Pc lenta y abre monton de paginas

tengo un virus me abre muchas paginas, el pc muy lento , y aparte instalo malwarebytes y al abrirlo me muestra un cuadro de dialogo que dice "unable to connect the service " y busque en internet no he encontrado solucion para eso. corri hijack este es el log espero puedan ayudarme con urgencia: adjunto mi log de hickjackthis porque no me deja publicarlo

hijackthis.txt (22,2 KB)

Hola gorge2004

Desinstala Malwarebytes con su herramienta

Reinicias y cuando te lo indique, vuelves a descargarlos.

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

  • Realiza un Análisis de amenazas, actualizando si te lo pide.
  • Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
  • En el apartado del manual Informes :arrow_forward: Informe de análisis encontrarás el reporte de MBAM, clic en Exportar :arrow_forward: Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

  • Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus.
  • Cierra también todos los programas que tengas abiertos.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
  • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

  • Instala Ccleaner
  • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine :arrow_forward: clic en ejecutar limpiador
  • Clic en la pestaña Registro :arrow_forward: clic en buscar problemas esperas que termine :arrow_forward: clic en Reparar Seleccionadas y haces una copia de seguridad
  • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

Un saludo

el malwarebyte continua con el mismo problema, pase el adwCleaner y ccleaner: aqui esta el log: adwcleaner

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-10-31.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-01-2018
# Duration: 00:00:07
# OS:       Windows 7 Ultimate
# Cleaned:  102
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files\Microleaves
Deleted       C:\Users\waldo\AppData\Roaming\Microleaves
Deleted       C:\Users\waldo\AppData\Local\Temp\publicHotsp
Deleted       C:\Users\waldo\AppData\Local\Temp\bestDownloader
Deleted       C:\Program Files\ShutdownTime
Deleted       C:\Users\waldo\AppData\Local\Temp\ShutdownTime
Deleted       C:\ProgramData\41513DE2-4E07-0
Deleted       C:\ProgramData\41513DE2-2645-1
Deleted       C:\Program Files\RESPAECTSAOLEA
Deleted       C:\Program Files\SALEPPLUS
Deleted       C:\Program Files\FastDataX
Deleted       C:\Users\waldo\AppData\Local\VirtualStore\ProgramData\Speedbit
Deleted       C:\Windows\System32\SSL
Deleted       C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

***** [ Files ] *****

Deleted       C:\Program Files\MOZILLA FIREFOX\DEFAULTS\PREF\SECURE_CERT.JS
Deleted       C:\Users\waldo\AppData\Roaming\Mozilla\Firefox\Profiles\lx05xrye.default\searchplugins\yahoo! powered search.xml
Deleted       C:\Users\waldo\appdata\local\installationconfiguration.xml
Deleted       C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\Tasks\Online Application V2G5.job
Deleted       C:\Windows\System32\Tasks\Online Application V2G5
Deleted       C:\Windows\Tasks\Online Application V2G4.job
Deleted       C:\Windows\System32\Tasks\Online Application V2G4
Deleted       C:\Windows\Tasks\Online Application V2G6.job
Deleted       C:\Windows\System32\Tasks\Online Application V2G6
Deleted       C:\Windows\System32\Tasks\FastDataX Task
Deleted       C:\Windows\Tasks\Online Application V2G2.job
Deleted       C:\Windows\System32\Tasks\Online Application V2G2
Deleted       C:\Windows\Tasks\Online Application V2G3.job
Deleted       C:\Windows\System32\Tasks\Online Application V2G3
Deleted       C:\Windows\Tasks\Online Application V2G1.job
Deleted       C:\Windows\System32\Tasks\Online Application V2G1
Deleted       C:\Windows\Tasks\Updater_Online_Application.job
Deleted       C:\Windows\System32\Tasks\Updater_Online_Application

