Not muy lenta

Buenas, necesito ayuda para saber porque mi not va tan lenta, tarda mucho en encender y en abrir el chrome, en el adm de tarea dice que el uso del disco es del 100%

Hola @Chris

Bienvenid@ al Foro!!!

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos con todos los programas cerrados incluido los navegadores

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
  • Cuando lo instales destilda las casillas para no permitir la instalación de CcleanerBrowser.
  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

  • Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Personalizado marcando todas las unidades
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: ¿Como Pegar reportes en el Foro?

Nos comentas.

Pd: Si no puedes en Modo Normal, prueba en Modo Seguro con Red.

Para Windows 7 >>> ¿Cómo iniciar el PC en Modo a prueba de fallos?

Para Windows 8/10 (Segundo Método) >>> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?

Salu2

www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 25/10/19
Hora del análisis: 1:11
Archivo de registro: 7b395680-f6dd-11e9-9109-54e1ad1a037a.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.13059
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 17134.950)
CPU: x64
Sistema de archivos: NTFS
Usuario: MELU\Melu

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 567926
Amenazas detectadas: 6
Amenazas en cuarentena: 0
Tiempo transcurrido: 9 hr, 54 min, 19 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 6
RiskWare.Tool.CK, C:\PROGRAM FILES (X86)\EA GAMES\LOS SIMS 2 BON VOYAGE\TSBIN\KEYGEN.EXE, Sin acciones por parte del usuario, [7469], [294249],1.0.13059
RiskWare.Tool.CK, C:\PROGRAM FILES (X86)\EA GAMES\LOS SIMS 2 BON VOYAGE\KEYGEN.EXE, Sin acciones por parte del usuario, [7469], [294249],1.0.13059
RiskWare.Tool.HCK, C:\PROGRAM FILES (X86)\ELECTRONIC ARTS\BATTLEFIELD BAD COMPANY 2\RLD-BBC2.EXE, Sin acciones por parte del usuario, [7476], [137837],1.0.13059
PUP.Optional.InstallCore, C:\USERS\MELU\DESKTOP\PASAR NUEVO OMAR\DESCARGADO OMAR\RAR\CHEATENGINE67.EXE, Sin acciones por parte del usuario, [461], [500846],1.0.13059
PUP.Optional.InstallCore, C:\USERS\MELU\DESKTOP\PASAR NUEVO OMAR\DESCARGADO OMAR\RAR\CHEATENGINE67.RAR, Sin acciones por parte del usuario, [461], [500846],1.0.13059
RiskWare.Tool.HCK, C:\USERS\MELU\DOWNLOADS\BANDICAM GRATIS (POR LUISGAMES987)\BDCAM\KEYMAKER\KEYMAKER.EXE, Sin acciones por parte del usuario, [7476], [64690],1.0.13059

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

# -------------------------------
# Malwarebytes AdwCleaner 7.4.2.0
# -------------------------------
# Build:    10-21-2019
# Database: 2019-10-21.1 (Local)
# Support:  
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    10-25-2019
# Duration: 00:00:10
# OS:       Windows 10 Home Single Language
# Cleaned:  7
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Host App Service
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKU\S-1-5-19\Software\Host App Service
Deleted       HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted       HKU\S-1-5-20\Software\Host App Service
Deleted       HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [14369 octets] - [25/10/2019 12:40:50]
AdwCleaner[S00].txt - [4082 octets] - [25/10/2019 12:42:07]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


~ ZHPCleaner v2019.10.21.152 by Nicolas Coolman (2019/10/21)
~ Run by Melu (Administrator)  (25/10/2019 12:32:50)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook :
~ State version : Version OK
~ Type : Reparar
~ Report : C:\Users\melu\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\melu\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit  (Build 17134)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (14)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (2)
MOVIDO carpeta: C:\ProgramData\Lenovo\ImController\Plugins\GenericMessagingPlugin\x86\SLSCore.dll [SweetLabs, Inc. - SLSCore]  =>SUP.Optional.SweetLabs
MOVIDO carpeta: C:\ProgramData\Lenovo\ImController\Plugins\GenericMessagingPlugin\x86\SLSLib.dll [SweetLabs, Inc. - SLSLib]  =>SUP.Optional.SweetLabs


---\\  Registro ( Claves, Valores, Datos) (3)
BORRADOS clave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service [SweetLabs for Lenovo]  =>SUP.Optional.SweetLabs
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool]  =>Toolbar.Ask
BORRADOS valor: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_5B0E0F94BA8AE696AD34F8547D66EEED ["C:\Program Files (x86)\Google\Chrome\Application\]  =>PUP.Optional.MyBrowser


---\\  Resumen de elementos en su estación de trabajo (3)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>SUP.Optional.SweetLabs
https://nicolascoolman.eu/2017/02/28/toolbar-ask/  =>Toolbar.Ask
https://nicolascoolman.eu/2017/11/01/adware-mybrowser/  =>PUP.Optional.MyBrowser


---\\ Limpieza adicional. (22)
~ Clave de registro Tracing borrados (22)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ Google Chrome OK
~ Internet Explorer OK


---\\ STATISTIQUES
~ Items escaneado : 1128
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 6/13
~ Ahorro de espacio (bytes) : 0


~ End of clean in 00h01mn39s

---\\  Reporte (2)
ZHPCleaner-[S]-25102019-12_30_15.txt
ZHPCleaner-[R]-25102019-12_34_29.txt   ````

Hola @Chris

Malwarebytes menciona sin acciones por parte del usuario

Debes enviar a cuarentena todo lo que detecte, vuelve a ejecutarlo selecciona lo que detecte lo envías a cuarentena y tomas su reporte luego de reiniciar.


Luego realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

hola, lo del Malwarebytes no lo borre porque son cosas que uso y estoy seguro que no son malwares. te dejo los informes

FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2019
Ran by Melu (administrator) on MELU (LENOVO 80TJ) (26-10-2019 00:37:02)
Running from C:\Users\melu\Desktop
Loaded Profiles: Melu (Available Profiles: defaultuser0 & Melu)
Platform: Windows 10 Home Single Language Version 1803 17134.950 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LENOVO -> Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\NisSrv.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe.157202023245301
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16735744 2016-11-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (LENOVO -> Lenovo(beijing) Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799880 2017-10-30] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44024 2019-07-21] (Glarysoft LTD -> Glarysoft Ltd)
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\Run: [GoogleChromeAutoLaunch_5B0E0F94BA8AE696AD34F8547D66EEED] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc -> Google Inc.)
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-25] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\MountPoints2: {03c4e583-b1af-11e8-8540-54e1ad1a037a} - "G:\setup.exe" 
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\MountPoints2: {04c84a40-e51b-11e7-8454-54e1ad1a037a} - "F:\setup.exe" 
BootExecute: autocheck autochk *  
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03DB4A8D-3AF7-4093-86A0-9E05093CF407} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1577608 2019-10-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {191990FC-E175-4BCA-825B-A17333ABCB13} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-25] (Piriform Software Ltd -> Piriform Ltd)
Task: {1BE3A476-3282-4F71-BAF7-08A2635ABE5D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1FB2D9BA-BA58-4F53-943E-989C1985FC34} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe
Task: {2AF2402A-85D7-4083-BD10-C94535D83553} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2E362C68-DD96-4232-928A-13CDD014E1D2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27295856 2019-10-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {2F42E0D3-B820-450B-87F7-37112BB1383B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4470440 2019-10-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {380D1BD3-2644-49F0-A0C0-ADFFB415F2B0} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe
Task: {558CD786-4E05-4BBF-A675-40F222FB549B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-11] (Google Inc -> Google Inc.)
Task: {644824AC-8355-4E47-AD48-A32EC489FD16} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [122344 2019-10-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {6A775411-E78B-43A5-B7F5-FAB068FC1C24} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
Task: {7364645D-6B84-4DAB-9E95-ED9D776F32D3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-25] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7584427D-9C76-4355-82E4-F50F0E7931F7} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
Task: {7E4A6F59-AADC-4CBA-83D1-1B57610C75F2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8342E12D-BFF0-4F94-B2A5-060C2775ED83} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [88344 2016-07-14] (CyberLink Corp. -> CyberLink Corp.)
Task: {8C5F706E-1558-4B41-A64E-99500614BD60} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\Lenovo\Power2Go\CLVDLauncher.exe [347416 2016-09-20] (CyberLink Corp. -> CyberLink Corp.)
Task: {91508656-0308-43C6-B82C-268F50E21B15} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {991AC3E2-B26C-46A6-AAE6-A64E1320CADE} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6a0a6b73-338d-4402-8097-241c18e27cc6 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {A101ADEA-7E35-44CF-916D-2C0E6EB29861} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AD3707AB-B732-41AB-BBEF-3F37B789C3DE} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {B6FE9CFB-2582-47FD-8888-D1991B8652B7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27295856 2019-10-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {CB1091DA-D915-4F82-A1E8-5BFF5A9C8CE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-11] (Google Inc -> Google Inc.)
Task: {CB51DCA0-489E-42C2-8793-81848075B0C5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CFB39B91-BBDC-4971-8ECC-69A09E3FF926} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1430176 2019-10-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {D47F7AA3-8611-4E8F-955D-B390205CECB0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4470440 2019-10-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {D69F80DD-1EC0-452B-AF14-C20564CBB7DF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\dad86dd6-23bf-466b-aa57-94779b1281e8 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {D7AD6816-FD89-446E-9992-309B488FFCE3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DA421D47-1A7B-4BD2-91A6-41145C262052} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1430176 2019-10-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {DBA0E5DF-7259-4CC2-8BEE-BC15EFF54952} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [122344 2019-10-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA8368AE-0510-4EAA-A6FB-DABA09E90316} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [190744 2016-10-07] (CyberLink Corp. -> CyberLink)
Task: {EAB8F165-5F21-44C1-8613-434E8FEF8392} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\bb51139c-1bf4-4aee-a3dc-159e60273310 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {F80567E9-E5E8-441B-9C7E-CCAD59273982} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-01-18] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{45076270-5420-4b1c-b834-b09b2635ff40}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b66db262-a003-4744-b553-6466a7390527}: [DhcpNameServer] 192.168.3.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-3977457848-43517965-4287078663-1001 -> DefaultScope {39A6A3D4-F54A-494B-8AB5-16C6BF526E53} URL = 
SearchScopes: HKU\S-1-5-21-3977457848-43517965-4287078663-1001 -> {39A6A3D4-F54A-494B-8AB5-16C6BF526E53} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-23] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-18] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-18] (Adobe Systems Incorporated -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-18] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc -> Google Inc.)

