - 000020322 _____ C:\Users\Dolly\Desktop\ZHPCleaner.txt
2019-07-11 17:58 - 2019-07-11 17:58 - 000020333 _____ C:\Users\Dolly\Desktop\ZHPCleaner (R).txt
2019-07-11 17:56 - 2019-07-11 17:56 - 000021827 _____ C:\Users\Dolly\Desktop\ZHPCleaner (S).txt
2019-07-11 17:28 - 2019-07-11 17:28 - 000000801 _____ C:\Users\Dolly\Desktop\ZHPCleaner.lnk
2019-07-11 17:24 - 2019-07-11 17:24 - 000783232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-07-11 17:24 - 2019-07-11 17:24 - 000403952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-07-11 17:24 - 2019-07-11 17:24 - 000312968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-07-11 17:24 - 2019-07-11 17:24 - 000225816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-07-11 17:24 - 2019-07-11 17:24 - 000214944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-07-11 17:24 - 2019-07-11 17:24 - 000174472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-07-11 17:24 - 2019-07-11 17:24 - 000171216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-07-11 17:24 - 2019-07-11 17:24 - 000167576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-07-11 17:24 - 2019-07-11 17:24 - 000140080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-07-11 17:24 - 2019-07-11 17:24 - 000101192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-07-11 17:24 - 2019-07-11 17:24 - 000073008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-07-11 17:24 - 2019-07-11 17:24 - 000056504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-07-11 17:24 - 2019-07-11 17:24 - 000040904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-07-11 17:24 - 2019-07-11 17:24 - 000034696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-07-11 17:24 - 2019-07-11 17:24 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-07-11 17:22 - 2019-07-11 17:22 - 000000000 ____D C:\Program Files\AVAST Software
2019-07-11 17:21 - 2019-07-11 17:24 - 000000000 ____D C:\ProgramData\AVAST Software
2019-07-11 17:21 - 2019-07-11 17:21 - 000000978 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-07-11 17:21 - 2019-07-11 17:21 - 000000300 ____H C:\Windows\Tasks\CCleaner Update.job
2019-07-11 17:20 - 2019-07-14 13:20 - 000173512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-07-11 17:20 - 2019-07-11 17:20 - 000002033 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-11 17:20 - 2019-07-11 17:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-11 17:19 - 2019-07-11 17:19 - 020638704 _____ (Piriform Software Ltd) C:\Users\Dolly\Downloads\ccsetup558.exe
2019-07-11 17:19 - 2019-07-11 17:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-11 17:19 - 2019-01-08 16:32 - 000128552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-07-11 17:18 - 2019-07-11 17:18 - 007025360 _____ (Malwarebytes) C:\Users\Dolly\Downloads\adwcleaner_7.3.exe
2019-07-11 17:18 - 2019-07-11 17:18 - 003140992 _____ (Nicolas Coolman) C:\Users\Dolly\Downloads\ZHPCleaner.exe
2019-07-11 17:17 - 2019-07-11 17:18 - 064525528 _____ (Malwarebytes ) C:\Users\Dolly\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11502.exe
2019-07-11 17:08 - 2019-07-11 17:08 - 000007606 _____ C:\Users\Dolly\AppData\Local\Resmon.ResmonCfg
2019-07-03 21:04 - 2014-05-14 11:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-07-03 21:04 - 2014-05-14 11:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2019-07-03 21:04 - 2014-05-14 11:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2019-07-03 21:04 - 2014-05-14 11:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-07-03 21:04 - 2014-05-14 11:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2019-07-03 21:04 - 2014-05-14 11:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2019-07-03 21:04 - 2014-05-14 11:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2019-07-03 21:03 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2019-07-03 21:03 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2019-07-02 00:05 - 2019-07-02 00:05 - 000000000 ____D C:\Users\Dolly\Tracing
2019-07-01 23:44 - 2019-07-01 23:44 - 000000000 ____D C:\Windows\es