***** [ Registry ] *****

Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted       HKLM\Software\MICROSOFT\TechnologyDesktopnew
Deleted       HKLM\SOFTWARE\MICROSOFT\Speedycar
Deleted       HKLM\Software\Microleaves
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{522A71EF-FDDD-4D39-8BEB-5B690E486684}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{522A71EF-FDDD-4D39-8BEB-5B690E486684}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFFF90C0-EC6E-455A-9263-719F2F02048C}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFFF90C0-EC6E-455A-9263-719F2F02048C}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{731BB900-782C-4991-9E2F-54EC8C072D2E}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{731BB900-782C-4991-9E2F-54EC8C072D2E}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ShutdownTime
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShutdownTime_is1
Deleted       HKLM\SOFTWARE\b3a2ed89-2afb-9c28-5b82-e0d599e9f3b4
Deleted       HKCU\SOFTWARE\5b558cd0b169be15
Deleted       HKCU\Software\Microsoft\BigTime
Deleted       HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1128573869-3220864355-3001134129-1000\Software\bbrs_002.tb
Deleted       HKCU\Software\Conduit
Deleted       HKLM\Software\Classes\Conduit.Engine
Deleted       HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1128573869-3220864355-3001134129-1000\Software\DataMngr
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FastDataX_is1
Deleted       HKCU\Software\FastDataX
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{140465C7-1513-4C7E-ADBB-3D827FFE6107}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{140465C7-1513-4C7E-ADBB-3D827FFE6107}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FastDataX Task
Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\AlcoholAutomount
Deleted       HKCU\Software\AppDataLow\Software\Smartbar
Deleted       HKLM\Software\Microsoft\DMunversion
Deleted       HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1128573869-3220864355-3001134129-1000\Software\Blabbers
Deleted       HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1128573869-3220864355-3001134129-1000\Software\SBConvert
Deleted       HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1128573869-3220864355-3001134129-1000\Software\SpeedBit
Deleted       HKLM\Software\Classes\Prod.cap
Deleted       HKLM\Software\Classes\ComObject.DeskbarEnabler
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FBD623E-2F3E-46F2-9291-66F817E5CD43}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FBD623E-2F3E-46F2-9291-66F817E5CD43}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D41E5A3D-9C48-43E0-8DA8-3F1C55691E38}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D41E5A3D-9C48-43E0-8DA8-3F1C55691E38}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BCC974B-464E-41CF-B603-0DEFC41E8F60}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BCC974B-464E-41CF-B603-0DEFC41E8F60}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126}
Deleted       HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted       HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AA30A5A-737E-4B7D-8595-0BB7A715CE2F}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AA30A5A-737E-4B7D-8595-0BB7A715CE2F}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
Deleted       HKCU\Software\PRODUCTSETUP
Deleted       HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F
Deleted       HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1128573869-3220864355-3001134129-1000\Software\SweetIM
Deleted       HKCU\Software\MICROSOFT\wewewe
Deleted       HKLM\Software\SrcAAAesom Browser Enhancer
Deleted       HKCU\Software\WajIEnhance
Deleted       HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
Deleted       HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted       HKLM\Software\Microsoft\PrIncub
Deleted       HKLM\Software\Microsoft\MPrForShutT
Deleted       HKLM\Software\Microsoft\PrAmNP
Deleted       HKLM\Software\Microsoft\NSaveA
Deleted       HKLM\Software\Microsoft\APreSam

***** [ Chromium (and derivatives) ] *****

Deleted       Search App by Ask v4
Deleted       Search Manager

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [11435 octets] - [01/11/2018 14:57:22]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Hola

Descarga Farbar Recovery Scan Tool. seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1]:arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo

1 me gusta

log frst

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24.10.2018
Ran by waldo (administrator) on WALDO-PC (01-11-2018 21:58:42)
Running from C:\Users\waldo\Desktop
Loaded Profiles: waldo (Available Profiles: waldo)
Platform: Windows 7 Ultimate Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.3\bin\postgres.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ridden/pretty/thought/received/thrown/right<) C:\ProgramData\{HNZURZ3G-PGKA-2FZQ-XN1Y79PXDUVU}\taskhost.exe
() C:\Users\waldo\AppData\Roaming\AutoHot.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Technitium) C:\Program Files\Technitium\TMACv6.0\TMAC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\waldo\AppData\Roaming\Microsoft\Windows\efuuhsud\atsjfvsu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [amiwout0ld5] => C:\Program Files\Free\804509585.exe [671232 2018-11-01] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-06-17] (Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1128573869-3220864355-3001134129-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13769584 2018-09-19] (Piriform Ltd)
HKU\S-1-5-21-1128573869-3220864355-3001134129-1000\...\RunOnce: [sqgsf] => C:\Users\waldo\AppData\Roaming\AutoHot.exe [586240 2018-11-01] ()
HKU\S-1-5-21-1128573869-3220864355-3001134129-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\mswrbd.exe <==== ATTENTION
HKU\S-1-5-21-1128573869-3220864355-3001134129-1000\...\Winlogon: [Shell] C:\ProgramData\{HNZURZ3G-PGKA-2FZQ-XN1Y79PXDUVU}\taskhost.exe [624816 2018-11-01] (ridden/pretty/thought/received/thrown/right<) <==== ATTENTION
Startup: C:\Users\waldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\efuuhsud.lnk [2018-11-01]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{272587B4-D43C-477A-A368-1ED7DC5E3FF9}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{7822B0EA-B320-4C42-9B5A-0CC7AA80ED2A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7B5119E2-A686-4278-A0D9-6D2665430CAD}: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{7B5119E2-A686-4278-A0D9-6D2665430CAD}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D3CCF5D0-D7A5-43F8-A15E-8713A28CCAE9}: [DhcpNameServer] 200.35.65.5 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-10-11] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2018-11-01] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-10-11] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2018-11-01] (Google Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