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://ar.search.yahoo.com/search?fr=mcafee&type=C211AR714D20170915&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\melu\AppData\Local\Google\Chrome\User Data\Default [2019-10-26]
CHR Extension: (Presentaciones) - C:\Users\melu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Documentos) - C:\Users\melu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\melu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-18]
CHR Extension: (YouTube) - C:\Users\melu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-18]
CHR Extension: (Hojas de cálculo) - C:\Users\melu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\melu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-23]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\melu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2019-07-07]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\melu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-19]
CHR Extension: (Gmail) - C:\Users\melu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-05]
CHR Extension: (Chrome Media Router) - C:\Users\melu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-26]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [295832 2016-12-23] (Advanced Micro Devices, Inc. -> AMD)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (LENOVO -> Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11642472 2019-10-14] (Microsoft Corporation -> Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd -> Disc Soft Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [709168 2019-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-10-30] (Invincea, Inc. -> Sandboxie Holdings, LLC)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [276616 2018-03-14] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-01] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309839.inf_amd64_168acb088d48fafb\atikmdag.sys [26587656 2016-12-23] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309839.inf_amd64_168acb088d48fafb\atikmpag.sys [527256 2016-12-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [87840 2016-12-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243048 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-10-15] (AVAST Software s.r.o. -> The OpenVPN Project)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30352 2017-12-20] (Disc Soft Ltd -> Disc Soft Ltd)
S1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [28936 2019-09-14] (Glarysoft LTD -> Glarysoft Ltd)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek Semiconductor Corp. -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [779104 2019-05-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-08-04] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3150344 2016-10-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6813664 2017-05-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [209544 2017-10-30] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46688 2019-10-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [350136 2019-10-01] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-01] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-26 00:37 - 2019-10-26 00:39 - 000027634 _____ C:\Users\melu\Desktop\FRST.txt
2019-10-26 00:36 - 2019-10-26 00:38 - 000000000 ____D C:\FRST
2019-10-26 00:35 - 2019-10-26 00:34 - 001617920 _____ (Farbar) C:\Users\melu\Desktop\FRST64.exe
2019-10-25 13:17 - 2019-10-25 13:17 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2019-10-25 13:17 - 2019-10-25 13:17 - 000002864 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2019-10-25 13:16 - 2019-10-25 13:18 - 000000000 ____D C:\Program Files\CCleaner
2019-10-25 13:16 - 2019-10-25 13:16 - 000000899 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-10-25 13:16 - 2019-10-25 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-10-25 13:07 - 2019-10-25 13:13 - 025441808 _____ (Piriform Software Ltd) C:\Users\melu\Downloads\ccsetup562.exe
2019-10-25 12:52 - 2019-10-25 13:03 - 013093480 _____ (Piriform Software Ltd) C:\Users\melu\Downloads\Sin confirmar 118071.crdownload
2019-10-25 12:49 - 2019-10-25 12:49 - 000002119 _____ C:\Users\melu\Desktop\AdwCleaner[C00].txt
2019-10-25 12:39 - 2019-10-25 12:39 - 007622344 _____ (Malwarebytes) C:\Users\melu\Downloads\adwcleaner_7.4.2.exe
2019-10-25 12:37 - 2019-10-25 12:37 - 000000000 ____D C:\Users\melu\Desktop\adwcleaner7full
2019-10-25 12:34 - 2019-10-25 12:34 - 000002749 _____ C:\Users\melu\Desktop\ZHPCleaner (R).txt
2019-10-25 12:30 - 2019-10-25 12:30 - 000002588 _____ C:\Users\melu\Desktop\ZHPCleaner (S).txt
2019-10-25 12:12 - 2019-10-25 12:34 - 000000000 ____D C:\Users\melu\AppData\Roaming\ZHP
2019-10-25 12:12 - 2019-10-25 12:14 - 000000000 ____D C:\Users\melu\AppData\Local\ZHP
2019-10-25 12:12 - 2019-10-25 12:12 - 000000910 _____ C:\Users\melu\Desktop\ZHPCleaner.lnk
2019-10-25 12:06 - 2019-10-25 12:06 - 000002469 _____ C:\Users\melu\Desktop\analisis.txt
2019-10-25 02:30 - 2019-10-25 01:09 - 003342720 _____ (Nicolas Coolman) C:\Users\melu\Desktop\ZHPCleaner.exe
2019-10-25 01:08 - 2019-10-25 01:08 - 000001389 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-10-25 01:08 - 2019-10-25 01:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-10-25 01:08 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-10-25 01:07 - 2019-08-26 19:40 - 007247182 _____ C:\Users\melu\Desktop\adwcleaner7full.rar
2019-10-25 01:07 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-10-25 00:56 - 2019-10-25 00:56 - 000000000 ____D C:\Users\melu\Desktop\MalwareBytes Premium 3.8.3 (Yuor Web Space)
2019-10-25 00:55 - 2019-10-25 00:54 - 065879353 _____ C:\Users\melu\Desktop\MalwareBytes Premium 3.8.3 (Yuor Web Space).rar
2019-10-19 11:45 - 2019-10-19 11:45 - 000000000 ____D C:\Games
2019-10-18 04:15 - 2019-10-18 04:15 - 000002616 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2019-10-18 04:15 - 2019-10-18 04:15 - 000002567 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-10-18 04:15 - 2019-10-18 04:15 - 000002548 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-10-18 04:15 - 2019-10-18 04:15 - 000002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-10-18 04:15 - 2019-10-18 04:15 - 000002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-10-18 04:15 - 2019-10-18 04:15 - 000002521 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-10-18 04:15 - 2019-10-18 04:15 - 000002479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-10-18 04:15 - 2019-10-18 04:15 - 000002475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-10-18 04:15 - 2019-10-18 04:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2019-10-18 03:50 - 2019-10-18 04:40 - 000000000 ____D C:\Users\melu\Desktop\Contenido
2019-10-18 03:50 - 2016-05-01 14:34 - 000000275 _____ C:\Users\melu\Desktop\Información.txt
2019-10-18 03:44 - 2019-10-18 03:44 - 476903484 _____ C:\Users\melu\Desktop\A.H.S.-4.O7-Lat-720p[MegaDescargas].rar
2019-10-14 19:35 - 2019-10-14 19:36 - 000000000 ____D C:\Users\melu\Documents\BFBC2
2019-10-14 18:57 - 2019-10-14 18:57 - 000000000 ____D C:\Program Files (x86)\Electronic Arts
2019-10-04 06:17 - 2019-10-04 06:18 - 000000000 ____D C:\Users\melu\Documents\NFS Most Wanted
2019-10-04 05:21 - 2019-10-04 05:21 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-10-04 05:20 - 2014-03-10 01:29 - 741098879 _____ C:\Users\melu\Desktop\Need For Speed Most Wanted.rar
2019-10-04 00:19 - 2019-10-04 01:00 - 000000000 ____D C:\Users\melu\AppData\Local\Ubisoft Game Launcher
2019-10-04 00:16 - 2019-10-04 00:19 - 000000000 ____D C:\Users\melu\Documents\Assassin's Creed Revelations