2019-07-01 23:44 - 2014-03-31 21:36 - 000049856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2019-07-01 23:43 - 2019-07-01 23:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2019-07-01 23:43 - 2019-07-01 23:43 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2019-07-01 23:43 - 2019-07-01 23:43 - 000001413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2019-07-01 23:43 - 2019-07-01 23:43 - 000001329 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2019-07-01 23:43 - 2019-07-01 23:43 - 000001260 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2019-07-01 23:41 - 2019-07-01 23:44 - 000000000 ____D C:\Program Files\Windows Live
2019-07-01 23:41 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2019-07-01 23:41 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2019-07-01 23:41 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2019-07-01 23:41 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2019-07-01 23:39 - 2019-07-01 23:39 - 000002220 _____ C:\Users\Dolly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2019-07-01 23:39 - 2019-07-01 23:39 - 000002103 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2019-07-01 23:39 - 2019-07-01 23:39 - 000000000 ___RD C:\Users\Dolly\OneDrive
2019-07-01 23:39 - 2019-07-01 23:39 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2019-07-01 23:38 - 2019-07-01 23:38 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-07-01 23:37 - 2019-07-02 00:05 - 000000000 ____D C:\Users\Dolly\AppData\Local\Windows Live
2019-07-01 23:37 - 2019-07-01 23:37 - 000000000 ____D C:\Program Files\Common Files\Windows Live
2019-07-01 23:17 - 2019-07-01 23:19 - 139189424 _____ (Microsoft Corporation) C:\Users\Dolly\Downloads\Windows Essentials 2012.exe
2019-07-01 21:34 - 2019-07-11 17:29 - 000000000 ____D C:\Users\Dolly\Desktop\123
2019-07-01 21:34 - 2019-07-01 21:34 - 000000000 ____D C:\Users\Dolly\AppData\Roaming\Publish Providers
2019-07-01 21:27 - 2019-07-02 17:39 - 000000000 ____D C:\Users\Dolly\AppData\Local\Sony
2019-07-01 21:27 - 2019-07-02 17:39 - 000000000 ____D C:\Program Files\Sony
2019-07-01 21:27 - 2019-07-01 21:27 - 000000000 ____D C:\ProgramData\Sony
2019-07-01 21:25 - 2019-07-01 21:58 - 000000000 ____D C:\Users\Dolly\AppData\Roaming\Sony
2019-07-01 21:22 - 2019-07-01 21:24 - 208755954 _____ C:\Users\Dolly\Downloads\Sony Vegas Pro v11.0 Build 700 Final x86.rar
2019-06-26 17:58 - 2019-07-11 17:25 - 000000000 ____D C:\Users\Dolly\AppData\Roaming\MPC-HC
2019-06-26 17:57 - 2019-06-26 17:57 - 000000000 ____D C:\Windows\system32\directx
2019-06-26 17:57 - 2019-06-26 17:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2019-06-26 17:57 - 2019-06-26 17:57 - 000000000 ____D C:\Program Files\K-Lite Codec Pack
2019-06-26 17:57 - 2018-01-28 04:00 - 000694784 _____ C:\Windows\system32\xvidcore.dll
2019-06-26 17:57 - 2018-01-28 04:00 - 000284672 _____ C:\Windows\system32\xvidvfw.dll
2019-06-26 17:57 - 2017-07-30 05:50 - 003850240 _____ (x264vfw project) C:\Windows\system32\x264vfw.dll
2019-06-26 17:57 - 2015-10-24 11:00 - 000112128 _____ C:\Windows\system32\ff_vfw.dll
2019-06-26 17:57 - 2015-02-25 11:27 - 000473088 _____ (hxxp://www.mp3dev.org/) C:\Windows\system32\lameACM.acm
2019-06-26 17:57 - 2012-07-21 05:54 - 000122880 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2019-06-26 17:57 - 2012-05-21 16:48 - 000000415 _____ C:\Windows\system32\lame_acm.xml
2019-06-26 17:57 - 2011-12-07 12:32 - 000216064 _____ ( ) C:\Windows\system32\lagarith.dll
2019-06-26 17:57 - 2004-05-18 13:16 - 000039936 _____ (Disappearing Inc.) C:\Windows\system32\huffyuv.dll
2019-06-26 17:53 - 2019-06-26 17:54 - 059789295 _____ (KLCP ) C:\Users\Dolly\Downloads\K-Lite_Codec_Pack_1500_Mega.exe
2019-06-26 17:50 - 2019-06-26 19:00 - 000000000 ____D C:\Users\Dolly\Desktop\CASO EL PINTOR
2019-06-19 18:11 - 2019-06-19 18:11 - 001931730 _____ C:\Users\Dolly\Downloads\48591642-Litigacion-Penal-y-Juicio-Oral.pdf
2019-06-19 18:11 - 2019-06-19 18:11 - 000000000 ____D C:\Users\Dolly\AppData\Roaming\Google