FireFox:
========
FF ProfilePath: C:\Users\waldo\AppData\Roaming\Mozilla\Firefox\Profiles\lx05xrye.default [2018-11-01]
FF Homepage: Mozilla\Firefox\Profiles\lx05xrye.default -> about:blank
FF Extension: (No Name) - C:\Users\waldo\AppData\Roaming\Mozilla\Firefox\Profiles\lx05xrye.default\Extensions\@react-devtools.xpi [2018-10-23]
FF HKLM\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files\SpeedBit Video Downloader\SPFireFox => not found
FF HKU\S-1-5-21-1128573869-3220864355-3001134129-1000\...\Firefox\Extensions: [{a3a5c777-f583-4fef-9380-ab4add1bc2a8}] - C:\Windows\zb4add1bc2a8\2.7 => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-10] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-10-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-10-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @raidcall.kr/RCplugin -> C:\Users\waldo\AppData\Roaming\RCKR\plugins\nprcplugin.dll [2012-08-09] (Raidcall)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-21] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1128573869-3220864355-3001134129-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\waldo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1128573869-3220864355-3001134129-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\waldo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1128573869-3220864355-3001134129-1000: @talk.google.com/O1DPlugin -> C:\Users\waldo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1128573869-3220864355-3001134129-1000: @tools.google.com/Google Update;version=3 -> C:\Users\waldo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-1128573869-3220864355-3001134129-1000: @tools.google.com/Google Update;version=9 -> C:\Users\waldo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\waldo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\waldo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.google.co.ve/
CHR Profile: C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Default [2018-11-01]
CHR Extension: (Presentaciones) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-13]
CHR Extension: (Documentos) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-13]
CHR Extension: (Google Drive) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-13]
CHR Extension: (YouTube) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-13]
CHR Extension: (Hojas de cálculo) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-13]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-13]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-13]
CHR Extension: (Gmail) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-13]
CHR Extension: (Chrome Media Router) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-13]
CHR Profile: C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-10-31]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-10-31]
CHR Extension: (Auto Refresh) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko [2018-07-12]
CHR Extension: (Chrome Media Router) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-31]
CHR Profile: C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-01-31]
CHR Extension: (Presentaciones) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-16]
CHR Extension: (Documentos) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-16]
CHR Extension: (Google Drive) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-16]
CHR Extension: (YouTube) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-16]
CHR Extension: (Hojas de cálculo) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-16]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-16]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-16]
CHR Extension: (Gmail) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-16]
CHR Extension: (Chrome Media Router) - C:\Users\waldo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-16]
CHR Profile: C:\Users\waldo\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-16]
CHR HKLM\...\Chrome\Extension: [figdphohhlffelolcabcjpikobidapnk] - C:\Users\waldo\AppData\Local\Temp\figdphohhlffelolcabcjpikobidapnk.crx <not found>
CHR HKLM\...\Chrome\Extension: [hidjnkeodmholilgafgdlgmgggbhnigl] - C:\Users\waldo\AppData\Roaming\SimilarSites\similarsites.crx <not found>
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1128573869-3220864355-3001134129-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S2 HPLinkUpZeroC; C:\Program Files\Hewlett-Packard\HP LinkUp Sender\LinkUpZeroC.exe [258616 2011-02-24] (Hewlett-Packard)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed]
R2 MicroV2Service; C:\Users\waldo\AppData\Local\William\William.dll [581632 2018-11-01] () [File not signed]
S3 npggsvc; C:\Windows\system32\GameMon.des [4323256 2011-03-28] (INCA Internet Co., Ltd.) [File not signed]
S2 rgsender; C:\Program Files\Hewlett-Packard\Remote Graphics Sender\rgsendersvc.exe [372736 2010-12-10] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe [221266 2009-07-21] (IDT, Inc.)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 SZDrvSvc; C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [19456 2012-07-13] (Clarus, Inc.) [File not signed]
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1343400 2011-08-08] ()
S2 YjczOTI1NWY0NDAx; C:\Program Files\YjczOTI1NWY0NDAx\MGM5Y.exe [1201920 2018-10-31] ()
R2 ODQwZDE2N2E5O; rundll32.exe C:\Windows\wsswvhzzfoan.wssj RGSgaxSwymIJMiY [X]
