Hola, espero encontrar acá la solución a mi problema. Pasa que en dos usuarios de mi pc NO se puede navegar, usando Chrome o Explorer, es imposible, aparece siempre el siguiente mensaje: NET::ERR_CERT_AUTHORITY_INVALID
He visitado diversos foros y páginas, y seguido los consejos que allí aparecen, pero no hay solución. Lo paradójico es que este mensaje lo hice en el mismo pc, pero desde otro usuario que no tiene ese problema.
Saludos!!!
PSC
Buenas @Pablo_Chacon bienvenido al Foro.
Para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. 
Desactiva temporalmente el Antivirus 
Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.
Vamos a descargar en TU ESCRITORIO(y NO en otro lugar 
) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :
Malwarebytes’ Anti-Malware + Manual. 
revisa en detalle el manual, para que sepas usarlo y configurarlo correctamente.
Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1] ¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]
Ejecutas las herramientas de una en una y en el orden indicado :
CCleaner.-
Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.
Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).
Malwarebytes.-
Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.
Realiza un Análisis Completo.
Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.
En el apartado del manual Historial 
encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.
AdwCleaner.-
Ejecuta Adwcleaner.exe.
Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.
Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.
El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt
Junkware Removal Tool.-
Ejecuta JRT.exe.
Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.
Si en algún momento te pide Reiniciar hazlo.
Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
Copia y pega el contenido de JRT.txt en tu próxima respuesta.
Farbar Recovery Scan Tool.-
Ejecuta FRST.exe.
En el mensaje de la ventana del Disclaimer, pulsamos Yes
En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.
Poner los informes en tu próxima respuesta de :
Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).
Y nos cuentas como funciona tu equipo en relación al problema planteado.
Saludos Javier.
Gracias, lo haré a la brevedad y te cuento!!! Saludos
PSC
Hola, acá van los informes solicitados…
Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 4/4/19
Hora del análisis: 18:11
Archivo de registro: 3eec39e0-571e-11e9-82af-4c8093870621.json
-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.563
Versión del paquete de actualización: 1.0.10006
Licencia: Prueba
-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: PSOTO-PC\PSOTO
-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 492482
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 1 hr, 8 min, 2 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 0
(No hay elementos maliciosos detectados)
Valor del registro: 0
(No hay elementos maliciosos detectados)
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 0
(No hay elementos maliciosos detectados)
Archivo: 0
(No hay elementos maliciosos detectados)
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-03.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-04-2019
# Duration: 00:00:33
# OS: Windows 7 Professional
# Scanned: 27198
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
AdwCleaner[S00].txt - [2240 octets] - [04/09/2018 19:16:03]
AdwCleaner[C00].txt - [2206 octets] - [04/09/2018 19:16:29]
AdwCleaner[S01].txt - [1681 octets] - [10/11/2018 12:13:24]
AdwCleaner[C01].txt - [1791 octets] - [10/11/2018 13:03:32]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64
Ran by PSOTO (Limited) on 04/04/2019 at 19:30:35.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 18
Successfully deleted: C:\Users\PSOTO\AppData\Local\{35EDF204-8450-497B-9AFA-39A6B3B6D46E} (Empty Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\PSOTO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HLA41RC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\PSOTO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9G0ANCR7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\PSOTO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C2CXGXAV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\PSOTO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWICA0K7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\PSOTO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I18Y7OQH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\PSOTO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNTXHMEV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\PSOTO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZX97GY4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\PSOTO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMY72112 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HLA41RC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9G0ANCR7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C2CXGXAV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWICA0K7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I18Y7OQH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNTXHMEV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZX97GY4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMY72112 (Temporary Internet Files Folder)
Registry: 2
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/04/2019 at 19:36:59.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by PSOTO (administrator) on PSOTO-PC (04-04-2019 19:38:28)
Running from C:\Users\PSOTO\Desktop
Loaded Profiles: PSOTO & Gracielita & PGL & Invitado (Available Profiles: PSOTO & Gracielita & PGL & Invitado)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Validity Sensors, Inc -> Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(DigitalPersona, Inc. -> DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(EASY SOLUTIONS, INC. -> Easy Solutions) C:\ProgramData\EasySolutions\DetectUpdate\DetectUpdate.exe
(EASY SOLUTIONS, INC. -> Easy Solutions Inc.) C:\Program Files (x86)\EasySolutions\Detect Safe Browsing\DSBServiceManager.exe
(Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Freemake) [File not signed] C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SOSQL2012\MSSQL\Binn\sqlservr.exe
(PACE Anti-Piracy, Inc.) [File not signed] C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel(R) Software -> Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(EASY SOLUTIONS, INC. -> Easy Solutions Inc.) C:\Program Files (x86)\EasySolutions\Detect Safe Browsing\dsb.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-10-01] (STMicroelectronics -> )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-879520919-2892092765-2935881487-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46504696 2018-12-07] (Google Inc -> )
HKU\S-1-5-21-879520919-2892092765-2935881487-1000\...\Run: [kksPgo7p] => C:\Users\Public\ZJV3M5T4Y7DWJM4\848U34FCQKJGNL1.exe [400872 2018-11-12] (VMware, Inc. -> VMware, Inc.)
HKU\S-1-5-21-879520919-2892092765-2935881487-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [7388488 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-879520919-2892092765-2935881487-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22488952 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-879520919-2892092765-2935881487-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-879520919-2892092765-2935881487-1000\...\MountPoints2: {69c1d309-0703-11e8-8cb5-848f69c33c11} - »ªÎªÊÖ»úÖúÊÖ°²×°Ïòµ¼.exe
HKU\S-1-5-21-879520919-2892092765-2935881487-1000\...\MountPoints2: {c1680323-d141-11e7-b109-848f69c33c11} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-879520919-2892092765-2935881487-1005\...\Run: [EPSON TX115 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBB.EXE [223232 2008-09-26] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-879520919-2892092765-2935881487-1005\...\Run: [EPSON TX115 Series (Copiar 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBB.EXE [223232 2008-09-26] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-879520919-2892092765-2935881487-1005\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46504696 2018-12-07] (Google Inc -> )
HKU\S-1-5-21-879520919-2892092765-2935881487-1005\...\MountPoints2: {69c1d309-0703-11e8-8cb5-848f69c33c11} - »ªÎªÊÖ»úÖúÊÖ°²×°Ïòµ¼.exe
HKU\S-1-5-21-879520919-2892092765-2935881487-501\...\Run: [EPSON TX115 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBB.EXE [223232 2008-09-26] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-879520919-2892092765-2935881487-501\...\MountPoints2: E - »ªÎªÊÖ»úÖúÊÖ°²×°Ïòµ¼.exe
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [180224 2009-06-07] () [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.75\Installer\chrmstp.exe [2019-03-12] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{2A16DF2F-490B-4F2B-8C68-21EF46FCCC37}] -> C:\Windows\system32\dpcrprov.dll [2010-12-29] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{3ADC7042-51AF-4D0F-BD1D-4D6965A77323}] -> C:\Windows\system32\dpcrprov.dll [2010-12-29] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{4C0F0D42-DA2D-45da-85BC-B7A1AB53BF65}] -> C:\Windows\system32\dpcrprov.dll [2010-12-29] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{57E84B57-5533-4624-AB49-E29C8C5489D6}] -> C:\Windows\system32\dpcrprov.dll [2010-12-29] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{70099717-17C8-4BD0-B3D4-FAF721AB1A62}] -> C:\Windows\system32\dpcrprov.dll [2010-12-29] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{FD2AB138-F9A8-4ab6-9095-EEE7AF8B6C28}] -> C:\Windows\system32\dpcrprov.dll [2010-12-29] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
IFEO\cliconfg.exe: [VerifierDlls] Hibiki.dll
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Gracielita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor de la tecnología Intel® Turbo Boost 2.0.lnk [2012-01-14]
ShortcutTarget: Monitor de la tecnología Intel® Turbo Boost 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel(R) Software -> Intel® Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-879520919-2892092765-2935881487-1000] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 190.54.110.23 190.54.120.23
Tcpip\..\Interfaces\{071A8EC4-8E20-40F7-AD57-0731EE8FA6AD}: [DhcpNameServer] 190.54.110.23 190.54.120.23
Tcpip\..\Interfaces\{C5EBA788-D7A7-40F5-BEF1-39E004551A9F}: [DhcpNameServer] 190.54.110.23 190.54.120.23
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.infospyware.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-879520919-2892092765-2935881487-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-879520919-2892092765-2935881487-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cl/
HKU\S-1-5-21-879520919-2892092765-2935881487-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-cl/?ocid=iehp
HKU\S-1-5-21-879520919-2892092765-2935881487-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-cl/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-07-05] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-07-05] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-879520919-2892092765-2935881487-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No File
FireFox:
========
FF ProfilePath: C:\Users\PSOTO\AppData\Roaming\Mozilla\Firefox\Profiles\c5d3jvrv.default-1458685330127 [2019-04-04]
FF Homepage: Mozilla\Firefox\Profiles\c5d3jvrv.default-1458685330127 -> hxxps://www.malwarebytes.org/restorebrowser//general/newhometab.php?hometab=home&partner=14105&guid={AC10B31F-938F-4AF5-AF9E-9F69795AA977}&i=
FF Extension: (Avira Browser Safety) - C:\Users\PSOTO\AppData\Roaming\Mozilla\Firefox\Profiles\c5d3jvrv.default-1458685330127\Extensions\[email protected] [2017-11-08] [hxxps://download.avira.com/package/absnooffers/firefox/update_webext_no_offers.rdf]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-04-17] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: (Extensión de DigitalPersona) - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2012-01-14] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-03-03] (Adobe Systems Incorporated -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-03-03] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-07-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-07-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-879520919-2892092765-2935881487-1000: @citrixonline.com/appdetectorplugin -> C:\Users\PSOTO\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-06] (Citrix Online -> Citrix Online)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.google.cl/
CHR StartupUrls: ChromeDefaultData -> "hxxps://www.google.cl/"
CHR Profile: C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2019-04-04] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-30]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-30]
CHR Extension: (Chrome Media Router) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-13]
CHR Profile: C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Default [2019-04-04]
CHR Extension: (Presentaciones de Google) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-27]
CHR Extension: (Google Docs) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-27]
CHR Extension: (Google Drive) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-27]
CHR Extension: (YouTube) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-27]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-27]
CHR Extension: (Autocomplete on) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdhbgagnmhdafendedikgjimegoipbnk [2016-04-04]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-27]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-31]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR Profile: C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-04-04]
CHR Extension: (Presentaciones) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-25]
CHR Extension: (Documentos) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-25]
CHR Extension: (Google Drive) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-03-25]
CHR Extension: (YouTube) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-25]
CHR Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-03-25]
CHR Extension: (Hojas de cálculo) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-25]
CHR Extension: (Avira Navegación segura) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2019-03-25]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-03-25]
CHR Extension: (Avast Online Security) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-03-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-03-25]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-03-25]
CHR Extension: (Gmail) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-25]
CHR Extension: (Chrome Media Router) - C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-25]
CHR Profile: C:\Users\PSOTO\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-879520919-2892092765-2935881487-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-879520919-2892092765-2935881487-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6758976 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357304 2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
R2 DetectUpdate; C:\ProgramData\EasySolutions\DetectUpdate\DetectUpdate.exe [536080 2018-04-04] (EASY SOLUTIONS, INC. -> Easy Solutions)
S2 DSBProxy; C:\Program Files (x86)\EasySolutions\Detect Safe Browsing\DSBPRoxy.exe [3770064 2016-02-12] (EASY SOLUTIONS, INC. -> EasySol)
R2 DSBServiceManager; C:\Program Files (x86)\EasySolutions\Detect Safe Browsing\DSBServiceManager.exe [287440 2016-02-12] (EASY SOLUTIONS, INC. -> Easy Solutions Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-08-01] (Freemake) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MSSQL$SOSQL2012; c:\Program Files\Microsoft SQL Server\MSSQL11.SOSQL2012\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] (Intel Corporation - Mobile Wireless Group -> )
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S4 SQLAgent$SOSQL2012; c:\Program Files\Microsoft SQL Server\MSSQL11.SOSQL2012\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer -> TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [27760 2010-09-29] (STMicroelectronics -> ST Microelectronics)
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [299008 2011-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [299008 2011-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37320 2019-03-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205608 2019-03-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [254408 2019-03-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196304 2019-03-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320904 2019-03-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58168 2019-03-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [249152 2019-03-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42496 2019-03-19] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [169104 2019-03-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-03-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88152 2019-03-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034640 2019-03-19] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [476256 2019-03-19] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [220632 2019-03-19] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380160 2019-03-19] (AVAST Software s.r.o. -> AVAST Software)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [51712 2011-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [53760 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [288768 2011-10-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [176096 2011-01-20] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R1 dsbwncf; C:\Windows\System32\drivers\dsbwnc.sys [65040 2016-02-12] (EASY SOLUTIONS, INC. -> Easy Solutions Inc.)