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-14 13:06 - 2009-07-13 23:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-12 18:04 - 2009-07-13 23:34 - 000016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-07-12 18:04 - 2009-07-13 23:34 - 000016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-07-12 17:10 - 2011-04-11 20:30 - 000747230 _____ C:\Windows\system32\perfh00A.dat
2019-07-12 17:10 - 2011-04-11 20:30 - 000158670 _____ C:\Windows\system32\perfc00A.dat
2019-07-12 17:10 - 2010-11-20 16:01 - 001675926 _____ C:\Windows\system32\PerfStringBackup.INI
2019-07-12 17:10 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\inf
2019-07-12 16:46 - 2019-06-11 18:49 - 000000000 _RSHD C:\streamer
2019-07-11 17:58 - 2019-04-23 15:47 - 000000000 ____D C:\Users\Dolly\AppData\Roaming\ZHP
2019-07-11 17:21 - 2015-07-09 22:48 - 000000000 ____D C:\Program Files\CCleaner
2019-07-11 17:06 - 2019-06-11 18:49 - 000000000 _RSHD C:\streamerdata
2019-07-09 12:15 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\rescache
2019-07-02 00:05 - 2015-07-09 19:52 - 000000000 ____D C:\Users\Dolly
2019-07-01 23:43 - 2015-07-09 22:09 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2019-07-01 23:41 - 2009-07-13 21:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-07-01 21:58 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\LiveKernelReports
2019-07-01 16:26 - 2019-05-06 09:11 - 000000000 ____D C:\Users\Dolly\AppData\Local\ElevatedDiagnostics
2019-06-28 15:53 - 2009-07-13 23:53 - 000032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-06-26 20:57 - 2019-03-12 16:01 - 000000000 ____D C:\Users\Dolly\AppData\Roaming\AIMP
2019-06-26 18:43 - 2015-07-09 22:50 - 000000000 ____D C:\Users\Dolly\AppData\Roaming\vlc
2019-06-21 16:41 - 2015-07-09 20:45 - 000002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories ================