R2 postgresql-9.3; "C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe" runservice -N "postgresql-9.3" -D "C:/Program Files/PostgreSQL/9.3/data" -w [X] <==== ATTENTION
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-08-31] () [File not signed]
S3 apf005; C:\Windows\system32\apf005.sys [14160 2013-12-31] ()
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-11] (Avira GmbH)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109184 2017-01-16] (Samsung Electronics Co., Ltd.)
R3 hprg; C:\Windows\System32\DRIVERS\hprg.sys [8760 2010-12-10] (Hewlett-Packard)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-04-30] (Logitech, Inc.)
R3 mdf16; C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys [18864 2012-06-21] ()
R3 mvd23; C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys [89008 2012-06-21] ()
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0007.sys [37920 2017-09-08] (SoftEther Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-08-02] (Apple Inc.) [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2017-09-18] (Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147072 2017-01-16] (Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [33280 2017-06-13] (The OpenVPN Project)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-11] (Microsoft Corporation)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [113904 2016-11-21] (Oracle Corporation)
U3 a8m69kv7; C:\Windows\system32\Drivers\a8m69kv7.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 apf001; \??\C:\Game\SoftnyxGame\RakionLS\Bin\apf001.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
R1 MWU2Mz; \??\C:\Windows\system32\drivers\MWU2Mz [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-01 21:58 - 2018-11-01 21:59 - 000019721 _____ C:\Users\waldo\Desktop\FRST.txt
2018-11-01 21:58 - 2018-11-01 21:58 - 000000000 ____D C:\FRST
2018-11-01 21:57 - 2018-11-01 21:58 - 001774592 _____ (Farbar) C:\Users\waldo\Desktop\FRST.exe
2018-11-01 15:54 - 2018-11-01 15:54 - 000000929 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-01 15:20 - 2018-11-01 15:20 - 000000000 __SHD C:\ProgramData\{HNZURZ3G-PGKA-2FZQ-XN1Y79PXDUVU}
2018-11-01 14:28 - 2018-11-01 15:53 - 016796856 _____ (Piriform Ltd) C:\Users\waldo\Downloads\ccsetup547.exe
2018-11-01 14:26 - 2018-11-01 15:03 - 000000000 ____D C:\AdwCleaner
2018-11-01 14:26 - 2018-11-01 14:26 - 007592144 _____ (Malwarebytes) C:\Users\waldo\Desktop\adwcleaner_7.2.4.0.exe
2018-11-01 14:06 - 2018-11-01 14:07 - 000566128 _____ (Malwarebytes) C:\Users\waldo\Downloads\mbam-clean-2.3.0.1001.exe
2018-11-01 13:10 - 2018-11-01 13:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-01 13:07 - 2018-11-01 13:08 - 078612224 _____ (Malwarebytes ) C:\Users\waldo\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7607.exe
2018-11-01 08:38 - 2018-11-01 08:38 - 000000000 ____D C:\Program Files\Free
2018-11-01 08:31 - 2018-11-01 08:31 - 001017856 _____ C:\Windows\wsswvhzzfoan.wssj
2018-11-01 08:31 - 2018-11-01 08:31 - 000000000 ____D C:\Users\waldo\AppData\Local\AdvinstAnalytics
2018-11-01 08:31 - 2018-11-01 08:31 - 000000000 ____D C:\Program Files\YjczOTI1NWY0NDAx
2018-11-01 08:30 - 2018-11-01 08:30 - 000722944 _____ C:\Users\waldo\AppData\Local\sham.db
2018-11-01 08:30 - 2018-11-01 08:30 - 000140800 _____ C:\Users\waldo\AppData\Local\installer.dat
2018-11-01 08:29 - 2018-11-01 08:29 - 000586240 _____ C:\Users\waldo\AppData\Roaming\AutoHot.exe
2018-11-01 08:29 - 2018-11-01 08:29 - 000000000 ____D C:\Users\waldo\AppData\Local\William
2018-11-01 08:29 - 2018-11-01 08:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareUpdater5
2018-11-01 08:29 - 2018-11-01 08:29 - 000000000 ____D C:\Program Files\Glarysoft
2018-11-01 08:29 - 2018-11-01 08:29 - 000000000 ____D C:\Program Files (x86)
2018-11-01 07:39 - 2018-11-01 07:39 - 002753248 _____ (Solvusoft ) C:\Users\waldo\Downloads\Setup_WinThruster_2018.exe
2018-11-01 07:27 - 2018-11-01 07:27 - 002820881 _____ C:\Users\waldo\Desktop\El+gran+libro+de+HTML5+CSS3+y+Javascrip.pdf
2018-10-31 16:12 - 2018-10-18 09:44 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-10-31 15:57 - 2018-10-31 16:05 - 080022264 _____ (Malwarebytes ) C:\Users\waldo\Downloads\mb3-setup-35891.35891-3.6.1.2711-1.0.463-1.0.6913.exe
2018-10-31 08:01 - 2018-10-31 08:01 - 002891776 _____ C:\Windows\NDYwYjlhZ.exe
2018-10-31 08:01 - 2018-10-31 08:01 - 000129696 _____ (Disqbas) C:\Windows\system32\Drivers\MWU2Mz
2018-10-31 08:01 - 2018-10-31 08:01 - 000101740 _____ C:\Windows\uninstaller.dat
2018-10-30 11:14 - 2018-10-30 18:59 - 002168832 _____ C:\Users\waldo\Desktop\mapscat.eap
2018-10-30 10:34 - 2018-10-30 10:40 - 783162742 _____ C:\Users\waldo\Downloads\Los Increibles 2 DVDRip Latino [www.unmundodepeliculas.com].avi
2018-10-21 10:44 - 2018-10-21 10:44 - 000001135 _____ C:\Users\Public\Desktop\EasyBCD 2.2.lnk
2018-10-21 10:44 - 2018-10-21 10:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
2018-10-21 10:23 - 2018-10-21 10:23 - 000024576 _____ C:\Users\waldo\Documents\EasyBCD Backup (2018-10-21).bcd
2018-10-21 10:19 - 2018-10-21 10:44 - 000000000 ____D C:\Program Files\NeoSmart Technologies
2018-10-21 10:19 - 2018-10-21 10:19 - 000000000 ____D C:\Users\waldo\AppData\Local\NeoSmart_Technologies
2018-10-13 13:26 - 2017-01-16 02:26 - 000147072 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2018-10-13 13:26 - 2017-01-16 02:26 - 000109184 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