R1 dsbwncfk; C:\Windows\System32\drivers\dsbwnck.sys [33808 2016-02-12] (EASY SOLUTIONS, INC. -> )
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-11-01] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-11-01] (Disc Soft Ltd -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [59904 2011-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12287456 2011-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 Impcd; C:\Windows\system32\drivers\Impcd.sys [158976 2010-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\System32\drivers\intelaud.sys [34200 2011-05-17] (Wireless Display -> Intel Corporation)
R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation)
R3 iwdbus; C:\Windows\System32\DRIVERS\iwdbus.sys [25496 2011-05-17] (Wireless Display -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-04-04] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-04-04] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73912 2019-04-04] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-04-04] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [104784 2019-04-04] (Malwarebytes Corporation -> Malwarebytes)
S3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [8604672 2011-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [82432 2011-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [181760 2011-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2017-11-01] () [File not signed]
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [21616 2010-08-20] (STMicroelectronics -> ST Microelectronics)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.7.1.32\Definitions\SDSDefs\20170406.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.7.1.32\Definitions\SDSDefs\20170406.003\EX64.SYS [X]
S3 NPF; system32\drivers\NPF.sys [X]
S3 RTL8187; system32\DRIVERS\rtl8187.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-04 19:38 - 2019-04-04 19:40 - 000034879 _____ C:\Users\PSOTO\Desktop\FRST.txt
2019-04-04 19:38 - 2019-04-04 19:38 - 000000000 ____D C:\FRST
2019-04-04 19:36 - 2019-04-04 19:37 - 000003609 _____ C:\Users\PSOTO\Desktop\JRT.txt
2019-04-04 19:30 - 2019-04-04 19:30 - 000001501 _____ C:\Users\PSOTO\Desktop\AdwCleaner[S02].txt
2019-04-04 19:26 - 2019-04-04 19:26 - 000001542 _____ C:\Users\PSOTO\Desktop\informe MBAM.txt
2019-04-04 18:09 - 2019-04-04 18:09 - 000004150 _____ C:\Users\PSOTO\Documents\cc_20190404_180935.reg
2019-04-04 18:03 - 2019-04-04 18:03 - 000073912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-04-04 18:02 - 2019-04-04 18:02 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-04-04 18:02 - 2019-04-04 18:02 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-04-04 18:02 - 2019-04-04 18:02 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-04-04 18:02 - 2019-04-04 18:02 - 000104784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-04-04 18:02 - 2019-04-04 18:02 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-04-04 18:02 - 2019-04-04 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-04 18:02 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-04-04 18:01 - 2019-04-04 18:01 - 000000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-04-04 18:01 - 2019-04-04 18:01 - 000000300 ____H C:\Windows\Tasks\CCleaner Update.job
2019-04-04 18:01 - 2019-04-04 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-04-04 18:01 - 2019-04-04 18:01 - 000000000 ____D C:\Program Files\CCleaner
2019-04-04 17:58 - 2019-04-04 17:58 - 002434048 _____ (Farbar) C:\Users\PSOTO\Downloads\FRST64.exe
2019-04-04 17:58 - 2019-04-04 17:58 - 002434048 _____ (Farbar) C:\Users\PSOTO\Desktop\FRST64.exe
2019-04-04 17:57 - 2019-04-04 17:57 - 007025360 _____ (Malwarebytes) C:\Users\PSOTO\Downloads\adwcleaner_7.3.exe
2019-04-04 17:57 - 2019-04-04 17:57 - 007025360 _____ (Malwarebytes) C:\Users\PSOTO\Desktop\adwcleaner_7.3.exe
2019-04-04 17:57 - 2019-04-04 17:57 - 001790024 _____ (Malwarebytes) C:\Users\PSOTO\Downloads\JRT.exe
2019-04-04 17:57 - 2019-04-04 17:57 - 001790024 _____ (Malwarebytes) C:\Users\PSOTO\Desktop\JRT.exe
2019-04-04 17:57 - 2019-04-04 17:56 - 062618552 _____ (Malwarebytes ) C:\Users\PSOTO\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10000.exe
2019-04-04 17:56 - 2019-04-04 17:56 - 062618552 _____ (Malwarebytes ) C:\Users\PSOTO\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.10000.exe
2019-04-04 17:55 - 2019-04-04 17:55 - 021205512 _____ (Piriform Software Ltd) C:\Users\PSOTO\Downloads\ccsetup555.exe
2019-04-04 17:55 - 2019-04-04 17:55 - 021205512 _____ (Piriform Software Ltd) C:\Users\PSOTO\Desktop\ccsetup555.exe
2019-04-03 18:20 - 2019-04-03 18:20 - 000042943 _____ C:\Users\PSOTO\Downloads\WhatsApp Image 2019-04-03 at 18.20.17.jpeg
2019-04-02 20:27 - 2019-04-02 20:27 - 003763858 _____ C:\Users\PSOTO\Downloads\file.pdf
2019-04-02 19:05 - 2019-04-02 19:05 - 000000218 _____ C:\Users\PSOTO\AppData\Local\recently-used.xbel
2019-04-02 18:52 - 2019-04-02 19:02 - 1830702183 _____ C:\Users\PSOTO\Downloads\Can.you.ever.forgive.me.2018.1080p-dual-lat-cinecalidad.is.mp4
2019-04-02 18:28 - 2019-04-02 18:28 - 000099451 _____ C:\Users\PSOTO\Downloads\WhatsApp Image 2019-04-02 at 18.12.46.jpeg
2019-04-02 16:20 - 2019-04-02 16:23 - 000098625 _____ C:\Users\PSOTO\Downloads\WhatsApp Image 2019-04-01 at 20.04.44.jpeg
2019-04-02 16:20 - 2019-04-02 16:23 - 000094340 _____ C:\Users\PSOTO\Downloads\WhatsApp Image 2019-04-01 at 20.04.46.jpeg
2019-04-02 16:20 - 2019-04-02 16:23 - 000094029 _____ C:\Users\PSOTO\Downloads\WhatsApp Image 2019-04-01 at 20.04.47.jpeg
2019-04-02 16:20 - 2019-04-02 16:23 - 000090353 _____ C:\Users\PSOTO\Downloads\WhatsApp Image 2019-04-01 at 20.04.42.jpeg
2019-04-02 16:20 - 2019-04-02 16:23 - 000084310 _____ C:\Users\PSOTO\Downloads\WhatsApp Image 2019-04-01 at 20.04.49.jpeg
2019-04-01 20:59 - 2019-04-01 20:59 - 005466460 _____ C:\Users\PSOTO\Downloads\liv2019xls.xlsx
2019-04-01 20:40 - 2019-04-01 20:47 - 1857641671 _____ C:\Users\PSOTO\Downloads\The.dirt.2019.1080p-dual-lat-cinecalidad.is.mp4
2019-04-01 09:10 - 2019-04-01 09:10 - 001161308 _____ C:\Users\PSOTO\Downloads\MODULO 3_Modelo de EA en modalidad online.pdf
2019-04-01 09:10 - 2019-04-01 09:10 - 000895261 _____ C:\Users\PSOTO\Downloads\MODULO 4_Competencias digitales para la docencia online.pdf
2019-04-01 09:10 - 2019-04-01 09:10 - 000878976 _____ C:\Users\PSOTO\Downloads\MODULO 1_Modalidad de Educación Online.pdf
2019-04-01 09:10 - 2019-04-01 09:10 - 000878976 _____ C:\Users\PSOTO\Downloads\MODULO 1_Modalidad de Educación Online (1).pdf
2019-04-01 09:10 - 2019-04-01 09:10 - 000798987 _____ C:\Users\PSOTO\Downloads\MODULO 2_Educación Adultos Modalidad Online.pdf
2019-04-01 09:10 - 2019-04-01 09:10 - 000580082 _____ C:\Users\PSOTO\Downloads\Plan_curso_educ_onlinev3.pdf
2019-04-01 08:39 - 2019-04-01 08:53 - 2275160523 _____ C:\Users\PSOTO\Downloads\The.highwaymen.2019.1080p-dual-lat-cinecalidad.is.mp4
2019-04-01 08:38 - 2019-04-01 08:50 - 1540050123 _____ C:\Users\PSOTO\Downloads\A.dogs.way.home.2019.1080p-dual-lat-cinecalidad.is.mp4
2019-03-31 22:23 - 2019-04-01 09:11 - 000000000 ____D C:\Users\PSOTO\Desktop\CURSO
2019-03-31 22:23 - 2019-03-31 22:23 - 000000000 ____D C:\Users\PSOTO\Documents\Nueva carpeta
2019-03-26 16:53 - 2019-03-26 16:53 - 000030677 _____ C:\Users\PSOTO\Downloads\voucher.pdf
2019-03-25 20:59 - 2019-03-25 21:05 - 000000000 ____D C:\Users\PSOTO\Desktop\feelings and emotions
2019-03-25 20:43 - 2019-03-25 20:43 - 000002399 _____ C:\Users\PSOTO\Desktop\MG - Chrome.lnk
2019-03-22 22:05 - 2019-03-22 22:08 - 000000000 ____D C:\Users\PSOTO\Desktop\emi
2019-03-22 20:03 - 2019-03-22 20:06 - 000000000 ____D C:\Users\PSOTO\Downloads\Bumblebee - 2018
2019-03-22 19:12 - 2019-03-22 19:15 - 000000000 ____D C:\Users\PSOTO\Downloads\The Mule - 2018
2019-03-20 19:50 - 2019-03-20 21:30 - 000000000 ____D C:\Users\PSOTO\Downloads\The Tenants - 2018
2019-03-20 19:47 - 2019-03-20 19:55 - 000000000 ____D C:\Users\PSOTO\Downloads\Five Feet Apart (OST) (Deluxe)
2019-03-20 16:31 - 2019-03-20 16:31 - 000094564 _____ C:\Users\PSOTO\Downloads\WhatsApp Image 2019-03-20 at 10.21.01.jpeg
2019-03-19 16:27 - 2019-03-19 16:28 - 000000000 ____D C:\Users\PSOTO\Downloads\Speed Kills - 2018
2019-03-19 06:58 - 2019-03-19 06:58 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-03-18 16:21 - 2019-03-18 16:21 - 000000000 ____D C:\Users\Gracielita\AppData\Roaming\NCH Software