2019-07-11 17:08 - 2019-07-11 17:08 - 000007606 _____ () C:\Users\Dolly\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-07-03 10:12
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-07-2019
Ran by Dolly (14-07-2019 13:30:00)
Running from C:\Users\Dolly\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2015-07-10 00:52:17)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1986104296-3163790973-3246301206-500 - Administrator - Disabled)
Dolly (S-1-5-21-1986104296-3163790973-3246301206-1000 - Administrator - Enabled) => C:\Users\Dolly
HomeGroupUser$ (S-1-5-21-1986104296-3163790973-3246301206-1002 - Limited - Enabled)
Invitado (S-1-5-21-1986104296-3163790973-3246301206-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.265 - Adobe Systems Incorporated)
Adobe Reader XI  MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AIMP (HKLM\...\AIMP) (Version: v4.51.2084, 01.12.2018 - AIMP DevTeam)
Apple Application Support (32 bits) (HKLM\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{ABDE67C4-5876-4CDB-82A9-0CBACECC1C4A}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{9F8E6025-423A-2A9F-3951-71E9BE2A85E7}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
BS FAG version 3.0 (HKLM\...\{1859C22D-2DA3-4A45-8659-D5124FB9FF88}_is1) (Version: 3.0 - Broto Suseno)
calibre (HKLM\...\{ED468F84-6B55-4FFD-A0C2-3C2064696A88}) (Version: 3.40.1 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.58 - Piriform)
CyberLink YouCam 5 (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
Galería de fotos (HKLM\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
IrfanView 4.51 (32-bit) (HKLM\...\IrfanView) (Version: 4.51 - Irfan Skiljan)
iTunes (HKLM\...\{869A9D9A-54D2-43E6-BB88-201902C9210E}) (Version: 12.9.3.3 - Apple Inc.)
Java 8 Update 211 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 15.0.0 (32-bit) (HKLM\...\KLiteCodecPack_is1) (Version: 15.0.0 - KLCP)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0C0A-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPRO) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM\...\Office14.VISIO) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (HKLM\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Qualcomm Atheros 61x4 Bluetooth Suite (HKLM\...\{6B576143-BBF3-4F47-AC1E-6D37835D39E5}) (Version: 4.0.0.400 - Qualcomm Atheros Communications)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.9.0 - Synaptics Incorporated)
Ultra MPEG-4 Converter 5.2.0603 (HKLM\...\Ultra MPEG-4 Converter_is1) (Version:  - Aone Software)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WMPKeys (HKLM\...\{5D4B3647-9842-4875-B081-EF8D98C02865}) (Version: 1.2.0.0 - lazymf and kbept)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554_Classes\CLSID\{9B61F641-7794-4322-BF6A-E45EFD6C8D7C}\InprocServer32 -> C:\Program Files\WMPKeys\wmpkeys.dll (lazymf and kbept) [File not signed]
CustomCLSID: HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Dolly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Dolly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Dolly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Dolly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Dolly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1986104296-3163790973-3246301206-1000_Classes\CLSID\{9B61F641-7794-4322-BF6A-E45EFD6C8D7C}\InprocServer32 -> C:\Program Files\WMPKeys\wmpkeys.dll (lazymf and kbept) [File not signed]
CustomCLSID: HKU\S-1-5-21-1986104296-3163790973-3246301206-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Dolly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1986104296-3163790973-3246301206-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Dolly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1986104296-3163790973-3246301206-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Dolly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1986104296-3163790973-3246301206-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Dolly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1986104296-3163790973-3246301206-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Dolly\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP\System\aimp_menu32.dll [2019-03-12] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files\Bluetooth Suite\BtvAppExt.dll [2014-09-18] (Qualcomm Atheros -> Qualcomm Atheros) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files\Bluetooth Suite\ShellContextExt.dll [2014-09-18] (Qualcomm Atheros -> Qualcomm Atheros) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP\System\aimp_menu32.dll [2019-03-12] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2011-05-24] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-11] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-09-18 21:21 - 2014-09-18 21:21 - 000027776 _____ (Qualcomm Atheros -> Qualcomm Atheros) [File not signed] C:\Program Files\Bluetooth Suite\CommApi.dll
2014-09-18 21:21 - 2014-09-18 21:21 - 000170112 _____ (Qualcomm Atheros -> Qualcomm Atheros) [File not signed] C:\Program Files\Bluetooth Suite\FolderViewImpl.dll
2014-09-18 21:21 - 2014-09-18 21:21 - 000028800 _____ (Qualcomm Atheros -> Qualcomm Atheros) [File not signed] C:\Program Files\Bluetooth Suite\ipc.dll
2014-09-18 21:21 - 2014-09-18 21:21 - 000023680 _____ (Qualcomm Atheros -> Qualcomm Atheros) [File not signed] C:\Program Files\Bluetooth Suite\TCPConnection.dll
2014-09-18 21:21 - 2014-09-18 21:21 - 000086656 _____ (Qualcomm Atheros -> Qualcomm Atheros) [File not signed] C:\Program Files\Bluetooth Suite\utils.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:DBC416F8 [292]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2019-05-02 14:38 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Calibre2\;C:\Program Files\Windows Live\Shared
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: flaterem => C:\streamer\streamer.exe /AutoIt3ExecuteScript  "C:\streamer\stream.txt"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: YouCam Service => "C:\Program Files\CyberLink\YouCam\YouCamService.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8AA29F64-0770-4AAA-AF8A-259DF68E4EFF}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{19C18378-A97C-4E12-8C96-12350D0DD692}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{3A837D2B-A51B-4B94-B677-EDE8A2B0C41A}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{0A93544F-C554-47AD-8AF0-CE7AE1B388A5}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [TCP Query User{9CB93013-EAC1-412F-B79C-CA0B50629AC0}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{3F229716-24F6-44A2-896E-1BA4009FC0FE}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [TCP Query User{72D5D3C3-B3C6-4876-8035-2B24F21F869A}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{11FE586E-683C-4B48-8FB6-1828A07F564A}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{CBA76857-11B6-4080-9ACB-474614A18B33}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3ADBE90B-E53D-4C99-B3A2-BE845CB694EA}] => (Allow) C:\Users\Dolly\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{52CF29F3-A76B-42C2-BA66-9A323870229A}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{683664AC-5829-4DAF-B6AA-057966241FE3}] => (Allow) LPort=2869
FirewallRules: [{E4ED1BDA-5644-4C15-881B-FBF2BCF29A87}] => (Allow) LPort=1900
FirewallRules: [{EFCEC245-0C76-48C8-B73E-2EE2426BDF6F}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