2019-10-04 00:16 - 2019-10-04 00:16 - 000000000 ____D C:\ProgramData\Ubisoft
2019-10-03 22:57 - 2019-10-03 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black_Box
2019-10-03 22:43 - 2019-10-03 22:43 - 000000000 ____D C:\Program Files (x86)\Black_Box
2019-10-03 22:42 - 2010-08-03 11:11 - 000819200 ___SH C:\WINDOWS\SysWOW64\xvidcore.dll
2019-10-03 22:42 - 2010-08-03 11:11 - 000180224 ___SH C:\WINDOWS\SysWOW64\xvidvfw.dll
2019-10-03 03:53 - 2019-10-03 03:53 - 000000000 ____D C:\Users\melu\Documents\Cloud
2019-10-03 03:45 - 2019-10-03 03:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
2019-10-03 03:24 - 2019-10-03 03:24 - 000000000 ____D C:\Program Files (x86)\Square Enix
2019-10-03 02:42 - 2019-10-18 03:45 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2019-10-03 02:37 - 2019-03-28 06:11 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2019-10-03 02:37 - 2019-03-28 06:11 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2019-10-03 02:37 - 2019-03-28 06:09 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2019-10-03 02:37 - 2019-03-28 06:09 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2019-10-03 02:37 - 2019-03-28 03:35 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll
2019-10-03 02:37 - 2019-03-28 03:35 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll
2019-10-03 02:37 - 2019-03-28 03:35 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll
2019-10-03 02:37 - 2019-03-28 03:35 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll
2019-10-03 02:37 - 2019-03-28 03:35 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll
2019-10-03 02:37 - 2019-03-28 03:35 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll
2019-10-03 01:19 - 2019-10-03 03:53 - 000000000 ____D C:\Users\melu\Documents\My Games
2019-10-02 02:50 - 2019-10-02 02:50 - 000000000 ____D C:\ProgramData\Origin
2019-09-29 12:13 - 2019-10-19 11:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearts of Iron IV Man the Guns
2019-09-29 12:06 - 2019-09-29 12:06 - 000000000 ____D C:\Users\melu\Downloads\Hearts.of.Iron.IV.Man.the.Guns.Update.v1.7.1-CODEX
2019-09-29 12:05 - 2019-09-29 12:05 - 000000000 ____D C:\Users\melu\Downloads\Hearts.of.Iron.IV.Man.the.Guns.Update.v1.7.0.incl.DLC-CODEX
2019-09-29 12:05 - 2019-09-29 12:05 - 000000000 ____D C:\Users\melu\Downloads\Hearts.of.Iron.IV.Man.the.Guns.Update.v1.6.2-CODEX
2019-09-29 12:05 - 2019-09-29 12:05 - 000000000 ____D C:\Users\melu\Downloads\Hearts.of.Iron.IV.Man.the.Guns.Update.v1.6.1
2019-09-29 12:02 - 2019-09-29 12:02 - 000000000 ____D C:\Users\melu\Downloads\Hearts.of.Iron.IV.Man.the.Guns
2019-09-29 02:14 - 2019-08-13 23:53 - 050990934 _____ C:\Users\melu\Downloads\Hearts.of.Iron.IV.Man.the.Guns.Update.v1.7.1-CODEX.rar
2019-09-29 02:10 - 2019-09-24 00:27 - 023066848 _____ C:\Users\melu\Downloads\Hearts.of.Iron.IV.Man.the.Guns.Update.v1.6.2-CODEX.rar
2019-09-29 02:10 - 2019-08-13 23:31 - 569852192 _____ C:\Users\melu\Downloads\Hearts.of.Iron.IV.Man.the.Guns.Update.v1.7.0.incl.DLC-CODEX.rar
2019-09-29 02:10 - 2019-08-13 22:58 - 019902365 _____ C:\Users\melu\Downloads\Hearts.of.Iron.IV.Man.the.Guns.Update.v1.6.1.rar
2019-09-29 02:05 - 2019-08-13 21:53 - 2203874555 _____ C:\Users\melu\Downloads\Hearts.of.Iron.IV.Man.the.Guns.rar
2019-09-28 22:01 - 2019-09-28 22:03 - 000000000 ____D C:\Users\melu\Desktop\imagen
2019-09-26 14:00 - 2019-09-26 14:03 - 010823512 _____ (AVAST Software) C:\Users\melu\Downloads\avastclear.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-26 00:32 - 2018-06-24 19:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-10-25 13:31 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-25 13:22 - 2017-12-20 07:36 - 000000000 ____D C:\Users\melu\AppData\Roaming\DAEMON Tools Lite
2019-10-25 13:21 - 2018-06-24 16:20 - 000000000 ____D C:\Users\melu\AppData\Local\CrashDumps
2019-10-25 13:21 - 2018-06-08 15:35 - 000000000 ___DC C:\WINDOWS\Panther
2019-10-25 13:21 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ModemLogs
2019-10-25 13:21 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-10-25 13:21 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2019-10-25 12:45 - 2018-06-24 19:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-10-25 12:44 - 2018-04-11 18:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-10-25 12:44 - 2017-09-17 21:48 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-10-25 12:40 - 2018-01-23 22:42 - 000000000 ____D C:\AdwCleaner
2019-10-25 12:18 - 2019-09-19 19:56 - 000000000 __SHD C:\ProgramData\USJWEH
2019-10-25 12:08 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-10-25 01:08 - 2018-04-11 20:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-10-25 01:07 - 2018-03-18 02:06 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-10-25 01:04 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-10-25 01:02 - 2019-09-14 15:30 - 000000000 ____D C:\Program Files (x86)\Malwarebytes
2019-10-25 00:54 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-25 00:54 - 2018-02-06 08:33 - 000000000 ____D C:\Users\melu\AppData\Local\Packages
2019-10-21 13:07 - 2017-05-10 09:45 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-10-21 12:58 - 2018-06-24 19:56 - 000003352 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3977457848-43517965-4287078663-1001
2019-10-21 12:58 - 2018-06-24 19:24 - 000002430 _____ C:\Users\melu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-10-21 12:58 - 2017-08-03 00:07 - 000000000 ___RD C:\Users\melu\OneDrive
2019-10-18 12:15 - 2017-09-08 19:41 - 000000000 ____D C:\Users\melu\AppData\Roaming\vlc
2019-10-18 04:10 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-10-18 04:07 - 2017-09-02 04:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-10-18 04:00 - 2017-09-02 04:40 - 127230528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-10-14 19:27 - 2018-06-26 16:56 - 000000000 ____D C:\Users\melu\AppData\Local\D3DSCache
2019-10-11 20:06 - 2018-11-10 01:42 - 000000000 ____D C:\Users\melu\Desktop\Animes
2019-10-04 06:41 - 2017-11-12 19:08 - 000000000 ____D C:\Program Files (x86)\EA GAMES
2019-10-03 22:42 - 2018-10-31 13:44 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2019-10-03 19:03 - 2017-05-10 09:42 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-10-03 04:48 - 2018-06-24 19:23 - 000000000 ____D C:\Users\melu
2019-10-01 22:16 - 2018-04-11 20:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-10-01 22:16 - 2018-03-17 15:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-10-01 21:35 - 2017-10-04 21:05 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-10-01 17:02 - 2018-03-01 03:23 - 000000000 ____D C:\Program Files (x86)\Pro Evolution Soccer 2015
2019-10-01 17:02 - 2018-01-22 03:22 - 000000000 ____D C:\ProgramData\KONAMI
2019-09-29 12:19 - 2018-02-24 14:07 - 000000000 ____D C:\Users\melu\Documents\Paradox Interactive
2019-09-29 12:08 - 2018-12-06 01:35 - 000000000 ____D C:\Users\melu\AppData\Roaming\CyberLink
2019-09-29 01:20 - 2018-02-02 22:38 - 000000000 ____D C:\Program Files (x86)\BlueStacks
2019-09-29 01:20 - 2017-10-15 22:12 - 000000000 ____D C:\Users\melu\AppData\Roaming\AVAST Software
2019-09-29 01:20 - 2017-10-15 21:54 - 000000000 ____D C:\ProgramData\AVAST Software
2019-09-28 22:11 - 2019-09-14 16:09 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2019-09-28 22:09 - 2018-02-02 22:37 - 000000000 ____D C:\Users\melu\AppData\Local\Bluestacks
2019-09-28 22:06 - 2017-12-19 00:29 - 000000000 ____D C:\Users\melu\Desktop\pasar nuevo omar
2019-09-26 19:09 - 2018-10-25 04:17 - 000000000 ____D C:\ProgramData\Packages