2019-03-17 21:24 - 2019-03-17 21:27 - 000000000 ____D C:\Users\PSOTO\Downloads\Disney
2019-03-17 21:22 - 2019-03-18 21:10 - 000000000 ____D C:\Users\PSOTO\Downloads\Replicas - 2018
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-04 18:07 - 2017-12-15 12:43 - 000000000 ____D C:\Users\PSOTO\AppData\Local\CrashDumps
2019-04-04 18:07 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2019-04-04 18:02 - 2015-05-14 21:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-04 17:53 - 2015-10-10 15:29 - 000000000 ____D C:\Program Files (x86)\CCleaner
2019-04-04 16:02 - 2009-07-14 01:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-04 16:02 - 2009-07-14 01:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-04 16:01 - 2019-01-03 11:59 - 000000000 ____D C:\Users\PSOTO\Desktop\01 FOTOS COLACIONES
2019-04-03 19:11 - 2014-09-02 11:30 - 000000000 ____D C:\Users\PSOTO\AppData\Roaming\PrimoPDF
2019-04-02 19:35 - 2010-11-21 04:09 - 000860098 _____ C:\Windows\system32\perfh00A.dat
2019-04-02 19:35 - 2010-11-21 04:09 - 000205166 _____ C:\Windows\system32\perfc00A.dat
2019-04-02 19:35 - 2009-07-14 02:13 - 001996886 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-02 19:23 - 2017-11-07 22:54 - 000001486 _____ C:\Windows\Tasks\Packet House.job
2019-04-02 19:23 - 2017-11-03 08:48 - 000000484 ____H C:\Windows\Tasks\Norton Product InstallerIdle.job
2019-04-02 19:05 - 2016-07-11 14:51 - 000000000 ____D C:\Users\PSOTO\AppData\Roaming\deluge
2019-04-01 20:49 - 2014-09-02 01:16 - 000000000 ___RD C:\Users\PSOTO\Google Drive
2019-03-26 17:33 - 2018-11-26 10:59 - 000000000 ____D C:\Users\PSOTO\Desktop\Fotos EVENTOS
2019-03-25 20:21 - 2017-12-17 15:27 - 000000000 ___RD C:\Users\Gracielita\Google Drive
2019-03-22 20:07 - 2014-11-01 23:06 - 000000000 ____D C:\Users\PSOTO\AppData\Roaming\vlc
2019-03-21 08:38 - 2016-08-01 21:39 - 000000132 _____ C:\Users\PSOTO\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2019-03-19 17:39 - 2014-09-23 16:00 - 000003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2019-03-19 17:39 - 2009-07-14 02:08 - 000032654 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-03-19 16:00 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-19 06:59 - 2017-11-16 21:35 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-03-19 06:58 - 2019-02-19 19:56 - 000249152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-03-19 06:58 - 2018-10-22 17:04 - 000042496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-03-19 06:58 - 2017-11-07 17:23 - 000476256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-03-19 06:58 - 2017-11-07 17:23 - 000380160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-03-19 06:58 - 2017-11-07 17:23 - 000220632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-03-19 06:58 - 2017-11-07 17:23 - 000169104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-03-19 06:58 - 2017-11-07 17:23 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-03-19 06:58 - 2017-11-07 17:23 - 000088152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-03-19 06:57 - 2019-01-18 16:04 - 000254408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-03-19 06:57 - 2019-01-16 10:17 - 000320904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblog.sys
2019-03-19 06:57 - 2019-01-16 10:17 - 000196304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-03-19 06:57 - 2019-01-16 10:17 - 000058168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-03-19 06:57 - 2019-01-16 10:17 - 000037320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-03-19 06:57 - 2017-11-20 08:37 - 000205608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-03-19 06:57 - 2017-11-07 17:23 - 001034640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-03-18 16:22 - 2018-05-16 18:54 - 000000000 ____D C:\Users\Invitado\AppData\Local\CrashDumps
2019-03-14 16:31 - 2015-06-18 12:28 - 000000000 ____D C:\Users\PSOTO\AppData\Local\Dropbox
2019-03-14 16:31 - 2014-09-02 01:04 - 000000000 ____D C:\Users\PSOTO\AppData\Roaming\Dropbox
2019-03-13 22:19 - 2014-09-02 01:08 - 000000000 ___RD C:\Users\PSOTO\Dropbox
2019-03-13 19:07 - 2017-12-13 11:10 - 000004500 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-03-13 19:07 - 2014-09-02 12:42 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-03-13 19:07 - 2014-09-02 12:42 - 000004322 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-03-13 19:07 - 2014-08-28 10:19 - 000000000 ____D C:\Users\PSOTO\AppData\Local\Adobe
2019-03-13 19:07 - 2012-01-14 05:49 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-13 19:07 - 2012-01-14 05:49 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-03-13 19:07 - 2012-01-14 05:49 - 000000000 ____D C:\Windows\system32\Macromed
2019-03-13 10:59 - 2019-03-01 20:31 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software
2019-03-12 21:54 - 2017-11-07 18:15 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-12 21:51 - 2017-11-07 17:23 - 000379952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswafab558366d73e75.tmp
2019-03-12 21:36 - 2014-09-03 11:49 - 000000000 ____D C:\Program Files\WinRAR
2019-03-11 20:39 - 2014-09-03 11:49 - 000000000 ____D C:\Users\PSOTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-03-11 20:39 - 2014-09-03 11:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
==================== Files in the root of some directories =======
2018-11-12 19:39 - 2018-11-12 19:39 - 000000000 _____ () C:\Users\Public\b1.dll
2017-01-30 19:42 - 2017-01-30 19:42 - 000000001 _____ () C:\Users\PSOTO\AppData\Roaming\plMMDy
2016-08-01 21:39 - 2019-03-21 08:38 - 000000132 _____ () C:\Users\PSOTO\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2018-11-13 09:36 - 2018-11-19 13:20 - 000013508 _____ () C:\Users\PSOTO\AppData\Local\5.txt
2018-11-12 19:40 - 2018-11-12 19:40 - 000000000 _____ () C:\Users\PSOTO\AppData\Local\848U34FCQKJGNL1.exe.doc
2019-04-02 19:05 - 2019-04-02 19:05 - 000000218 _____ () C:\Users\PSOTO\AppData\Local\recently-used.xbel
2014-11-10 17:53 - 2018-11-10 11:07 - 000007598 _____ () C:\Users\PSOTO\AppData\Local\Resmon.ResmonCfg
2018-11-13 09:36 - 2018-11-19 12:04 - 000000000 _____ () C:\Users\PSOTO\AppData\Local\xkdi4.txt
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-03-15 20:11
==================== End of FRST.txt ============================Continua en mensaje siguiente…
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by PSOTO (04-04-2019 19:40:38)
Running from C:\Users\PSOTO\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-08-28 13:16:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
889CB07CD24244BD98BF (S-1-5-21-879520919-2892092765-2935881487-1004 - Limited - Enabled)
Administrador (S-1-5-21-879520919-2892092765-2935881487-500 - Administrator - Disabled)
ASPNET (S-1-5-21-879520919-2892092765-2935881487-1002 - Limited - Enabled)
Gracielita (S-1-5-21-879520919-2892092765-2935881487-1005 - Limited - Enabled) => C:\Users\Gracielita
Invitado (S-1-5-21-879520919-2892092765-2935881487-501 - Limited - Enabled) => C:\Users\Invitado
PGL (S-1-5-21-879520919-2892092765-2935881487-1006 - Limited - Enabled) => C:\Users\PGL
PSOTO (S-1-5-21-879520919-2892092765-2935881487-1000 - Administrator - Enabled) => C:\Users\PSOTO
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 18.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1801-000001000000}) (Version: 18.01.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.17 - STMicroelectronics)
Adobe Acrobat X Standard - Italiano, Español, Nederlands, Português (HKLM-x32\...\{AC76BA86-1040-7D70-BA7E-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.3.2369 - AVAST Software)
Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
Compatibilidad con Aplicaciones de Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Complete Internet Repair 5.1.0.3950 (HKLM\...\Complete Internet Repair_is1) (Version: 5.1.0.3950 - Rizonesoft)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.3.2.1 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version: - )
Desinstalador de impresoras EPSON TX115 Series (HKLM\...\EPSON TX115 Series) (Version: - SEIKO EPSON Corporation)
Detect Safe Browsing (HKLM-x32\...\Detect Safe Browsing) (Version: 4.5.1 - Easy Solutions Inc.)