16-05-2019 21:18:57 Punto de control programado
03-06-2019 16:38:20 Punto de control programado
17-06-2019 18:49:33 Punto de control programado
26-06-2019 16:22:54 Punto de control programado
01-07-2019 23:37:54 Windows Live Essentials
01-07-2019 23:39:53 Se ha instalado DirectX
01-07-2019 23:40:29 Se ha instalado DirectX
01-07-2019 23:40:58 Se ha instalado DirectX
01-07-2019 23:42:02 WLSetup
02-07-2019 17:34:44 Revo Uninstaller's restore point - Vegas Pro 11.0
02-07-2019 17:35:12 Removed Vegas Pro 11.0
03-07-2019 21:02:29 Windows Update
14-07-2019 13:11:22 Windows Update

==================== Faulty Device Manager Devices =============

Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2019 01:29:27 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: No se puede abrir el objeto de rendimiento del servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado.

Error: (07/14/2019 01:23:27 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: No se puede abrir el objeto de rendimiento del servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado.

Error: (07/14/2019 01:21:19 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: No se puede abrir el objeto de rendimiento del servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado.

Error: (07/14/2019 01:19:26 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x00000000.

Error: (07/14/2019 01:19:23 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
0x8007043C

Error: (07/12/2019 04:41:50 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: The catalog is corrupt.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/12/2019 04:41:49 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: No se puede inicializar el índice.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/12/2019 04:41:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: No se puede inicializar la aplicación.

Contexto: aplicación Windows

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (07/14/2019 01:27:15 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1068" al intentar iniciar el servicio BITS con argumentos "" para ejecutar el servidor:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (07/14/2019 01:27:06 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1084" al intentar iniciar el servicio VSS con argumentos "" para ejecutar el servidor:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (07/14/2019 01:20:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio MBAMChameleon no pudo iniciarse debido al siguiente error: 
El controlador no se cargó porque el sistema se está arrancando en modo a prueba de errores.

Error: (07/14/2019 01:19:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (07/14/2019 01:19:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio o grupo de dependencia.

Error: (07/14/2019 01:19:48 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/14/2019 01:19:48 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/14/2019 01:19:45 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1084" al intentar iniciar el servicio EventSystem con argumentos "" para ejecutar el servidor:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


==================== Memory info =========================== 

BIOS: Insyde Corp. R0190Z7 09/09/2011
Motherboard: Sony Corporation VAIO
Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 92%
Total physical RAM: 1642.9 MB
Available physical RAM: 129.1 MB
Total Virtual: 3285.8 MB
Available Virtual: 1226.62 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:112.99 GB) (Free:57.4 GB) NTFS
Drive d: (Datos) (Fixed) (Total:352.67 GB) (Free:337.24 GB) NTFS

\\?\Volume{f745c7c4-269b-11e5-ac6a-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: BB27E94F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=113 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=352.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Hola @Brayand_Chacaltana

Por alguna razón ejecutaste FRST en Modo Seguro con Red?