==================== Files in the root of some directories ================

2018-12-24 16:33 - 2019-01-11 03:42 - 000004058 _____ () C:\Users\melu\AppData\Roaming\downloads.json
2018-01-30 22:58 - 2018-07-26 06:44 - 000007602 _____ () C:\Users\melu\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2019
Ran by Melu (26-10-2019 00:41:22)
Running from C:\Users\melu\Desktop
Windows 10 Home Single Language Version 1803 17134.950 (X64) (2018-06-24 22:59:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3977457848-43517965-4287078663-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3977457848-43517965-4287078663-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3977457848-43517965-4287078663-1000 - Limited - Disabled) => C:\Users\defaultuser0
Invitado (S-1-5-21-3977457848-43517965-4287078663-501 - Limited - Disabled)
Melu (S-1-5-21-3977457848-43517965-4287078663-1001 - Administrator - Enabled) => C:\Users\melu
WDAGUtilityAccount (S-1-5-21-3977457848-43517965-4287078663-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{AA3B06B1-E89A-43C6-A26B-7109DB4BEE7B}) (Version: 12.0.7.148 - Adobe Systems, Inc)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Assassins Creed - Revelations version 1.5 (HKLM-x32\...\{B45A9A00-4016-AC3-A973-5A8AB70A03DE}_is1) (Version: 1.5 - Black_Box)
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.3.1.1191 - Bandicam.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Catalyst Control Center Next Localization BR (HKLM\...\{DB929D3C-5DF3-95A0-456F-403306EE69B6}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5F16D84E-851C-29BB-3CBE-A480DBAE3A09}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{13D096A7-D644-944F-F99D-82A17015AAE0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{EE08C0D5-792F-B256-A499-ECEC56915562}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{37F9C96B-294A-D6A7-183D-930C8A2F5D68}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{DAC91F38-7D04-90FC-19CB-AC1C608012ED}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{40E57BA2-6029-7A5D-A2BE-7D47039159D0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{7A54ECFD-70B7-08DF-D581-8CD04B4CDA09}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0F8A189-4C96-0179-ACEE-A98F618FD472}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{60694907-C4DE-A4AE-8DD0-E2E50E3A9C14}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{592C6F67-5D6B-8E34-90B9-2E9D44FC537B}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{06B55CAD-9FF0-EE80-954C-32FA86AED3BF}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{3B613BFA-C0AC-5FBF-29B1-3C362DFE417B}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{E3364BA9-283A-2B4C-2DED-90C284A54B8D}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{6E30A3B3-5427-9D91-5878-BD61820C5671}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{1E282415-8F60-005E-58C2-8FA7A7A391FB}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{8384ACC1-D00D-3818-8C45-E41E3C3FC6F9}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{DA4880B9-F477-386C-B07D-E13A7F4565C4}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{0FEDC0A5-8ED6-1A59-78A4-35E82784E3E0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{3BF8C0EC-3127-F42D-78B7-7C5C9E682657}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{3F6354FB-8E86-4BEF-A53F-141D1493EE6D}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.62 - Piriform)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6714 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
DirectX for Managed Code (HKLM\...\{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1) (Version: 1.0.0.0 - Sereby Corporation)
Dogfight 1942 Limited Edition (HKLM-x32\...\Dogfight 1942 Limited Edition_is1) (Version:  - )
Glary Utilities PRO 5.124 (HKLM-x32\...\Glary Utilities 5) (Version: 5.124.0.149 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
Hearts of Iron IV Man the Guns (HKLM-x32\...\Hearts of Iron IV Man the Guns_is1) (Version:  - )
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Los Sims™ 2 Bon Voyage (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version:  - Electronic Arts)
Los Sims™ 2 Megaluxe (HKLM-x32\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version:  - Electronic Arts)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.12026.20334 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\OneDriveSetup.exe) (Version: 19.152.0927.0012 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60830 (HKLM\...\{122B909F-9DCF-360E-91E7-0679E033FBE1}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60830 (HKLM\...\{083808D6-6235-37A8-82C1-98D226EB681F}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830 (HKLM-x32\...\{F68B404C-0E04-337F-A132-796508EE337A}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830 (HKLM-x32\...\{50AF8559-F490-381F-A6E7-06A07DE227DC}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
MMUS versión 4.6 (HKLM-x32\...\{17082A01-128F-426C-925C-DA764BAFDDEC}_is1) (Version: 4.6 - Mendoza MU Server)
Mundo Gaturro (HKLM-x32\...\Mundo Gaturro_is1) (Version: 1.0 - QB9 Entertainment)
MuPirata 99c (HKLM-x32\...\MuPirata 99c) (Version:  - )
Murdered Soul Suspect (HKLM-x32\...\Murdered Soul Suspect_is1) (Version: Murdered Soul Suspect - )
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12026.20334 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20334 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20334 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.12026.20334 - Microsoft Corporation) Hidden
Pro Evolution Soccer 2011 (HKLM-x32\...\{1148E85C-E1AF-48E0-A29C-68DACE07E054}) (Version: 1.00.0000 - KONAMI)
Pro Evolution Soccer 2015 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
Sandboxie 5.22 (64-bit) (HKLM\...\Sandboxie) (Version: 5.22 - Sandboxie Holdings, LLC)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
War Thunder Launcher 1.0.3.70 (HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-27] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.2.6.0_x86__kgqvnymyfvs32 [2019-10-24] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.150.300.0_x86__kgqvnymyfvs32 [2019-10-18] (king.com)
Complemento de Fotos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-14] (Microsoft Corporation)
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-26] (Microsoft Corporation) [MS Ad]
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.618.0_x64__v10z8vjag6ke6 [2019-10-18] (HP Inc.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-19] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1909.24.0_x64__k1h2ywk1493x8 [2019-09-26] (LENOVO INC.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.4.0.10_x86__h6adky7gbf63m [2019-10-23] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-18] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.12.101.0_x64__8wekyb3d8bbwe [2019-09-07] (Microsoft Studios)
MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-14] (Microsoft Corporation) [MS Ad]
Pic Collage -> C:\Program Files\WindowsApps\CARDINALBLUE.PICCOLLAGE_2.0.30.0_x64__nyvb5jmhdxy8g [2018-09-18] (Cardinal Blue Software)
PicsArt - Photo Studio -> C:\Program Files\WindowsApps\2FE3CB00.PicsArt-PhotoStudio_8.8.0.0_x86__crhqpqs3x1ygc [2019-10-18] (PicsArt Inc.) [MS Ad]
Portal de cuenta de Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-08-05] (LENOVO INCORPORATED.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6722448 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>  -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-03-10] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>  -> No File
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-03-10] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>  -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2019-03-10] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [25640 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [70200 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [70712 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [445504 2008-03-13] (Electronic Arts -> On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [445504 2008-03-13] (Electronic Arts -> On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [23080 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [66104 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [66104 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [180224 2010-08-03] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\melu\Desktop\juego de mel\crallas.lnk -> C:\Users\melu\Downloads\crash bandicoot 3 by loschicago jouns\crash bandicoot 3\Launch.bat ()

==================== Loaded Modules (Whitelisted) ==============

2018-11-10 03:26 - 2018-04-30 09:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\123simsen.com -> www.123simsen.com

There are 7934 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 08:47 - 2019-10-25 01:09 - 000454567 ____R C:\WINDOWS\system32\drivers\etc\hosts

0.0.0.0 serius.mwbsys.com
0.0.0.0 keystone.mwbsys.com0.0.0.0 keystone-prod.elasticbeanstalk.com

2017-12-18 05:02 - 2018-08-06 22:31 - 000000432 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\melu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: CleanupPSvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: SbieSvc => 2
HKLM\...\StartupApproved\StartupFolder: => "Avast Cleanup Premium.lnk"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "UIExec"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_5B0E0F94BA8AE696AD34F8547D66EEED"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{95F19C87-A174-4F42-B460-1B6D86101093}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{C1514009-AE7B-4BD6-945A-1D66784C9B04}] => (Allow) C:\Program Files (x86)\MuPirata\Main.exe (Nemesis) [File not signed]
FirewallRules: [{251492B1-C42E-436B-84DC-797B9AB153F4}] => (Allow) C:\Program Files (x86)\MuPirata\Main.exe (Nemesis) [File not signed]
FirewallRules: [{2701ECFF-A474-4F73-B045-36FE7FE70AA1}] => (Allow) C:\Program Files (x86)\MuPirata\Main.exe (Nemesis) [File not signed]
FirewallRules: [{DB08B3E6-3B2A-4838-96E1-F6F679E4022F}] => (Allow) C:\Program Files (x86)\MuPirata\Main.exe (Nemesis) [File not signed]
FirewallRules: [{EF87A0DC-C5BD-4A39-A9A8-53B8EE65657D}] => (Allow) C:\Program Files (x86)\MuPirata\Main.exe (Nemesis) [File not signed]
FirewallRules: [{8EC3C4F6-F24D-4BE7-BE8C-E907AC28EDD9}] => (Allow) C:\Program Files (x86)\MuPirata\Main.exe (Nemesis) [File not signed]
FirewallRules: [{C86147AE-E7F5-4BC1-B13D-40F126B0D528}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{1B9AF42E-50D5-426A-83E0-B393134D6F39}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{66D4CCC3-44A6-4123-87BC-CFFB90AF083E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{D604F80C-5A53-4300-AA80-7D60CF4E77A8}] => (Allow) LPort=13139
FirewallRules: [TCP Query User{9B093281-34DB-492A-B590-D34D7C00B87B}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Allow) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe (Konami Digital Entertainment Co., Ltd. -> Konami Digital Entertainment Co., Ltd.)
FirewallRules: [UDP Query User{4CF49FF7-AFE3-4B38-93AC-5410F241E258}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Allow) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe (Konami Digital Entertainment Co., Ltd. -> Konami Digital Entertainment Co., Ltd.)
FirewallRules: [{546C002A-1F65-4404-A5C3-B340A315C968}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A457CF57-4F3C-4EE5-BE38-9CA9D40644E5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F3645D04-2B70-4795-8D05-D6B5FD69751B}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{44B435C5-90E9-45A1-B9C1-7B56F6AEF867}] => (Allow) LPort=1688
FirewallRules: [{54584DC2-C00B-4573-B793-A58BEC09339E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C339ACD-6118-413F-BCD3-5C2ED46D6945}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{792C4EDC-FC6F-478F-9FC6-69786255AC69}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{114F726A-F252-4A24-90BB-B9074E1D0E44}C:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe] => (Allow) C:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe (Konami Digital Entertainment Co., Ltd.) [File not signed]
FirewallRules: [UDP Query User{BBBD1391-F78E-416D-BCC3-3DBB1669A504}C:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe] => (Allow) C:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe (Konami Digital Entertainment Co., Ltd.) [File not signed]
FirewallRules: [TCP Query User{6ED2273D-8A59-4C30-A508-BBD7C749193E}C:\program files (x86)\square enix\murdered soul suspect\binaries\win64\murdered.exe] => (Allow) C:\program files (x86)\square enix\murdered soul suspect\binaries\win64\murdered.exe () [File not signed]
FirewallRules: [UDP Query User{707352FE-D266-44F4-963A-B229D399D95D}C:\program files (x86)\square enix\murdered soul suspect\binaries\win64\murdered.exe] => (Allow) C:\program files (x86)\square enix\murdered soul suspect\binaries\win64\murdered.exe () [File not signed]
FirewallRules: [{80F4A878-88D0-4C98-B771-BE669226BF61}] => (Allow) C:\Program Files (x86)\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe (EA Digital Illusions CE AB -> EA Digital Illusions CE AB)
FirewallRules: [{3BB8D83C-2962-4DCD-AFBA-8236A82B92B9}] => (Allow) C:\Program Files (x86)\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe (EA Digital Illusions CE AB -> EA Digital Illusions CE AB)