DigitalPersona Fingerprint Software 5.20 (HKLM\...\{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}) (Version: 5.20.230 - DigitalPersona, Inc.)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
G Suite Migration For Microsoft Outlook® 4.0.117.0 (HKLM-x32\...\{76E3C8D3-7AE3-471F-856E-556A1D57BD18}) (Version: 4.0.117.0 - Google, Inc.)
G Suite Sync™ for Microsoft Outlook® 4.0.19.0 (HKLM-x32\...\{ADE68979-6AF9-4F5D-A6FD-AB1D9FE2B530}) (Version: 4.0.19.0 - Google, Inc.)
Galería fotográfica de Windows Live (HKLM-x32\...\{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.75 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexicon PSP 42 1.6.1 64bit (HKLM-x32\...\Lexicon PSP 42 1.6.1 64bit) (Version: 1.6.1 64bit - PSPaudioware.com)
License Support (HKLM\...\{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) Hidden
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Fireworks 8 (HKLM-x32\...\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}) (Version: 8.0.0.777 - Macromedia)
Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Macromedia FreeHand 10 (HKLM-x32\...\{4D826618-59C6-11D4-976E-00C04F8EEB39}) (Version: 10 - Macromedia)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_PROPLUS_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM-x32\...\{90120000-001A-0C0A-0000-0000000FF1CE}_PROPLUS_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version: - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_PROPLUS_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version: - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_PROPLUS_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version: - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{9AE22681-C27C-402A-A136-15854DFF693D}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{076FF390-D283-4174-B602-B0B7B72BD024}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.3.6020.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MKVToolNix 6.6.0 (HKLM-x32\...\MKVToolNix) (Version: 6.6.0 - Moritz Bunkus)
Monitor de la tecnología Intel® Turbo Boost 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4.5 ESN (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50709 - Microsoft Corporation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 7.0.6 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PhotoStage, creador de presentaciones fotográficas (HKLM-x32\...\PhotoStage) (Version: 6.07 - NCH Software)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.90.826.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6353 - Realtek Semiconductor Corp.)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
Service Pack 3 para SQL Server 2012 (KB3072779) (64-bit) (HKLM\...\KB3072779) (Version: 11.3.6020.0 - Microsoft Corporation)
Skype versión 8.16 (HKLM-x32\...\Skype_is1) (Version: 8.16 - Skype Technologies S.A.)
Software Intel(R) PROSet/Wireless WiFi (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg Nuendo 4 (HKLM-x32\...\{41E0A8DD-4343-4B33-95C3-272A99F18984}) (Version: 4.3.0.371 - Steinberg Media Technologies GmbH)
Steinberg Nuendo Expansion Kit (HKLM-x32\...\{A1E50F2C-F6CA-4C27-AEA7-819B2A486223}) (Version: 4.2.2.274 - Steinberg Media Technologies GmbH)
Subtitle Workshop 2.51 (HKLM-x32\...\SubtitleWorkshop) (Version: - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
Total Audio MP3 Converter v2.2 build 968 (HKLM-x32\...\{18D13E8A-7BD3-486F-847D-57FBE828F537}_is1) (Version: - Hoo Technologies)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Validity Sensors DDK (HKLM\...\{10AAF056-7792-497A-ACAF-3BF002196574}) (Version: 4.3.33.0 - Validity Sensors, Inc.)
Vegas Pro 13.0 (64-bit) (HKLM\...\{CDA02BF0-BFBC-11E3-AFA0-F04DA23A5C58}) (Version: 13.0.290 - Sony)
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Waves Complete V9r18 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.18 - Waves)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-10-18] (Intel Corporation - Mobile Wireless Group -> Intel Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2014-10-18] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2014-10-18] (Florian Heidenreich) [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2014-10-18] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-19] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {11F9C978-4F9F-4FC9-B12B-28E88AABDF41} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {156EB401-F150-4250-AC6A-72A0A7EFA038} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {1E90E9D1-C616-4B63-B25D-02DC4EA65572} - System32\Tasks\CCleaner Update => C:\Program Files (x86)\CCleaner\CCUpdate.exe
Task: {3995C8B1-46E9-4569-AB69-369849B3DC2E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {4D6B0976-5890-4B41-B156-19C42886933A} - System32\Tasks\{B2291631-D5C7-48CF-B4C7-4143DF1B69ED} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.33.0.105&LastError=12002
Task: {697FAD6A-544B-456E-AC39-B93DA9827CDF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-879520919-2892092765-2935881487-1000Core => C:\Users\PSOTO\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: {752EFF4D-256F-4045-BC54-B02C78978A5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {7BA9C1E2-08BF-444C-A79F-A117EE29AD7F} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe (Dell Inc -> PC-Doctor, Inc.)
Task: {7C7BBCE5-5352-4516-9090-F952B849EF06} - System32\Tasks\{153A6D2C-EB1E-4D3A-9A2F-DECDD4BF7A87} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.33.0.105/es/abandoninstall?page=tsProgressBar
Task: {8CDD9D41-8582-4E2B-BFFF-E7E34FEB5599} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9078E487-374D-4BDD-BA46-714427798F49} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe (Dell Inc -> PC-Doctor, Inc.)
Task: {956692EE-03FD-4160-8C02-E70F7B0F49B4} - System32\Tasks\Norton Product InstallerIdle => C:\ProgramData\NortonInstaller\NSSInstallStub.exe
Task: {A8A2C956-9FD1-4089-8E27-A91ED78F83F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A9186D6F-6D82-4639-B229-CB3BE4FC0F89} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {AE44BA09-647C-4A0B-A86B-9C6CF1DD75AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe
Task: {C81CDC58-77F3-4586-97A5-026AA60736EC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {CFA50C36-BC9A-4381-A92D-1EACAD289B83} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CFCB0EF1-7599-4C6C-AD49-9E05E0AC0B78} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {DADC0ABB-5A53-466F-B3A0-E30F4531A578} - System32\Tasks\AdobeAAMUpdater-1.0-PSOTO-PC-PSOTO => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {DE38666A-913A-4328-9297-327398CD2F78} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {FCCB4DA6-7B81-421A-ADC8-F2C116DDCC62} - System32\Tasks\{FC911A9E-B519-428D-AB19-8EB196BE8884} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/6.21.0.104/es/abandoninstall?page=tsMain
Task: {FFB1AE2D-7FFE-4CC5-8DAD-848552038BE4} - System32\Tasks\{4E48B3F8-4874-44AE-AD8E-E24237FFD957} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.33.0.105&LastError=-9
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\ProgramData\NortonInstaller\NSSInstallStub.exe
Task: C:\Windows\Tasks\Packet House.job => rundll32.exe C:\Program Files\Packet House\Packet House.dll
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\PSOTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com
Shortcut: C:\Users\PSOTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://www.image-line.com/diagnosti
Shortcut: C:\Users\PSOTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com
Shortcut: C:\Users\PSOTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk
ShortcutWithArgument: C:\Users\PSOTO\Desktop\MG - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) ==============
2014-09-03 11:40 - 2009-02-09 09:11 - 000230400 _____ () [File not signed] C:\Windows\System32\OKLM6500.DLL
2011-09-15 12:46 - 2011-09-15 12:46 - 000117248 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\BluetoothHS\UsR3IoPort.dll
2011-09-15 21:30 - 2011-09-15 21:30 - 001278976 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\MurocApi.dll
2011-09-15 20:46 - 2011-09-15 20:46 - 001501696 _____ () [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-09-15 21:25 - 2011-09-15 21:25 - 001077248 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
2011-09-15 21:26 - 2011-09-15 21:26 - 001047552 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll
2011-09-15 21:26 - 2011-09-15 21:26 - 000841728 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\IntStngs.dll
2011-09-15 21:26 - 2011-09-15 21:26 - 003719168 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll
2011-09-15 21:24 - 2011-09-15 21:24 - 000177152 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
2016-08-01 20:15 - 2016-08-01 11:50 - 000108032 _____ (Freemake) [File not signed] C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
2012-05-18 01:23 - 2012-05-18 01:23 - 002938880 _____ (PACE Anti-Piracy, Inc.) [File not signed] C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
2018-01-28 20:00 - 2018-01-28 20:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2015-09-24 12:42 - 2015-09-24 12:42 - 000336896 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\es_es\Acrobat Elements\ContextMenu64.esp
2016-01-25 11:55 - 2016-01-25 11:55 - 001099776 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\EasySolutions\Detect Safe Browsing\LIBEAY32.dll
2012-01-14 06:08 - 2010-12-20 20:45 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2012-01-14 06:08 - 2010-12-20 20:49 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2016-01-25 11:55 - 2016-01-25 11:55 - 000090744 _____ (OPSWAT, Inc. -> OPSWAT, Inc.) [File not signed] C:\Program Files (x86)\EasySolutions\Detect Safe Browsing\x86\MD4SALib.dll
2016-01-25 11:55 - 2016-01-25 11:55 - 000158840 _____ (OPSWAT, Inc. -> OPSWAT, Inc.) [File not signed] C:\Program Files (x86)\EasySolutions\Detect Safe Browsing\x86\omsRemote.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-04-04 18:02 - 2019-03-13 09:22 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DpHost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DSBProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-879520919-2892092765-2935881487-1000\...\localhost -> localhost
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 23:34 - 2019-01-04 11:05 - 000000840 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Google\Google Apps Sync\;C:\Program Files (x86)\Google\Google Apps Migration\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-879520919-2892092765-2935881487-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-879520919-2892092765-2935881487-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Gracielita\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-879520919-2892092765-2935881487-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\PGL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-879520919-2892092765-2935881487-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Invitado\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\startupfolder: C:^Users^PSOTO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^9ce57f3c73a08c0873cb78c599dd9e5d.lnk => C:\Windows\pss\9ce57f3c73a08c0873cb78c599dd9e5d.lnk.Startup
MSCONFIG\startupfolder: C:^Users^PSOTO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: DBRMTray => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
MSCONFIG\startupreg: Dropbox Update => "C:\Users\PSOTO\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelPAN => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => c:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{4F0B9A8C-F7FD-44A4-BBFD-74C553B31607}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.) [File not signed]
FirewallRules: [UDP Query User{B6AEB22D-1F3C-4EBF-BB72-BFE221471127}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.) [File not signed]
FirewallRules: [TCP Query User{D7D0C3E1-DE16-45D9-85AF-72A239F5A148}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team) [File not signed]
FirewallRules: [UDP Query User{30612F30-167D-4C00-898A-700BE5A00FFC}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team) [File not signed]
FirewallRules: [TCP Query User{203926E4-C9D1-43D4-86BE-30DABD22CB0D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [UDP Query User{A7939428-CED7-42E9-AFDE-014743836944}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [TCP Query User{54A077B1-532F-4B8C-9874-1F9BEFB764C0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{3B0382C4-0327-41DF-A72E-9E7DBC5A71A7}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{63017FB7-E180-449C-954F-4B63B44440FF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
04-04-2019 19:30:36 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Intel(R) Centrino(R) Wireless-N 1030
Description: Intel(R) Centrino(R) Wireless-N 1030
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Dispositivo periférico Bluetooth
Description: Dispositivo periférico Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/04/2019 07:42:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Error al agregar certificado al almacén de entidades de certificación raíz de terceros: Acceso denegado.