Ejecutaste FRST desde una ubicación incorrecta.

  • Running from C:\Users\Dolly\Downloads

Cortalo de la carpeta descargas y pegalo en tu escritorio.


Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Inicie su ordenador en >>> Modo Seguro con Red

Luego vaya a::

Inicio >>> Ejecutar >>> Escribe notepad.exe o abra un nuevo archivo Notepad y copie y pegue lo siguiente:

Start
CloseProcesses:
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\...\Run: [strdat] => C:\Windows\system32\cmd.exe /c start C:\streamer\streamer.exe /AutoIt3ExecuteScript  "C:\streamer\stream.txt" & exit
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\...\MountPoints2: {46776bba-8639-11e9-ab88-60d819ede91f} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\...\MountPoints2: {5a752ef6-7757-11e9-a592-60d819ede91f} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\Run: [strdat] => C:\Windows\system32\cmd.exe /c start C:\streamer\streamer.exe /AutoIt3ExecuteScript  "C:\streamer\stream.txt" & exit
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\MountPoints2: {46776bba-8639-11e9-ab88-60d819ede91f} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\MountPoints2: {5a752ef6-7757-11e9-a592-60d819ede91f} - E:\HiSuiteDownLoader.exe
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\system32\huffyuv.dll [39936 2004-05-18] (Disappearing Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [112128 2015-10-24] () [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Dolly\Downloads\adwcleaner_7.3.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-pe/?ocid=iehp
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-pe/?ocid=iehp
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]
2019-07-11 18:07 - 2019-07-11 18:07 - 000000284 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
AlternateDataStreams: C:\ProgramData\Temp:DBC416F8 [292]

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guarda bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe/Frst64.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajará.

  • Ejecute Frst.exe o Frst64.exe. según el caso.
  • Presione el botón Fix y aguarde a que termine.
  • La Herramienta guardará el reporte en su escritorio (Fixlog.txt).
  • Reinicia y lo pega en su próxima respuesta.

Nos comentas…

Salu2

Que tal @SanMar

Así, fue debido a que ahora estoy trabajando con la PC en modo seguro nomas, de otro modo realmente no se puede trabajar en la PC, la lentitud es demasiada.

Correcto, eso haré.

Dejo el reporte solicitado.

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-07-2019 01
Ran by Dolly (15-07-2019 17:39:01) Run:1
Running from C:\Users\Dolly\Desktop
Loaded Profiles: Dolly (Available Profiles: Dolly)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\...\Run: [strdat] => C:\Windows\system32\cmd.exe /c start C:\streamer\streamer.exe /AutoIt3ExecuteScript  "C:\streamer\stream.txt" & exit
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\...\MountPoints2: {46776bba-8639-11e9-ab88-60d819ede91f} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\...\MountPoints2: {5a752ef6-7757-11e9-a592-60d819ede91f} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\Run: [strdat] => C:\Windows\system32\cmd.exe /c start C:\streamer\streamer.exe /AutoIt3ExecuteScript  "C:\streamer\stream.txt" & exit
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\MountPoints2: {46776bba-8639-11e9-ab88-60d819ede91f} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\MountPoints2: {5a752ef6-7757-11e9-a592-60d819ede91f} - E:\HiSuiteDownLoader.exe
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\system32\huffyuv.dll [39936 2004-05-18] (Disappearing Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [112128 2015-10-24] () [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Dolly\Downloads\adwcleaner_7.3.exe
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-pe/?ocid=iehp
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-pe/?ocid=iehp
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]
2019-07-11 18:07 - 2019-07-11 18:07 - 000000284 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
AlternateDataStreams: C:\ProgramData\Temp:DBC416F8 [292]