==================== Restore Points =========================

14-10-2019 18:41:38 Instalado Microsoft Visual C++ 2005 Redistributable
18-10-2019 03:41:25 Windows Update
25-10-2019 12:31:39 ZHPcleaner

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2019 12:35:15 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/25/2019 01:01:52 PM) (Source: ImControllerService) (EventID: 0) (User: )
Description: No se puede iniciar el servicio. System.Configuration.ConfigurationErrorsException: Error en la inicialización del sistema de configuración ---> System.Configuration.ConfigurationErrorsException: Se ha producido un error al cargar el archivo de configuración: Se produjo una excepción en el inicializador de tipo de 'System.MarvinHash'. (C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config) ---> System.TypeInitializationException: Se produjo una excepción en el inicializador de tipo de 'System.MarvinHash'. ---> System.ApplicationException: Código XML no válido en el archivo 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\config\machine.config' cerca del elemento '</section>'. ---> System.Runtime.InteropServices.COMException: Excepción de HRESULT: 0xC00CE560
   en System.BaseConfigHandler.RunParser(String fileName)
   en System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
   --- Fin del seguimiento de la pila de la excepción interna ---
   en System.ConfigTreeParser.Parse(String file...

Error: (10/25/2019 12:48:06 PM) (Source: ImControllerService) (EventID: 0) (User: )
Description: No se puede iniciar el servicio. System.Configuration.ConfigurationErrorsException: Error en la inicialización del sistema de configuración ---> System.Configuration.ConfigurationErrorsException: Se ha producido un error al cargar el archivo de configuración: Se produjo una excepción en el inicializador de tipo de 'System.MarvinHash'. (C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config) ---> System.TypeInitializationException: Se produjo una excepción en el inicializador de tipo de 'System.MarvinHash'. ---> System.ApplicationException: Código XML no válido en el archivo 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\config\machine.config' cerca del elemento '</section>'. ---> System.Runtime.InteropServices.COMException: Excepción de HRESULT: 0xC00CE560
   en System.BaseConfigHandler.RunParser(String fileName)
   en System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
   --- Fin del seguimiento de la pila de la excepción interna ---
   en System.ConfigTreeParser.Parse(String file...

Error: (10/25/2019 12:47:52 PM) (Source: ImControllerService) (EventID: 0) (User: )
Description: No se puede iniciar el servicio. System.Configuration.ConfigurationErrorsException: Error en la inicialización del sistema de configuración ---> System.Configuration.ConfigurationErrorsException: Se ha producido un error al cargar el archivo de configuración: Se produjo una excepción en el inicializador de tipo de 'System.MarvinHash'. (C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config) ---> System.TypeInitializationException: Se produjo una excepción en el inicializador de tipo de 'System.MarvinHash'. ---> System.ApplicationException: Código XML no válido en el archivo 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\config\machine.config' cerca del elemento '</section>'. ---> System.Runtime.InteropServices.COMException: Excepción de HRESULT: 0xC00CE560
   en System.BaseConfigHandler.RunParser(String fileName)
   en System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
   --- Fin del seguimiento de la pila de la excepción interna ---
   en System.ConfigTreeParser.Parse(String file...

Error: (10/25/2019 12:47:46 PM) (Source: ImControllerService) (EventID: 0) (User: )
Description: No se puede iniciar el servicio. System.Configuration.ConfigurationErrorsException: Error en la inicialización del sistema de configuración ---> System.Configuration.ConfigurationErrorsException: Se ha producido un error al cargar el archivo de configuración: Se produjo una excepción en el inicializador de tipo de 'System.MarvinHash'. (C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config) ---> System.TypeInitializationException: Se produjo una excepción en el inicializador de tipo de 'System.MarvinHash'. ---> System.ApplicationException: Código XML no válido en el archivo 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\config\machine.config' cerca del elemento '</section>'. ---> System.Runtime.InteropServices.COMException: Excepción de HRESULT: 0xC00CE560
   en System.BaseConfigHandler.RunParser(String fileName)
   en System.ConfigTreeParser.Parse(String fileName, String configPath, Boolean skipSecurityStuff)
   --- Fin del seguimiento de la pila de la excepción interna ---
   en System.ConfigTreeParser.Parse(String file...

Error: (10/25/2019 12:31:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (10/25/2019 11:07:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (10/25/2019 09:16:42 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: No se pudo crear el punto de restauración programado. Información adicional: (0x81000101).


System errors:
=============
Error: (10/25/2019 01:39:19 PM) (Source: TPM) (EventID: 12) (User: )
Description: El controlador de dispositivo para el Módulo de plataforma segura (TPM) encontró en el hardware de TPM un error que puede impedir que funcionen correctamente algunas aplicaciones que usen los servicios de TPM. Reinicie el equipo para restablecer el hardware de TPM. Para obtener más ayuda con este problema de hardware, póngase en contacto con el fabricante del equipo a fin de obtener más información.