Error: (04/04/2019 07:42:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Error al agregar certificado al almacén de entidades de certificación raíz de terceros: Acceso denegado.
Error: (04/04/2019 07:42:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Error al agregar certificado al almacén de entidades de certificación raíz de terceros: Acceso denegado.
Error: (04/04/2019 07:42:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Error al agregar certificado al almacén de entidades de certificación raíz de terceros: Acceso denegado.
Error: (04/04/2019 07:41:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Error al agregar certificado al almacén de entidades de certificación raíz de terceros: Acceso denegado.
Error: (04/04/2019 07:41:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Error al agregar certificado al almacén de entidades de certificación raíz de terceros: Acceso denegado.
Error: (04/04/2019 07:38:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Error al agregar certificado al almacén de entidades de certificación raíz de terceros: Acceso denegado.
Error: (04/04/2019 07:38:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Error al agregar certificado al almacén de entidades de certificación raíz de terceros: Acceso denegado.
System errors:
=============
Error: (04/04/2019 05:54:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Malwarebytes Service terminó inesperadamente. Esto se ha repetido 2 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.
Error: (04/04/2019 05:54:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Malwarebytes Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.
Error: (03/19/2019 05:39:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Instrumental de administración de Windows se terminó de manera inesperada. Esto ha sucedido 3 veces.
Error: (03/19/2019 05:39:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Temas se terminó de manera inesperada. Esto ha sucedido 3 veces.
Error: (03/19/2019 05:39:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Detección de hardware shell se terminó de manera inesperada. Esto ha sucedido 3 veces.
Error: (03/19/2019 05:39:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Servicio de notificación de eventos de sistema se terminó de manera inesperada. Esto ha sucedido 3 veces.
Error: (03/19/2019 05:39:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Programador de tareas se terminó de manera inesperada. Esto ha sucedido 3 veces.
Error: (03/19/2019 05:39:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Administrador de conexión de acceso remoto se terminó de manera inesperada. Esto ha sucedido 3 veces.
Windows Defender:
===================================
Date: 2017-01-30 20:35:38.369
Description:
Windows Defender detectó spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Pokavampo&threatid=222268
Nombre:SoftwareBundler:Win32/Pokavampo
Id.:222268
Gravedad:Alta
Categoría:Software que instala varios programas
Ruta de acceso encontrada:file:c:\program files (x86)\cleanbrowser\app\app\init.html;file:C:\Program Files (x86)\CleanBrowser\app\app\node_modules\request\.eslintrc;file:C:\Program Files (x86)\CleanBrowser\app\app\node_modules\request\.npmignore;file:C:\Program Files (x86)\CleanBrowser\app\app\node_modules\request\.travis.yml;file:c:\program files (x86)\cleanbrowser\app\app\node_modules\request\CHANGELOG.md;file:c:\program files (x86)\cleanbrowser\app\app\node_modules\request\CONTRIBUTING.md;file:c:\program files (x86)\cleanbrowser\app\app\node_modules\request\LICENSE;file:c:\program files (x86)\cleanbrowser\app\app\node_modules\request\node_modules\.bin\har-validator;file:C:\Program Files (x86)\CleanBrowser\app\app\node_modules\request\node_modules\.bin\uuid;file:c:\program files (x86)\cleanbrowser\app\app\node_modules\request\node_modules\aws-sign2\LICENSE;file:C:\Program Files (x86)\CleanBrowser\app\app\node_modules\request\node_modules\aws-sign2\package.json;file:c:\program files (x86)\cleanbrowser\app\app\node_modules\request\no
Tipo de detección:Concreto
Origen de detección:Sistema
Estado:Desconocido
Usuario:NT AUTHORITY\SYSTEM
Nombre de proceso:
Date: 2017-01-30 19:51:28.375
Description:
Windows Defender detectó spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Pokavampo&threatid=222268
Nombre:SoftwareBundler:Win32/Pokavampo
Id.:222268
Gravedad:Alta
Categoría:Software que instala varios programas
Ruta de acceso encontrada:file:C:\Users\PSOTO\AppData\Local\4C4C4544-1485805851-5910-8035-C7C04F515331\qnsb61E1.tmp;process:pid:8188
Tipo de detección:Concreto
Origen de detección:Protección en tiempo real
Estado:Desconocido
Usuario:\
Nombre de proceso:
Date: 2017-01-30 19:43:35.458
Description:
Windows Defender detectó spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Heazycrome&threatid=234061
Nombre:BrowserModifier:Win32/Heazycrome
Id.:234061
Gravedad:Alta
Categoría:Modificador de explorador
Ruta de acceso encontrada:file:C:\Users\PSOTO\AppData\Local\Temp\00027271\hp.exe;process:pid:13576
Tipo de detección:Concreto
Origen de detección:Protección en tiempo real
Estado:Desconocido
Usuario:\
Nombre de proceso:
Date: 2016-04-11 08:18:06.341
Description:
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{3CCE08D5-9EC1-4DCA-B6C8-C328C32C5C72}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:NT AUTHORITY\Servicio de red
Date: 2015-10-08 00:10:49.758
Description:
Windows Defender detectó spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Techsnab&threatid=222310
Nombre:SoftwareBundler:Win32/Techsnab
Id.:222310
Gravedad:Alta
Categoría:Software que instala varios programas
Ruta de acceso encontrada:process:pid:4656
Tipo de detección:Concreto
Origen de detección:Protección en tiempo real
Estado:Desconocido
Usuario:\
Nombre de proceso:
Date: 2017-09-27 23:32:34.708
Description:
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado.
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0
Date: 2017-09-27 23:22:48.272
Description:
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado.
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0
Date: 2017-01-30 20:16:04.908
Description:
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado.
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0
Date: 2016-05-01 22:12:33.674
Description:
El motor de %1 se detuvo debido a un error inesperado.
Tipo de error:%5
Código de excepción:%6
Recurso:%3
Date: 2014-12-19 08:50:15.797
Description:
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado.
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 64%
Total physical RAM: 8086.17 MB
Available physical RAM: 2856.67 MB
Total Virtual: 16170.52 MB
Available Virtual: 10625.61 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:195.08 GB) NTFS
Drive e: () (Removable) (Total:29.71 GB) (Free:17.41 GB) FAT32
\\?\Volume{d5e9ca44-3e50-11e1-a9c3-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:19.53 GB) (Free:11.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Protective MBR) (Size: 29.7 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================En espera de tu respuesta, se despide agradecido
PSC
Bien… y ahora sigue estos pasos, MUY Importante Realiza una copia de seguridad del registro :
Para hacerlo descarga DelFix.exe(en tu escritorio).
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
Atención, ahora marca/selecciona únicamente la casilla Create registry backup, las demás casillas NO.
Pulsar en Run.
Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.
Con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
Task: {4D6B0976-5890-4B41-B156-19C42886933A} - System32\Tasks\{B2291631-D5C7-48CF-B4C7-4143DF1B69ED} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.33.0.105&LastError=12002
Task: {FFB1AE2D-7FFE-4CC5-8DAD-848552038BE4} - System32\Tasks\{4E48B3F8-4874-44AE-AD8E-E24237FFD957} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.33.0.105&LastError=-9
Task: {956692EE-03FD-4160-8C02-E70F7B0F49B4} - System32\Tasks\Norton Product InstallerIdle => C:\ProgramData\NortonInstaller\NSSInstallStub.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\ProgramData\NortonInstaller\NSSInstallStub.exe
2019-04-02 19:23 - 2017-11-03 08:48 - 000000484 ____H C:\Windows\Tasks\Norton Product InstallerIdle.job
HKU\S-1-5-21-879520919-2892092765-2935881487-1000\...\MountPoints2: {69c1d309-0703-11e8-8cb5-848f69c33c11} - »ªÎªÊÖ»úÖúÊÖ°²×°Ïòµ¼.exe
HKU\S-1-5-21-879520919-2892092765-2935881487-1000\...\MountPoints2: {c1680323-d141-11e7-b109-848f69c33c11} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-879520919-2892092765-2935881487-1005\...\MountPoints2: {69c1d309-0703-11e8-8cb5-848f69c33c11} - »ªÎªÊÖ»úÖúÊÖ°²×°Ïòµ¼.exe
HKU\S-1-5-21-879520919-2892092765-2935881487-501\...\MountPoints2: E - »ªÎªÊÖ»úÖúÊÖ°²×°Ïòµ¼.exe
BootExecute: autocheck autochk * sdnclean64.exe
ProxyEnable: [S-1-5-21-879520919-2892092765-2935881487-1000] => Proxy is enabled.