2018-10-11 08:11 - 2018-10-11 08:11 - 000000000 ____D C:\Program Files\Common Files\Oracle
2018-10-11 08:10 - 2018-10-11 08:10 - 000000000 ____D C:\Program Files\Common Files\Java
2018-10-09 08:52 - 2015-07-15 13:18 - 731923716 _____ C:\Users\waldo\Downloads\U131P48.rar
2018-10-08 13:18 - 2018-10-08 13:19 - 021763017 _____ C:\Users\waldo\Downloads\Sr_2018-10-08_01-03-27_PM.mp4
2018-10-07 16:11 - 2018-10-07 16:11 - 000004913 _____ C:\Users\waldo\Downloads\emisor.cfg
2018-10-07 16:08 - 2018-10-07 16:09 - 000004316 _____ C:\Users\waldo\Downloads\XM-24A43C347B48.cfg
2018-10-07 11:53 - 2018-10-07 11:53 - 000017121 _____ C:\Users\waldo\Downloads\icomoon.zip
2018-10-05 07:28 - 2018-10-05 07:28 - 000778140 _____ C:\Users\waldo\Downloads\Tecnologias_y_herramientas_para_el_desarrollo_web_(Modulo_1).pdf
2018-10-05 07:17 - 2018-10-05 07:17 - 003213845 _____ C:\Users\waldo\Downloads\CursoCSS3.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-01 21:29 - 2009-07-14 00:34 - 000025856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-01 21:29 - 2009-07-14 00:34 - 000025856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-01 20:54 - 2017-07-28 12:58 - 000000000 ____D C:\Users\waldo\AppData\LocalLow\Mozilla
2018-11-01 20:38 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\system32\NDF
2018-11-01 20:38 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2018-11-01 20:23 - 2012-01-21 15:32 - 000000282 __RSH C:\ProgramData\ntuser.pol
2018-11-01 19:03 - 2011-10-18 19:22 - 000001066 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1128573869-3220864355-3001134129-1000UA.job
2018-11-01 19:03 - 2011-10-18 19:22 - 000001044 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1128573869-3220864355-3001134129-1000Core.job
2018-11-01 16:29 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-01 16:11 - 2017-07-31 08:50 - 000000000 ____D C:\Users\waldo\AppData\Roaming\CoreFTP
2018-11-01 16:11 - 2015-02-07 18:36 - 000000000 ____D C:\Users\waldo\AppData\Roaming\uTorrent
2018-11-01 16:10 - 2018-05-20 12:05 - 000000000 ____D C:\Users\waldo\Desktop\rs
2018-11-01 16:05 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\ModemLogs
2018-11-01 15:54 - 2011-08-01 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-11-01 15:54 - 2011-08-01 21:23 - 000000000 ____D C:\Program Files\CCleaner
2018-11-01 15:54 - 2011-06-22 13:34 - 000000000 ____D C:\ProgramData\Google
2018-11-01 15:54 - 2011-06-22 13:34 - 000000000 ____D C:\Program Files\Google
2018-11-01 14:09 - 2017-08-08 23:19 - 000002227 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-01 14:09 - 2017-08-08 23:19 - 000002164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-01 13:58 - 2012-05-08 22:11 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-11-01 13:09 - 2012-07-31 17:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-01 13:01 - 2017-07-27 21:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-10-31 20:00 - 2018-08-24 15:24 - 000000000 ____D C:\Users\waldo\.expo
2018-10-31 09:22 - 2018-08-24 15:25 - 004872986 _____ C:\Users\waldo\.babel.json
2018-10-31 08:05 - 2017-12-14 15:33 - 000000000 ____D C:\Users\waldo\Desktop\Manual de JavaScript - Ribes Alba-FL
2018-10-30 10:48 - 2017-08-01 21:53 - 000003861 _____ C:\Users\waldo\.bash_history
2018-10-24 18:56 - 2018-09-01 18:34 - 000000000 ____D C:\Users\waldo\AppData\Roaming\Slack
2018-10-22 14:02 - 2016-03-29 12:19 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-19 09:39 - 2018-09-01 19:38 - 000000000 ____D C:\Users\waldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2018-10-16 17:08 - 2018-09-01 19:38 - 000000000 ____D C:\Users\waldo\AppData\Roaming\Code
2018-10-16 13:21 - 2012-11-17 12:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2018-10-16 12:53 - 2014-11-11 20:50 - 000000000 ____D C:\Users\waldo\AppData\Roaming\Samsung
2018-10-16 12:53 - 2014-11-11 20:16 - 000000000 ____D C:\Program Files\Samsung
2018-10-16 12:53 - 2011-06-22 14:38 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-10-13 13:36 - 2014-11-11 20:16 - 000000000 ____D C:\ProgramData\Samsung
2018-10-11 15:41 - 2018-01-08 15:23 - 000001228 _____ C:\Users\Public\Desktop\Skype.lnk
2018-10-11 15:41 - 2018-01-08 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-10-11 08:11 - 2017-12-16 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-11 08:11 - 2017-12-16 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2018-10-11 08:11 - 2011-07-12 20:07 - 000000000 ____D C:\Program Files\Java
2018-10-11 08:09 - 2017-12-16 15:54 - 000096632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2018-10-10 08:24 - 2012-03-31 12:04 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-10-10 08:24 - 2011-06-22 19:17 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-10-10 08:24 - 2011-06-22 19:17 - 000000000 ____D C:\Windows\system32\Macromed
2018-10-05 19:34 - 2017-10-08 11:17 - 000000000 ____D C:\Users\waldo\AppData\Roaming\avidemux
2018-10-03 20:01 - 2011-06-22 14:02 - 000000000 ____D C:\Users\waldo\AppData\LocalLow\Adobe
2018-10-02 19:39 - 2018-09-01 18:34 - 000002128 _____ C:\Users\waldo\Desktop\Slack.lnk
2018-10-02 19:39 - 2018-09-01 18:34 - 000000000 ____D C:\Users\waldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2018-10-02 19:38 - 2018-09-01 18:33 - 000000000 ____D C:\Users\waldo\AppData\Local\slack
2018-10-02 19:38 - 2018-01-19 10:03 - 000000000 ____D C:\Users\waldo\AppData\Local\SquirrelTemp