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
"HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\Software\Microsoft\Windows\CurrentVersion\Run\\strdat" => removed successfully.
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => removed successfully.
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46776bba-8639-11e9-ab88-60d819ede91f} => removed successfully.
HKLM\Software\Classes\CLSID\{46776bba-8639-11e9-ab88-60d819ede91f} => not found
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a752ef6-7757-11e9-a592-60d819ede91f} => removed successfully.
HKLM\Software\Classes\CLSID\{5a752ef6-7757-11e9-a592-60d819ede91f} => not found
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\Run: [strdat] => C:\Windows\system32\cmd.exe /c start C:\streamer\streamer.exe /AutoIt3ExecuteScript  "C:\streamer\stream.txt" & exit => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\MountPoints2: E - E:\HiSuiteDownLoader.exe => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\MountPoints2: {46776bba-8639-11e9-ab88-60d819ede91f} - E:\HiSuiteDownLoader.exe => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\...\MountPoints2: {5a752ef6-7757-11e9-a592-60d819ede91f} - E:\HiSuiteDownLoader.exe => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.X264" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.HFYU" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.LAGS" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.XVID" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.FFDS" => removed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully.
C:\Windows\Tasks\AdwCleaner_onReboot.job => moved successfully
"HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache" => removed successfully.
HKU\S-1-5-21-1986104296-3163790973-3246301206-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07142019132102554\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-pe/?ocid=iehp => Error: No automatic fix found for this entry.
HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => removed successfully.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully.
HKLM\System\CurrentControlSet\Services\Service KMSELDI => removed successfully.
Service KMSELDI => service removed successfully.
"C:\Windows\Tasks\AdwCleaner_onReboot.job" => not found
C:\ProgramData\Temp => ":DBC416F8" ADS removed successfully.

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local mientras los medios
est‚n desconectados.

Adaptador de Ethernet Conexi¢n de  rea local:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::ac7f:b75e:9b82:baf4%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.43.101
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.43.1

Adaptador de t£nel isatap.{44BD1599-7841-41E0-B9FB-15B0C59ED7B9}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{957B07AB-75BD-4614-A32E-18758E355809}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{DF7D4A36-592C-4B74-804D-C443FA2C7DE3}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-1986104296-3163790973-3246301206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16568499 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 3217520 B
Edge => 0 B
Chrome => 10313320 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
LocalService => 0 B
NetworkService => 2664 B
Dolly => 11301578 B

RecycleBin => 0 B
EmptyTemp: => 39.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:39:38 ====

Te comento, luego que terminó el proceso y reiniciada la PC, entré al modo normal de windows, y si bien la PC tiene una pequeña mejoría, los picos de memoria RAM y CPU siguen estando muy altos, y de tanto en tanto hay un lagaso. Muchas gracias por toda la ayuda brindada hasta ahora. Quedo a la espera de la siguiente respuesta :smiley:

Hola @Brayand_Chacaltana

Perfecto.

Algo queda mal desinfectado por que hay una infección que se reitera de tus USB.

Realiza lo siguiente en Modo Normal:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga UsbFix a tu escritorio :

  • Conecte todos sus dispositivos extraibles, USB/Pendrive\Micro SD, etc.
  • Ejecute USBFix.exe

  • Una vez conectados todos sus dispositivos presione en "Ejecutar análisis."
  • Posteriormente seleccione “Full Análisis” y espere a que termine.
  • En caso de detectar amenazas, seleccione todo los elementos detectados y presione "Limpiar todo"
  • Si le pidiera reiniciar el sistema, Acepte .
  • Una vez que se reinicie el equipo, se abrirá el reporte de USBFix indicando lo detectado y lo eliminado.
  • Copie y pegue entero dicho reporte en su próxima respuesta (en caso de que no se abra, el reporte se guarda con el nombre de UsbFix_Report.txt en el Escritorio)

Una vez terminado el análisis, con todas las unidades conectadas, vuelva a ejecutar USBFix como Administrador, y vacune los mismos, siguiendo los pasos del Manual.


Luego de reiniciar necesito que inicies en Modo Normal de Windows nuevamente, con todos los programas cerrados (Navegador Cerrado) ejecutes FRST tal como la primera vez y nos pegues los reportes frescos.

Necesito que sea en Modo Normal para ver todos los procesos que se ejecutan.

Salu2