Error: (10/25/2019 01:26:16 PM) (Source: DCOM) (EventID: 10016) (User: MELU)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario MELU\Melu con SID (S-1-5-21-3977457848-43517965-4287078663-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/25/2019 12:50:41 PM) (Source: DCOM) (EventID: 10016) (User: MELU)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario MELU\Melu con SID (S-1-5-21-3977457848-43517965-4287078663-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/25/2019 12:48:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/25/2019 12:48:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/25/2019 12:46:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/25/2019 12:46:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (10/25/2019 12:46:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2019-10-25 12:17:14.526
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=MonitoringTool:Win32/Ardamax.A!MSR&threatid=259768&enterprise=0
Nombre: MonitoringTool:Win32/Ardamax.A!MSR
Id.: 259768
Gravedad: Grave
Categoría: Software de supervisión
Ruta de acceso: file:_C:\ProgramData\USJWEH\QKB.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: MELU\Melu
Nombre de proceso: C:\Users\melu\Desktop\ZHPCleaner.exe
Versión de firma: AV: 1.305.576.0, AS: 1.305.576.0, NIS: 1.305.576.0
Versión de motor: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-10-25 05:42:58.042
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {76DCA85D-E88E-491A-9AF6-E46FD67A81BB}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-10-25 02:24:00.890
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {041016B2-B044-4B10-92C6-A8D7C68C15BD}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-10-19 12:52:20.600
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {880AC919-5B43-464A-8FDD-D3776E87BA7C}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-10-14 19:33:36.140
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929&enterprise=0
Nombre: VirTool:Win32/Obfuscator.XZ
Id.: 2147625929
Gravedad: Grave
Categoría: Herramienta
Ruta de acceso: file:_E:\Crack\rld.dll
Origen de detección: Equipo local
Tipo de detección: Heurística
Fuente de detección: Protección en tiempo real
Usuario: MELU\Melu
Nombre de proceso: C:\Windows\explorer.exe
Versión de firma: AV: 1.303.659.0, AS: 1.303.659.0, NIS: 1.303.659.0
Versión de motor: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-10-24 11:17:41.873
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.305.541.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.16500.1
Código de error: 0x8050a003
Descripción del error: Este paquete no contiene archivos de definición actualizados para este programa. Para obtener más información, consulte Ayuda y soporte técnico. 

Date: 2019-10-24 11:17:41.872
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.305.541.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.16500.1
Código de error: 0x8050a003
Descripción del error: Este paquete no contiene archivos de definición actualizados para este programa. Para obtener más información, consulte Ayuda y soporte técnico. 

Date: 2019-10-24 11:17:41.871
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.305.541.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.16500.1
Código de error: 0x8050a003
Descripción del error: Este paquete no contiene archivos de definición actualizados para este programa. Para obtener más información, consulte Ayuda y soporte técnico. 

Date: 2019-10-24 11:15:09.913
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.305.363.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16500.1
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-10-19 11:46:39.119
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.305.23.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16500.1
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

CodeIntegrity:
===================================

Date: 2019-10-25 12:45:33.614
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-10-25 03:51:00.410
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-25 03:50:58.446
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-25 03:50:56.465
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-25 03:50:54.981
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-25 03:50:53.255
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-25 03:50:51.428
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-25 03:50:48.213
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

BIOS: Lenovo 1QCN32WW 08/18/2016
Motherboard: LENOVO Nano 5A8
Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics 
Percentage of memory in use: 60%
Total physical RAM: 3490.6 MB
Available physical RAM: 1394.34 MB
Total Virtual: 4130.6 MB
Available Virtual: 1906.54 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:887.08 GB) (Free:242.15 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.39 GB) NTFS

\\?\Volume{6aa64642-e3f7-46ee-9e8f-49c37a74520f}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.52 GB) NTFS
\\?\Volume{926eab2b-6812-4d1d-a730-f1b512cbdf75}\ (LENOVO_PART) (Fixed) (Total:17.21 GB) (Free:6.25 GB) NTFS
\\?\Volume{5ed5a22f-4fb8-49ec-b328-d29b33a83031}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 44EA8245)

Partition: GPT.

==================== End of Addition.txt ============================

Hola @Chris

Siguiendo la ruta, busca este archivo y subelo a VirusTotal, te dejo su Manual.

  • C:\USERS\MELU\DESKTOP\PASAR NUEVO OMAR\DESCARGADO OMAR\RAR\ CHEATENGINE67.EXE

Analizar Archivos / Url en VirusTotal

En tu próxima respuesta nos pegas el enlace del resultado.


Luego sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
C:\Program Files\Common Files\AV\Spybot - Search and Destroy
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\MountPoints2: {03c4e583-b1af-11e8-8540-54e1ad1a037a} - "G:\setup.exe" 
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\MountPoints2: {04c84a40-e51b-11e7-8454-54e1ad1a037a} - "F:\setup.exe" 
BootExecute: autocheck autochk *  
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {380D1BD3-2644-49F0-A0C0-ADFFB415F2B0} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe
C:\Program Files (x86)\AVAST Software
Task: {D7AD6816-FD89-446E-9992-309B488FFCE3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-3977457848-43517965-4287078663-1001 -> DefaultScope {39A6A3D4-F54A-494B-8AB5-16C6BF526E53} URL = 
SearchScopes: HKU\S-1-5-21-3977457848-43517965-4287078663-1001 -> {39A6A3D4-F54A-494B-8AB5-16C6BF526E53} URL = 
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
CHR DefaultSearchURL: Default -> hxxps://ar.search.yahoo.com/search?fr=mcafee&type=C211AR714D20170915&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Extension: (Chrome Media Router) - C:\Users\melu\AppData\Local\Google\Chrome\User Data\Default\Extensions
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
2019-10-25 12:52 - 2019-10-25 13:03 - 013093480 _____ (Piriform Software Ltd) C:\Users\melu\Downloads\Sin confirmar 118071.crdownload
2019-09-26 14:00 - 2019-09-26 14:03 - 010823512 _____ (AVAST Software) C:\Users\melu\Downloads\avastclear.exe
2019-09-29 01:20 - 2017-10-15 22:12 - 000000000 ____D C:\Users\melu\AppData\Roaming\AVAST Software
2019-09-29 01:20 - 2017-10-15 21:54 - 000000000 ____D C:\ProgramData\AVAST Software
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>  -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>  -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>  -> No File
HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [25640 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [70200 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [70712 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [445504 2008-03-13] (Electronic Arts -> On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [445504 2008-03-13] (Electronic Arts -> On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [23080 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [66104 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [66104 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [180224 2010-08-03] () [File not signed]
HKLM\...\StartupApproved\StartupFolder: => "Avast Cleanup Premium.lnk"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
FirewallRules: [{F3645D04-2B70-4795-8D05-D6B5FD69751B}] => (Allow) %systemroot%\system32\alg.exe No File
2019-10-25 12:18 - 2019-09-19 19:56 - 000000000 __SHD C:\ProgramData\USJWEH

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Luego de reiniciar actualiza Java a su ultima versión que lo tienes desactualizado.

Nos comentas como va el equipo.