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-879520919-2892092765-2935881487-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No File
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension => not found
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-07-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-07-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.7.1.32\Definitions\SDSDefs\20170406.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.7.1.32\Definitions\SDSDefs\20170406.003\EX64.SYS [X]
S3 NPF; system32\drivers\NPF.sys [X]
2017-01-30 19:42 - 2017-01-30 19:42 - 000000001 _____ () C:\Users\PSOTO\AppData\Roaming\plMMDy
2018-11-12 19:40 - 2018-11-12 19:40 - 000000000 _____ () C:\Users\PSOTO\AppData\Local\848U34FCQKJGNL1.exe.doc
2019-04-02 19:05 - 2019-04-02 19:05 - 000000218 _____ () C:\Users\PSOTO\AppData\Local\recently-used.xbel
2014-11-10 17:53 - 2018-11-10 11:07 - 000007598 _____ () C:\Users\PSOTO\AppData\Local\Resmon.ResmonCfg
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
ENDGuárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.
Nota Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.
Y ahora inicia tu equipo desde el Modo Seguro – con funciones de Red, de Windows
Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
Presionar el botón FIX y aguardar a que termine.
La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).
Pegar el contenido de este fichero en tu próxima respuesta.
Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.
Saludos.
Javier, buen día,
hice todo lo indicado y lamentablemente el problema persiste, te dejo el log de FIXLOG.txt
Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by PSOTO (05-04-2019 17:17:21) Run:1
Running from C:\Users\PSOTO\Desktop
Loaded Profiles: PSOTO (Available Profiles: PSOTO & Gracielita & PGL & Invitado)
Boot Mode: Safe Mode (with Networking)
==============================================
fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
Task: {4D6B0976-5890-4B41-B156-19C42886933A} - System32\Tasks\{B2291631-D5C7-48CF-B4C7-4143DF1B69ED} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.33.0.105&LastError=12002
Task: {FFB1AE2D-7FFE-4CC5-8DAD-848552038BE4} - System32\Tasks\{4E48B3F8-4874-44AE-AD8E-E24237FFD957} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.33.0.105&LastError=-9
Task: {956692EE-03FD-4160-8C02-E70F7B0F49B4} - System32\Tasks\Norton Product InstallerIdle => C:\ProgramData\NortonInstaller\NSSInstallStub.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\ProgramData\NortonInstaller\NSSInstallStub.exe
2019-04-02 19:23 - 2017-11-03 08:48 - 000000484 ____H C:\Windows\Tasks\Norton Product InstallerIdle.job
HKU\S-1-5-21-879520919-2892092765-2935881487-1000\...\MountPoints2: {69c1d309-0703-11e8-8cb5-848f69c33c11} - ��Ϊ�ֻ����ְ�װ��.exe
HKU\S-1-5-21-879520919-2892092765-2935881487-1000\...\MountPoints2: {c1680323-d141-11e7-b109-848f69c33c11} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-879520919-2892092765-2935881487-1005\...\MountPoints2: {69c1d309-0703-11e8-8cb5-848f69c33c11} - ��Ϊ�ֻ����ְ�װ��.exe
HKU\S-1-5-21-879520919-2892092765-2935881487-501\...\MountPoints2: E - ��Ϊ�ֻ����ְ�װ��.exe
BootExecute: autocheck autochk * sdnclean64.exe
ProxyEnable: [S-1-5-21-879520919-2892092765-2935881487-1000] => Proxy is enabled.
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-879520919-2892092765-2935881487-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No File
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension => not found
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-07-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-07-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.7.1.32\Definitions\SDSDefs\20170406.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.7.1.32\Definitions\SDSDefs\20170406.003\EX64.SYS [X]
S3 NPF; system32\drivers\NPF.sys [X]
2017-01-30 19:42 - 2017-01-30 19:42 - 000000001 _____ () C:\Users\PSOTO\AppData\Roaming\plMMDy
2018-11-12 19:40 - 2018-11-12 19:40 - 000000000 _____ () C:\Users\PSOTO\AppData\Local\848U34FCQKJGNL1.exe.doc
2019-04-02 19:05 - 2019-04-02 19:05 - 000000218 _____ () C:\Users\PSOTO\AppData\Local\recently-used.xbel
2014-11-10 17:53 - 2018-11-10 11:07 - 000007598 _____ () C:\Users\PSOTO\AppData\Local\Resmon.ResmonCfg
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************
Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1" => removed successfully
HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8" => removed successfully
HKLM\Software\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
HKLM\Software\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
HKLM\Software\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Glary Utilities => removed successfully
HKLM\Software\Classes\CLSID\{B3C418F8-922B-4faf-915E-59BC14448CF7} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => removed successfully
HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D6B0976-5890-4B41-B156-19C42886933A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D6B0976-5890-4B41-B156-19C42886933A}" => removed successfully
C:\Windows\System32\Tasks\{B2291631-D5C7-48CF-B4C7-4143DF1B69ED} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B2291631-D5C7-48CF-B4C7-4143DF1B69ED}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFB1AE2D-7FFE-4CC5-8DAD-848552038BE4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFB1AE2D-7FFE-4CC5-8DAD-848552038BE4}" => removed successfully
C:\Windows\System32\Tasks\{4E48B3F8-4874-44AE-AD8E-E24237FFD957} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4E48B3F8-4874-44AE-AD8E-E24237FFD957}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{956692EE-03FD-4160-8C02-E70F7B0F49B4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{956692EE-03FD-4160-8C02-E70F7B0F49B4}" => removed successfully
C:\Windows\System32\Tasks\Norton Product InstallerIdle => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Product InstallerIdle" => removed successfully
C:\Windows\Tasks\Norton Product InstallerIdle.job => moved successfully
"C:\Windows\Tasks\Norton Product InstallerIdle.job" => not found
HKU\S-1-5-21-879520919-2892092765-2935881487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c1d309-0703-11e8-8cb5-848f69c33c11} => removed successfully
HKLM\Software\Classes\CLSID\{69c1d309-0703-11e8-8cb5-848f69c33c11} => not found
HKU\S-1-5-21-879520919-2892092765-2935881487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1680323-d141-11e7-b109-848f69c33c11} => removed successfully
HKLM\Software\Classes\CLSID\{c1680323-d141-11e7-b109-848f69c33c11} => not found
"HKU\S-1-5-21-879520919-2892092765-2935881487-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c1d309-0703-11e8-8cb5-848f69c33c11}" => not found
HKLM\Software\Classes\CLSID\{69c1d309-0703-11e8-8cb5-848f69c33c11} => not found
"HKU\S-1-5-21-879520919-2892092765-2935881487-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => not found
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
"HKU\S-1-5-21-879520919-2892092765-2935881487-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-879520919-2892092765-2935881487-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\tmpx => removed successfully
HKLM\Software\Classes\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => not found
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-07-05] (Oracle America, Inc." => not found
C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-07-05] (Oracle America, Inc." => not found
C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN" => not found
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN" => not found
"C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll" => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN" => not found
"C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll" => not found
HKLM\System\CurrentControlSet\Services\andnetadb => removed successfully
andnetadb => service removed successfully
HKLM\System\CurrentControlSet\Services\AndNetDiag => removed successfully
AndNetDiag => service removed successfully
HKLM\System\CurrentControlSet\Services\ANDNetModem => removed successfully
ANDNetModem => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => removed successfully
NAVENG => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVEX15 => removed successfully
NAVEX15 => service removed successfully
HKLM\System\CurrentControlSet\Services\NPF => removed successfully
NPF => service removed successfully
C:\Users\PSOTO\AppData\Roaming\plMMDy => moved successfully
C:\Users\PSOTO\AppData\Local\848U34FCQKJGNL1.exe.doc => moved successfully
C:\Users\PSOTO\AppData\Local\recently-used.xbel => moved successfully
C:\Users\PSOTO\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-879520919-2892092765-2935881487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-879520919-2892092765-2935881487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
========= netsh winsock reset =========
El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.
========= End of CMD: =========
========= ipconfig /renew =========
Configuraci¢n IP de Windows
Adaptador de Ethernet Conexi¢n de rea local:
Sufijo DNS espec¡fico para la conexi¢n. . :
Direcci¢n IPv6 . . . . . . . . . . : ::a455:9309:62c4:f4f6
Direcci¢n IPv6 temporal. . . . . . : ::1904:f3c6:3fcf:e88
V¡nculo: direcci¢n IPv6 local. . . : fe80::a455:9309:62c4:f4f6%11
Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.2
M scara de subred . . . . . . . . . . . . : 255.255.255.0
Puerta de enlace predeterminada . . . . . : 192.168.0.1
Adaptador de t£nel isatap.{C5EBA788-D7A7-40F5-BEF1-39E004551A9F}:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de t£nel isatap.{6BBCD046-FAED-4810-89F1-6B13AC1C37F7}:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Adaptador de t£nel Teredo Tunneling Pseudo-Interface:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
========= End of CMD: =========
========= ipconfig /flushdns =========
Configuraci¢n IP de Windows
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Unable to connect to BITS - 0x8007042c
========= End of CMD: =========
========= netsh advfirewall reset =========
Aceptar
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Aceptar
========= End of CMD: =========
========= netsh int ipv4 reset =========
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.
========= End of CMD: =========
========= netsh int ipv6 reset =========
No hay valores configurados por el usuario para restablecer.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16762756 B
Java, Flash, Steam htmlcache => 1080 B
Windows/system/drivers => 2412433 B
Edge => 0 B
Chrome => 3380063 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
PSOTO => 81957845 B
Gracielita => 656016622 B
PGL => 5410668 B
Invitado => 520543 B
RecycleBin => 9583624 B
EmptyTemp: => 740.1 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 17:20:30 ====Saludos
PSC
Hola.
En los usuarios que tienes el problema las versiones de los navegadores es exactamente la misma.??
Hola, si todos los usuarios tienen la misma versión
Saludos PSC
Hola…perfecto y ahora ejecuta un análisis con 
ESET Online y cuando te salga esta pantalla :
Debes seguir estos pasos :
todas esas opciones.Con esto realizaras un análisis completo de todo el equipo, cuando termines todo el proceso, guardas el informe, que veras la opción para exportar/guardar en TXT y lo dejas guardado en tu escritorio para ponerlo en tu próxima respuesta.