==================== Files in the root of some directories =======

2017-07-29 14:41 - 2016-11-09 11:55 - 094751744 ___SH () C:\ProgramData\mswrbd.exe
2017-07-27 14:39 - 2017-07-27 14:41 - 016610704 _____ (EnterpriseDB) C:\Users\waldo\edb_psqlodbc.exe
2018-11-01 08:29 - 2018-11-01 08:29 - 000586240 _____ () C:\Users\waldo\AppData\Roaming\AutoHot.exe
2018-03-09 13:22 - 2018-03-12 19:30 - 000000083 _____ () C:\Users\waldo\AppData\Roaming\Camdata.ini
2018-03-09 13:22 - 2018-03-12 19:30 - 000000408 _____ () C:\Users\waldo\AppData\Roaming\CamLayout.ini
2018-03-09 13:22 - 2018-03-12 19:30 - 000000408 _____ () C:\Users\waldo\AppData\Roaming\CamShapes.ini
2018-03-12 19:30 - 2018-03-12 19:30 - 000004548 _____ () C:\Users\waldo\AppData\Roaming\CamStudio.cfg
2011-09-16 10:32 - 2015-04-08 15:43 - 000001386 _____ () C:\Users\waldo\AppData\Roaming\Rim.Desktop.Exception.log
2011-09-16 10:31 - 2017-07-01 21:15 - 000002352 _____ () C:\Users\waldo\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-09-16 10:33 - 2015-04-08 15:43 - 000001386 _____ () C:\Users\waldo\AppData\Roaming\Rim.DesktopHelper.Exception.log
2018-03-09 09:54 - 2018-03-12 19:23 - 000000096 _____ () C:\Users\waldo\AppData\Roaming\version2.xml
2005-09-10 05:49 - 2012-01-12 22:47 - 000333105 ____H () C:\Users\waldo\AppData\Roaming\waldolog.dat
2011-08-15 16:02 - 2017-08-17 15:07 - 000000600 _____ () C:\Users\waldo\AppData\Roaming\winscp.rnd
2012-03-06 22:06 - 2012-03-06 22:06 - 011895205 _____ () C:\Users\waldo\AppData\Local\cache.ccc
2012-03-06 22:09 - 2012-03-06 22:09 - 000000982 _____ () C:\Users\waldo\AppData\Local\defaultcode.cfg
2012-03-06 22:19 - 2014-05-31 21:15 - 000000018 _____ () C:\Users\waldo\AppData\Local\devcpp.cfg
2012-03-06 22:04 - 2014-05-31 21:15 - 000005057 _____ () C:\Users\waldo\AppData\Local\devcpp.ini
2018-11-01 08:30 - 2018-11-01 08:30 - 000140800 _____ () C:\Users\waldo\AppData\Local\installer.dat
2015-01-28 23:21 - 2015-01-28 23:21 - 000000416 _____ () C:\Users\waldo\AppData\Local\psppirerc
2011-08-16 14:35 - 2011-08-16 18:33 - 000000600 _____ () C:\Users\waldo\AppData\Local\PUTTY.RND
2014-06-07 17:27 - 2014-06-07 17:27 - 000020117 _____ () C:\Users\waldo\AppData\Local\recently-used.xbel
2011-11-28 09:35 - 2017-10-09 13:43 - 000007594 _____ () C:\Users\waldo\AppData\Local\Resmon.ResmonCfg
2018-11-01 08:30 - 2018-11-01 08:30 - 000722944 _____ () C:\Users\waldo\AppData\Local\sham.db
2012-02-01 13:15 - 2012-02-01 13:15 - 000000000 _____ () C:\Users\waldo\AppData\Local\{C867EDD0-C285-4F24-88FB-FD89B46D6176}

Some files in TEMP:
====================
2018-11-01 08:52 - 2018-11-01 08:52 - 000537535 _____ () C:\Users\waldo\AppData\Local\Temp\C9F.tmp.exe
2018-11-01 16:32 - 2017-04-21 11:15 - 000805376 _____ (Microsoft Corporation) C:\Users\waldo\AppData\Local\Temp\cdo1624703136.dll
2018-11-01 08:38 - 2018-11-01 08:38 - 000375522 _____ (                                                            ) C:\Users\waldo\AppData\Local\Temp\ozahf0gkmek.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-26 11:00