Salu2.

https://www.virustotal.com/gui/file/a5fb2ca3db9fed8b369f16ca60dede4a1b08a109f2dbeea37efce5580995e8d4/detection

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-10-2019
Ran by Melu (26-10-2019 11:13:08) Run:1
Running from C:\Users\melu\Desktop
Loaded Profiles: Melu (Available Profiles: defaultuser0 & Melu)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
C:\Program Files\Common Files\AV\Spybot - Search and Destroy
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\MountPoints2: {03c4e583-b1af-11e8-8540-54e1ad1a037a} - "G:\setup.exe" 
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\MountPoints2: {04c84a40-e51b-11e7-8454-54e1ad1a037a} - "F:\setup.exe" 
BootExecute: autocheck autochk *  
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {380D1BD3-2644-49F0-A0C0-ADFFB415F2B0} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe
C:\Program Files (x86)\AVAST Software
Task: {D7AD6816-FD89-446E-9992-309B488FFCE3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-3977457848-43517965-4287078663-1001 -> DefaultScope {39A6A3D4-F54A-494B-8AB5-16C6BF526E53} URL = 
SearchScopes: HKU\S-1-5-21-3977457848-43517965-4287078663-1001 -> {39A6A3D4-F54A-494B-8AB5-16C6BF526E53} URL = 
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
CHR DefaultSearchURL: Default -> hxxps://ar.search.yahoo.com/search?fr=mcafee&type=C211AR714D20170915&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Extension: (Chrome Media Router) - C:\Users\melu\AppData\Local\Google\Chrome\User Data\Default\Extensions
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
2019-10-25 12:52 - 2019-10-25 13:03 - 013093480 _____ (Piriform Software Ltd) C:\Users\melu\Downloads\Sin confirmar 118071.crdownload
2019-09-26 14:00 - 2019-09-26 14:03 - 010823512 _____ (AVAST Software) C:\Users\melu\Downloads\avastclear.exe
2019-09-29 01:20 - 2017-10-15 22:12 - 000000000 ____D C:\Users\melu\AppData\Roaming\AVAST Software
2019-09-29 01:20 - 2017-10-15 21:54 - 000000000 ____D C:\ProgramData\AVAST Software
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>  -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>  -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>  -> No File
HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [25640 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [70200 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [70712 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [445504 2008-03-13] (Electronic Arts -> On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [445504 2008-03-13] (Electronic Arts -> On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [23080 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [66104 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [66104 2013-08-05] (Bandisoft -> )
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [180224 2010-08-03] () [File not signed]
HKLM\...\StartupApproved\StartupFolder: => "Avast Cleanup Premium.lnk"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
FirewallRules: [{F3645D04-2B70-4795-8D05-D6B5FD69751B}] => (Allow) %systemroot%\system32\alg.exe No File
2019-10-25 12:18 - 2019-09-19 19:56 - 000000000 __SHD C:\ProgramData\USJWEH

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKU\S-1-5-21-3977457848-43517965-4287078663-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall" => removed successfully
C:\Program Files\Common Files\AV\Spybot - Search and Destroy => moved successfully
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03c4e583-b1af-11e8-8540-54e1ad1a037a} => removed successfully
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04c84a40-e51b-11e7-8454-54e1ad1a037a} => removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{380D1BD3-2644-49F0-A0C0-ADFFB415F2B0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{380D1BD3-2644-49F0-A0C0-ADFFB415F2B0}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast TUNEUP Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast TUNEUP Update" => removed successfully
C:\Program Files (x86)\AVAST Software => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7AD6816-FD89-446E-9992-309B488FFCE3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7AD6816-FD89-446E-9992-309B488FFCE3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-3977457848-43517965-4287078663-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
"HKU\S-1-5-21-3977457848-43517965-4287078663-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3977457848-43517965-4287078663-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39A6A3D4-F54A-494B-8AB5-16C6BF526E53} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
CHR Extension: (Chrome Media Router) - C:\Users\melu\AppData\Local\Google\Chrome\User Data\Default\Extensions => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
C:\Users\melu\Downloads\Sin confirmar 118071.crdownload => moved successfully
C:\Users\melu\Downloads\avastclear.exe => moved successfully
C:\Users\melu\AppData\Roaming\AVAST Software => moved successfully
C:\ProgramData\AVAST Software => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\EPP => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\EPP => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\EPP => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\vidc.mjpg" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\vidc.mpeg" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.bdmpeg" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\vidc.VP60" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\vidc.VP61" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\vidc.mjpg" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\vidc.mpeg" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\msacm.bdmpeg" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.XVID" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\Avast Cleanup Premium.lnk" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AvastUI.exe" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe" => not found
"HKU\S-1-5-21-3977457848-43517965-4287078663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SpybotPostWindows10UpgradeReInstall" => removed successfully
"HKU\S-1-5-21-3977457848-43517965-4287078663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3645D04-2B70-4795-8D05-D6B5FD69751B}" => removed successfully
C:\ProgramData\USJWEH => moved successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 1 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 4 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de red Bluetooth 2 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 1:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 4:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Wi-Fi:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::eda1:e3f5:e643:564%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.109
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

Adaptador de Ethernet Conexi¢n de red Bluetooth 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to cancel {C9A4A1A5-4CF5-40A3-9C78-F19DA44BB6BD}.
Unable to cancel {5A09F801-287C-4CF2-8284-A9E47B20F8C8}.
Unable to cancel {EAB6140A-24C9-4A47-B58D-EAC956104ECE}.
Unable to cancel {90818134-04EA-4DFA-9675-588ADE8C1E6D}.
Unable to cancel {FA18F365-706C-436E-8DAA-0D4678F849F6}.
Unable to cancel {40A2817E-1904-4C20-B146-878CCB4F9274}.
Unable to cancel {36B56D55-7DFF-46AC-B37E-89FC4330730E}.
Unable to cancel {C33466E2-0CFD-46FF-BB56-9D9296A0563B}.
Unable to cancel {4D7F9B24-E17A-40F2-BEF3-707876DA80DD}.
Unable to cancel {9955A15A-E1CB-4B90-A5E5-DEEC80FB83AF}.
Unable to cancel {8DA48FA8-4EB0-4649-96DE-ABB1A246E50B}.
Unable to cancel {B1137BDF-30C6-4B21-927B-DFBDE6367903}.
Unable to cancel {4053ED30-587E-4121-A00C-469685B8B29F}.
Unable to cancel {422602AF-892B-4269-A37E-9EB938C51144}.
Unable to cancel {C42EE05F-084D-404A-B070-142AF738186D}.
0 out of 15 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3977457848-43517965-4287078663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3977457848-43517965-4287078663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 11558912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38309063 B
Java, Flash, Steam htmlcache => 524 B
Windows/system/drivers => 5143750 B
Edge => 3584 B
Chrome => 58990180 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 6656 B
NetworkService => 15276 B
defaultuser0 => 15276 B
melu => 6743850 B

RecycleBin => 0 B
EmptyTemp: => 115.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:16:00 ====

mejoro mucho el rendimiento ahora enciende mucho mas rapido

Hola @Chris

Sobre:

No es solo un Hacktool, 23 soluciones antivirus lo detectan de diferentes maneras, como mínimo es Adware, Malware e incluso es detectado como troyano.

Con el tu equipo no estará nunca limpio. pues descarga otras porquerías, te recomiendo su eliminación.


Que bueno que todo este mejor.:+1:

Para eliminar las herramientas utilizadas:

Descargas/Ejecutas >> Delfix, desde tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >> “Ejecutar como Administrador”)
  • Marca las casilla Remove disinfection tools y Purgue Sistem Restore
  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Nos comentas si todo esta en orden para dar por Solucionado el tema.

Salu2.