Finalizas el proceso desinfectando los elementos encontrados y Reinicia tu PC, y nos pones el informe en tu próxima respuesta.
Y coméntanos como funciona tu equipo.
Saludos.
Hola Javier,
hice lo que me pediste, encontró 5 amenazas, que fueron eliminadas, pero no me ofreció informe.
Reincié y revisé el equipo, el problema persiste.
Espero tus comentarios.
Saludos
P
Tu versión de Windows 7 es legal…??
Tienes todas las actualizaciones al día y realizadas…??
Hola, sí y todo actualizado
Bien, pues ahora sigue estos pasos :
Desactiva temporalmente el Antivirus Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.
Descarga la herramienta 
ComboFix y guárdala en el escritorio. 
Muy Importante.
PASO 1:
PASO 2:
Importante :
Saludos.
Hola Javier, Hice lo indicado, sin embargo el equipo sigue igual, mi usuario bien, el resto no hay acceso (adjunto capturas de Chrome y Explorer)
El reporte es el siguiente:
ComboFix 18-08-08.01 - PSOTO 08/04/2019 18:15:58.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.56.3082.18.8086.4676 [GMT -3:00]
Running from: c:\users\PSOTO\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Spybot - Search and Destroy *Disabled/Outdated* {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1d8784c7a421d340cfd179503fe59ddc798a351c
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\_ctypes.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\_elementtree.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\_hashlib.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\_multiprocessing.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\_psutil_windows.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\_socket.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\_ssl.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\_yappi.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\bz2.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\cello.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\common.time34.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\hashobjs_ext.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\PIL._imaging.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\pyexpat.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\pysqlite2._sqlite.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\python27.dll
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\pythoncom27.dll
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\pywintypes27.dll
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\select.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\thumbnails_ext.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\unicodedata.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\usb_ext.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\win32api.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\win32com.shell.shell.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\win32crypt.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\win32event.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\win32file.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\win32gui.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\win32inet.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\win32pdh.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\win32pipe.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\win32process.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\win32profile.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\win32security.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\win32ts.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\windows._cacheinvalidation.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\windows.conditional.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\windows.connectivity.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\windows.device_monitor.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\windows.volumes.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\windows.winwrap.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\wx._controls_.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\wx._core_.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\wx._gdi_.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\wx._html2.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\wx._misc_.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\wx._windows_.pyd
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\wxbase30u_net_vc90_x64.dll
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\wxbase30u_vc90_x64.dll
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\wxmsw30u_adv_vc90_x64.dll
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\wxmsw30u_core_vc90_x64.dll
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\wxmsw30u_html_vc90_x64.dll
c:\users\PSOTO\AppData\Local\Temp\_MEI29562\wxmsw30u_webview_vc90_x64.dll
c:\windows\ST6UNST.000
c:\windows\SysWow64\hookdll.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2019-03-08 to 2019-04-08 )))))))))))))))))))))))))))))))
.
.
2019-04-08 21:40 . 2019-04-08 21:40 73912 ----a-w- c:\windows\system32\drivers\mbam.sys
2019-04-08 21:38 . 2019-04-08 21:38 127136 ----a-w- c:\windows\system32\drivers\farflt.sys
2019-04-08 21:38 . 2019-04-08 21:38 104784 ----a-w- c:\windows\system32\drivers\mwac.sys
2019-04-08 21:37 . 2019-04-08 21:37 274416 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2019-04-08 21:32 . 2019-04-08 21:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2019-04-07 00:22 . 2019-04-07 00:23 -------- d-----w- c:\programdata\Wondershare
2019-04-07 00:22 . 2019-04-07 00:22 -------- d-----w- c:\users\PSOTO\AppData\Local\Wondershare
2019-04-06 00:19 . 2019-04-06 00:19 -------- d-----w- c:\program files (x86)\ESET
2019-04-04 22:38 . 2019-04-05 20:23 -------- d-----w- C:\FRST
2019-04-04 21:02 . 2019-04-05 20:16 198512 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys
2019-04-04 21:02 . 2019-01-08 19:32 153328 ----a-w- c:\windows\system32\drivers\mbae64.sys
2019-04-04 21:01 . 2019-04-04 21:01 -------- d-----w- c:\program files\CCleaner
2019-03-19 09:58 . 2019-03-19 09:58 362888 ----a-w- c:\windows\system32\aswBoot.exe
2019-03-18 19:21 . 2019-03-18 19:21 -------- d-----w- c:\users\Gracielita\AppData\Roaming\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-03-13 22:07 . 2014-09-02 15:42 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2019-03-13 22:07 . 2012-01-14 08:49 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2018-12-07 46504696]
"kksPgo7p"="c:\users\Public\ZJV3M5T4Y7DWJM4\848U34FCQKJGNL1.exe" [2018-11-12 400872]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2018-04-20 7388488]
"CCleaner Smart Cleaning"="c:\program files\CCleaner\CCleaner64.exe" [2019-03-11 22488952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2015-09-24 41360]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2018-04-20 6788032]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2015-09-24 840592]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2019-03-19 260488]
.
c:\users\Gracielita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor de la tecnología Intel® Turbo Boost 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"LmCompatibilityLevel"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DSBProxy;DSBProxy;c:\program files (x86)\EasySolutions\Detect Safe Browsing\DSBPRoxy.exe;c:\program files (x86)\EasySolutions\Detect Safe Browsing\DSBPRoxy.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 AMPPALP;Protocolo Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\aswidsagent.exe;c:\program files\AVAST Software\Avast\aswidsagent.exe [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files (x86)\Google\Chrome\Application\73.0.3683.86\elevation_service.exe;c:\program files (x86)\Google\Chrome\Application\73.0.3683.86\elevation_service.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0200.sys [x]
R4 SQLAgent$SOSQL2012;SQL Server Agent (SOSQL2012);c:\program files\Microsoft SQL Server\MSSQL11.SOSQL2012\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL11.SOSQL2012\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswArDisk;aswArDisk;c:\windows\system32\drivers\aswArDisk.sys;c:\windows\SYSNATIVE\drivers\aswArDisk.sys [x]
S0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsh.sys;c:\windows\SYSNATIVE\drivers\aswbidsh.sys [x]
S0 aswblog;aswblog;c:\windows\system32\drivers\aswblog.sys;c:\windows\SYSNATIVE\drivers\aswblog.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniv.sys;c:\windows\SYSNATIVE\drivers\aswbuniv.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys;c:\windows\SYSNATIVE\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\aswVmm.sys [x]
S0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys;c:\windows\SYSNATIVE\drivers\aswArPot.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriver.sys;c:\windows\SYSNATIVE\drivers\aswbidsdriver.sys [x]
S1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\drivers\aswHdsKe.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dsbwncf;dsbwncf;c:\windows\System32\drivers\dsbwnc.sys;c:\windows\SYSNATIVE\drivers\dsbwnc.sys [x]
S1 dsbwncfk;dsbwncfk;c:\windows\System32\drivers\dsbwnck.sys;c:\windows\SYSNATIVE\drivers\dsbwnck.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DetectUpdate;DetectUpdate;c:\programdata\EasySolutions\DetectUpdate\DetectUpdate.exe;c:\programdata\EasySolutions\DetectUpdate\DetectUpdate.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys;c:\windows\SYSNATIVE\DRIVERS\diginet.sys [x]
S2 DSBServiceManager;Detect Safe Browsing;c:\program files (x86)\EasySolutions\Detect Safe Browsing\DSBServiceManager.exe;c:\program files (x86)\EasySolutions\Detect Safe Browsing\DSBServiceManager.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 MBAMChameleon;MBAMChameleon;c:\windows\System32\Drivers\MbamChameleon.sys;c:\windows\SYSNATIVE\Drivers\MbamChameleon.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 MSSQL$SOSQL2012;SQL Server (SOSQL2012);c:\program files\Microsoft SQL Server\MSSQL11.SOSQL2012\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL11.SOSQL2012\MSSQL\Binn\sqlservr.exe [x]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 AMPPAL;Adaptador virtual Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Sonido Intel(R) para pantallas;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMFarflt;MBAMFarflt;c:\windows\system32\DRIVERS\farflt.sys;c:\windows\SYSNATIVE\DRIVERS\farflt.sys [x]
S3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys;c:\windows\SYSNATIVE\DRIVERS\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\DRIVERS\mwac.sys;c:\windows\SYSNATIVE\DRIVERS\mwac.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*NewlyCreated* - PCDSRVC{1E208CE0-FB7451FF-06020101}_0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2019-04-04 c:\windows\Tasks\CCleaner Update.job
- c:\program files\CCleaner\CCUpdate.exe [2019-03-11 15:16]
.
2019-04-04 c:\windows\Tasks\Packet House.job
- c:\windows\system32\rundll32.exe [2017-06-14 14:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2018-12-07 06:37 775096 ----a-w- c:\program files\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2018-12-07 06:37 775096 ----a-w- c:\program files\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2018-12-07 06:37 775096 ----a-w- c:\program files\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avg]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2019-03-19 09:58 1470856 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avg]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2019-03-19 09:58 1470856 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2019-03-19 260488]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.infospyware.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
mSearch Page = www.google.com
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: localhost
TCP: DhcpNameServer = 190.54.110.23 190.54.120.23
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-mbamchameleon
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe
HKLM-Run-Wondershare Helper Compact.exe - c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-879520919-2892092765-2935881487-1000\@*/q*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-879520919-2892092765-2935881487-1000\22491853_10214395363934855_8276029457520387535_n.jpg*þûh]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-879520919-2892092765-2935881487-1000\4ðg*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_28_0_0_161_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_28_0_0_161_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_28_0_0_161_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_28_0_0_161_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_161.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.28"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_161.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_161.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_28_0_0_161.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3025390~31bf3856ad364e35~amd64~~11.2.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\AVAST Software]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\EasySolutions\Detect Safe Browsing\dsb.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2019-04-08 18:46:58 - machine was rebooted
ComboFix-quarantined-files.txt 2019-04-08 21:46
.
Pre-Run: 224,240,246,784 bytes libres
Post-Run: 223,603,716,096 bytes libres
.
- - End Of File - - 88BABA6D2A4DF04E427276F5CF39F728Espero instrucciones.
Gracias Saludos!!
Hola.
Una cuestión… 
esos otros usuarios con esos problemas son controlados por ti, o las personas que los usan tienen absoluta libertad de uso/modificación/personalización del entorno de windows del propio usuario.??