==================== End of FRST.txt ============================

log addition:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24.10.2018
Ran by waldo (01-11-2018 22:00:09)
Running from C:\Users\waldo\Desktop
Windows 7 Ultimate Service Pack 1 (X86) (2011-06-22 16:29:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1128573869-3220864355-3001134129-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1128573869-3220864355-3001134129-1002 - Limited - Enabled)
Invitado (S-1-5-21-1128573869-3220864355-3001134129-501 - Limited - Disabled)
waldo (S-1-5-21-1128573869-3220864355-3001134129-1000 - Administrator - Enabled) => C:\Users\waldo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1128573869-3220864355-3001134129-1000\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
AMD USB Audio Driver Filter (HKLM\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Archivos auxiliares de instalación de SQL Server 2008 (español) (HKLM\...\{E63DA847-F2E3-4C9C-8A7C-FCEEF8CD10AB}) (Version: 10.0.1600.22 - Microsoft Corporation)
Ares 2.1.7 (HKLM\...\Ares) (Version: 2.1.7-Build#3041 - Ares Development Group)
ATI Catalyst Install Manager (HKLM\...\{2B34B44F-8307-9645-4705-F2F94A7C2023}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Audacity 1.3.13 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Avidemux 2.7 - 32 bits (32-bit) (HKLM\...\Avidemux 2.7 - 32 bits) (Version: 2.7.0.170814 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.12 - Broadcom Corporation)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.57.1051 - Webteh, d.o.o.)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Compatibilidad con Aplicaciones de Apple (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Core FTP LE (HKLM\...\CoreFTP) (Version:  - )
Counter-Strike 1.6 (HKLM\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Enterprise Architect 7.5 (HKLM\...\{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE}) (Version: 7.5.844.21 - Sparx Systems)
EpicBot (HKLM\...\EpicBot) (Version:  - )
eReg (HKLM\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Escritor de VSS de Microsoft SQL Server (HKLM\...\{965E7C8B-0A2A-4649-89FE-19A8C6416317}) (Version: 10.0.1600.22 - Microsoft Corporation)
Estudio de mejora de productos de HP Deskjet 3050 J610 series (HKLM\...\{2161D304-A4F4-4029-95F3-F9CDDC43853E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Galería de fotos (HKLM\...\{F7314CA2-F900-46D7-9EA1-FBDD9D73F765}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Git version 2.13.3 (HKLM\...\Git_is1) (Version: 2.13.3 - The Git Development Community)
Google Chrome (HKLM\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 3050 J610 series Ayuda (HKLM\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP LinkUp Sender (HKLM\...\{8C6CC89D-E4A5-479E-99BB-FAFCC102FB88}) (Version: 2.01.026 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java 8 Update 181 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Java SE Development Kit 8 Update 151 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180151}) (Version: 8.0.1510.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kantaris Media Player 0.7.7 (HKLM\...\Kantaris_is1) (Version:  - Christofer Persson)
K-Lite Codec Pack 11.0.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 11.0.0 - )
Logitech SetPoint 6.30 (HKLM\...\sp6) (Version: 6.30.43 - Logitech)
MEGAsync (HKLM\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.7 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPRO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{10E05081-646C-4130-A166-83283A3A0A45}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{E34DAFD6-5A63-4CDD-8B03-E2B44A4CB2D6}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Express con SP1 - ESN (HKLM\...\Microsoft Visual C++ 2008 Express Edition with SP1 - ESN) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1128573869-3220864355-3001134129-1000\...\{D628A17A-9713-46BF-8D57-E671B46A741E}_is1) (Version: 1.28.2 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - esn (HKLM\...\{5F5B92D0-B73E-36AF-8589-29F836D9E563}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{044F9133-B8D7-4d11-BF39-803FA20F5C8B}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Movie Maker (HKLM\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{F25C8769-16B6-4B19-BB0B-76F213829AC6}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 63.0.1 (x86 es-ES) (HKLM\...\Mozilla Firefox 63.0.1 (x86 es-ES)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.1.6877 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Node.js (HKLM\...\{67FC9D9F-BA7B-4D29-AA5E-3E55B052D0CD}) (Version: 8.11.2 - Node.js Foundation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OBS Studio (HKLM\...\OBS Studio) (Version: 21.0.1 - OBS Project)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x86) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PostgreSQL 9.3  (HKLM\...\PostgreSQL 9.3) (Version: 9.3 - PostgreSQL Global Development Group)
psqlODBC 09.06.0310 (HKLM\...\psqlODBC 09.06.0310-1) (Version: 09.06.0310-1 - EnterpriseDB)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Remote Graphics Sender (HKLM\...\{2A08C71B-CC60-42EA-8DA2-FE5486E3B20B}) (Version: 5.4.5 - Hewlett-Packard)