Hola, son usuarios con accesos limitados a ese tipo de acciones.
Hace un tiempo atrás este problema se presentó para todos, pero logré resolverlo cargando un certificado, el problema se resolvión para todos, pero luego de un tiempo, reapareció, pero sólo para los otros usuarios.
Saludos
PSC
Bien y ahora sigue estos pasos :
Abre el Notepad (Bloc de notas) :
Ahora copia y pega la información, del interior del siguiente recuadro, dentro del Notepad.
KillAll::
ClearJavaCache::
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kksPgo7p"=-
Driver::
dsbwncf
dsbwncfk
File::
c:\windows\Tasks\Packet House.job
c:\windows\System32\drivers\dsbwnc.sys
c:\windows\SYSNATIVE\drivers\dsbwnc.sys
c:\windows\System32\drivers\dsbwnck.sys
c:\windows\SYSNATIVE\drivers\dsbwnck.sys
c:\users\Public\ZJV3M5T4Y7DWJM4\848U34FCQKJGNL1.exe
C:\Users\PSOTO\AppData\Local\848U34FCQKJGNL1.exe.doc
c:\windows\Tasks\Packet House.job
RegLock::
[HKEY_USERS\S-1-5-21-879520919-2892092765-2935881487-1000\@*/q*]
[HKEY_USERS\S-1-5-21-879520919-2892092765-2935881487-1000\22491853_10214395363934855_8276029457520387535_n.jpg*þûh]
[HKEY_USERS\S-1-5-21-879520919-2892092765-2935881487-1000\4ðg*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3025390~31bf3856ad364e35~amd64~~11.2.1.0]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\AVAST Software]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] Guarda este archivo con el nombre CFScript.txt dentro del Escritorio.
Arrastra y suelta el archivo CFScript.txt dentro del archivo ComboFix.exe como muestra la animación de aquí abajo. Esto activara ComboFix nuevamente.
Súbenos el nuevo informe de ComboFix para poder revisarlo.
Saludos.
hecho…
ComboFix 18-08-08.01 - PSOTO 08/04/2019 21:05:02.2.4 - x64
Running from: c:\users\PSOTO\Desktop\ComboFix.exe
Command switches used :: c:\users\PSOTO\Desktop\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\users\PSOTO\AppData\Local\848U34FCQKJGNL1.exe.doc"
"c:\users\Public\ZJV3M5T4Y7DWJM4\848U34FCQKJGNL1.exe"
"c:\windows\system32\drivers\dsbwnc.sys"
"c:\windows\system32\drivers\dsbwnck.sys"
"c:\windows\System32\drivers\dsbwnc.sys"
"c:\windows\System32\drivers\dsbwnck.sys"
"c:\windows\Tasks\Packet House.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\ZJV3M5T4Y7DWJM4\848U34FCQKJGNL1.exe
c:\windows\system32\drivers\dsbwnc.sys
c:\windows\system32\drivers\dsbwnck.sys
c:\windows\System32\drivers\dsbwnc.sys
c:\windows\System32\drivers\dsbwnck.sys
c:\windows\Tasks\Packet House.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DSBWNCF
-------\Legacy_DSBWNCFK
-------\Service_dsbwncf
-------\Service_dsbwncfk
.
.
((((((((((((((((((((((((( Files Created from 2019-03-09 to 2019-04-09 )))))))))))))))))))))))))))))))
.
.
2019-04-09 00:21 . 2019-04-09 00:21 73912 ----a-w- c:\windows\system32\drivers\mbam.sys
2019-04-09 00:21 . 2019-04-09 00:21 127136 ----a-w- c:\windows\system32\drivers\farflt.sys
2019-04-09 00:21 . 2019-04-09 00:21 104784 ----a-w- c:\windows\system32\drivers\mwac.sys
2019-04-09 00:21 . 2019-04-09 00:21 274416 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2019-04-09 00:17 . 2019-04-09 00:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2019-04-09 00:17 . 2019-04-09 00:17 -------- d-----w- c:\users\PGL\AppData\Local\temp
2019-04-09 00:17 . 2019-04-09 00:17 -------- d-----w- c:\users\Invitado\AppData\Local\temp
2019-04-08 21:47 . 2019-04-09 00:17 -------- d-----w- c:\users\Gracielita\AppData\Local\temp
2019-04-07 00:22 . 2019-04-07 00:23 -------- d-----w- c:\programdata\Wondershare
2019-04-07 00:22 . 2019-04-07 00:22 -------- d-----w- c:\users\PSOTO\AppData\Local\Wondershare
2019-04-06 00:19 . 2019-04-06 00:19 -------- d-----w- c:\program files (x86)\ESET
2019-04-04 22:38 . 2019-04-05 20:23 -------- d-----w- C:\FRST
2019-04-04 21:02 . 2019-04-05 20:16 198512 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys
2019-04-04 21:02 . 2019-01-08 19:32 153328 ----a-w- c:\windows\system32\drivers\mbae64.sys
2019-04-04 21:01 . 2019-04-04 21:01 -------- d-----w- c:\program files\CCleaner
2019-03-19 09:58 . 2019-03-19 09:58 362888 ----a-w- c:\windows\system32\aswBoot.exe
2019-03-18 19:21 . 2019-03-18 19:21 -------- d-----w- c:\users\Gracielita\AppData\Roaming\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-03-13 22:07 . 2014-09-02 15:42 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2019-03-13 22:07 . 2012-01-14 08:49 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2018-12-07 46504696]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2018-04-20 7388488]
"CCleaner Smart Cleaning"="c:\program files\CCleaner\CCleaner64.exe" [2019-03-11 22488952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2015-09-24 41360]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2018-04-20 6788032]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2015-09-24 840592]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2019-03-19 260488]
.
c:\users\Gracielita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor de la tecnología Intel® Turbo Boost 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"LmCompatibilityLevel"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DSBProxy;DSBProxy;c:\program files (x86)\EasySolutions\Detect Safe Browsing\DSBPRoxy.exe;c:\program files (x86)\EasySolutions\Detect Safe Browsing\DSBPRoxy.exe [x]
R3 AMPPALP;Protocolo Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\aswidsagent.exe;c:\program files\AVAST Software\Avast\aswidsagent.exe [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files (x86)\Google\Chrome\Application\73.0.3683.86\elevation_service.exe;c:\program files (x86)\Google\Chrome\Application\73.0.3683.86\elevation_service.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0200.sys [x]
R4 SQLAgent$SOSQL2012;SQL Server Agent (SOSQL2012);c:\program files\Microsoft SQL Server\MSSQL11.SOSQL2012\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL11.SOSQL2012\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswArDisk;aswArDisk;c:\windows\system32\drivers\aswArDisk.sys;c:\windows\SYSNATIVE\drivers\aswArDisk.sys [x]
S0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsh.sys;c:\windows\SYSNATIVE\drivers\aswbidsh.sys [x]
S0 aswblog;aswblog;c:\windows\system32\drivers\aswblog.sys;c:\windows\SYSNATIVE\drivers\aswblog.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniv.sys;c:\windows\SYSNATIVE\drivers\aswbuniv.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys;c:\windows\SYSNATIVE\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\aswVmm.sys [x]
S0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys;c:\windows\SYSNATIVE\drivers\aswArPot.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriver.sys;c:\windows\SYSNATIVE\drivers\aswbidsdriver.sys [x]
S1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\drivers\aswHdsKe.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DetectUpdate;DetectUpdate;c:\programdata\EasySolutions\DetectUpdate\DetectUpdate.exe;c:\programdata\EasySolutions\DetectUpdate\DetectUpdate.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys;c:\windows\SYSNATIVE\DRIVERS\diginet.sys [x]
S2 DSBServiceManager;Detect Safe Browsing;c:\program files (x86)\EasySolutions\Detect Safe Browsing\DSBServiceManager.exe;c:\program files (x86)\EasySolutions\Detect Safe Browsing\DSBServiceManager.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 MBAMChameleon;MBAMChameleon;c:\windows\System32\Drivers\MbamChameleon.sys;c:\windows\SYSNATIVE\Drivers\MbamChameleon.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 MSSQL$SOSQL2012;SQL Server (SOSQL2012);c:\program files\Microsoft SQL Server\MSSQL11.SOSQL2012\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL11.SOSQL2012\MSSQL\Binn\sqlservr.exe [x]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 AMPPAL;Adaptador virtual Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Sonido Intel(R) para pantallas;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMFarflt;MBAMFarflt;c:\windows\system32\DRIVERS\farflt.sys;c:\windows\SYSNATIVE\DRIVERS\farflt.sys [x]
S3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys;c:\windows\SYSNATIVE\DRIVERS\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\DRIVERS\mwac.sys;c:\windows\SYSNATIVE\DRIVERS\mwac.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2019-04-04 c:\windows\Tasks\CCleaner Update.job
- c:\program files\CCleaner\CCUpdate.exe [2019-03-11 15:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2018-12-07 06:37 775096 ----a-w- c:\program files\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2018-12-07 06:37 775096 ----a-w- c:\program files\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2018-12-07 06:37 775096 ----a-w- c:\program files\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avg]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2019-03-19 09:58 1470856 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avg]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2019-03-19 09:58 1470856 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2019-03-19 260488]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.infospyware.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
mSearch Page = www.google.com
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: localhost
TCP: DhcpNameServer = 190.54.110.23 190.54.120.23
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-879520919-2892092765-2935881487-1000\@*/q*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-879520919-2892092765-2935881487-1000\22491853_10214395363934855_8276029457520387535_n.jpg*þûh]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-879520919-2892092765-2935881487-1000\4ðg*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_28_0_0_161_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_28_0_0_161_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB3025390~31bf3856ad364e35~amd64~~11.2.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\AVAST Software]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
c:\program files (x86)\EasySolutions\Detect Safe Browsing\dsb.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2019-04-08 21:27:23 - machine was rebooted
ComboFix-quarantined-files.txt 2019-04-09 00:27
ComboFix2.txt 2019-04-08 21:47
.
Pre-Run: 223,130,984,448 bytes libres
Post-Run: 223,106,121,728 bytes libres
.
- - End Of File - - 1E7B6DDFF43BCBEC7D4DC8DE09363AACespero comentarios
saludos
PSC