Remote Graphics Sender (HKLM\...\{ECC33AB5-323D-49EC-8911-290E8898A227}) (Version: 5.4.5 - Hewlett-Packard) Hidden
Revisión para Microsoft Visual C++ 2008 Express con SP1 - ESN (KB945282) (HKLM\...\{44C52752-1D94-33C0-B76B-722FC1B14AFB}.KB945282) (Version: 1 - Microsoft Corporation)
Revisión para Microsoft Visual C++ 2008 Express con SP1 - ESN (KB946040) (HKLM\...\{44C52752-1D94-33C0-B76B-722FC1B14AFB}.KB946040) (Version: 1 - Microsoft Corporation)
Revisión para Microsoft Visual C++ 2008 Express con SP1 - ESN (KB946308) (HKLM\...\{44C52752-1D94-33C0-B76B-722FC1B14AFB}.KB946308) (Version: 1 - Microsoft Corporation)
Revisión para Microsoft Visual C++ 2008 Express con SP1 - ESN (KB947540) (HKLM\...\{44C52752-1D94-33C0-B76B-722FC1B14AFB}.KB947540) (Version: 1 - Microsoft Corporation)
Revisión para Microsoft Visual C++ 2008 Express con SP1 - ESN (KB947789) (HKLM\...\{44C52752-1D94-33C0-B76B-722FC1B14AFB}.KB947789) (Version: 1 - Microsoft Corporation)
Revisión para Microsoft Visual C++ 2008 Express con SP1 - ESN (KB948127) (HKLM\...\{44C52752-1D94-33C0-B76B-722FC1B14AFB}.KB948127) (Version: 1 - Microsoft Corporation)
Samsung Drive Manager (HKLM\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.148 - Clarus)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Scratch 2 Offline Editor (HKLM\...\{2C137397-289D-BA6B-2B28-A45F1DB08E46}) (Version: 255 - MIT Media Lab) Hidden
SearchAwesome (HKLM\...\YjczOTI1NWY0NDAx) (Version: 13.14.1.303 (i1.0) - SearchAwesome) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype versión 8.30 (HKLM\...\Skype_is1) (Version: 8.30 - Skype Technologies S.A.)
Skype Web Plugin (HKLM\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-1128573869-3220864355-3001134129-1000\...\slack) (Version: 3.3.3 - Slack Technologies)
Software básico del dispositivo HP Deskjet 3050 J610 series (HKLM\...\{D04DCD77-B454-4E4F-824C-2B9504C5ED2C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
SoftwareUpdater5 (HKLM\...\{0D49A2E9-9734-4A4D-91AB-527863DE0DF4}) (Version: 2.0.0 - Glarysoft)
Sql Server Customer Experience Improvement Program (HKLM\...\{C965F01C-76EA-4BD7-973E-46236AE312D7}) (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.0.4.0 - Synaptics Incorporated)
Technitium MAC Address Changer v6.0 (HKLM\...\TMACv6.0) (Version: 6.0 - Technitium)
Typer Solver (HKU\S-1-5-21-1128573869-3220864355-3001134129-1000\...\TyperSolver) (Version: 1.1.1 - Typers)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.2 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\waldo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\waldo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\waldo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\waldo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\waldo\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\waldo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\waldo\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\waldo\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\waldo\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\waldo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\waldo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\waldo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\waldo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\waldo\AppData\Local\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1128573869-3220864355-3001134129-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\waldo\AppData\Local\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\waldo\AppData\Local\MEGAsync\ShellExtX32.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\waldo\AppData\Local\MEGAsync\ShellExtX32.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\waldo\AppData\Local\MEGAsync\ShellExtX32.dll [2017-10-18] ()
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\waldo\AppData\Local\MEGAsync\ShellExtX32.dll [2017-10-18] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers2: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files\Alcohol Soft\Alcohol 120\AxShlex.dll [2014-09-06] (Alcohol Soft Development Team)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\waldo\AppData\Local\MEGAsync\ShellExtX32.dll [2017-10-18] ()
ContextMenuHandlers3: [LinkUpMenuSndExt] -> {D6D30BB8-47C7-4AC5-9554-CDA2C5FA2BE1} => C:\Program Files\Hewlett-Packard\HP LinkUp Sender\LinkUpSndExt.dll [2011-02-24] (Hewlett-Packard Company)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\waldo\AppData\Local\MEGAsync\ShellExtX32.dll [2017-10-18] ()
ContextMenuHandlers4: [DAP_ShredMenu] -> {BED4C38B-F765-45AC-8C56-613F76BBF43E} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\waldo\AppData\Local\MEGAsync\ShellExtX32.dll [2017-10-18] ()
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {070EDA6B-1FDD-480E-91F2-CFB72BFAFCA6} - System32\Tasks\{0A1B2701-2039-4580-87CD-0944C1048C63} => "c:\program files\internet explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.5.0.113.259&LastError=12002
Task: {1A727F9F-EBEE-4699-8774-66B824BB006A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {1E3AAD84-1B6C-45F2-A34B-A215893D141D} - System32\Tasks\{9D577085-6D29-474A-B418-83B46BAB3A70} => C:\Windows\system32\pcalua.exe -a "C:\Users\waldo\Desktop\MFI - Complete\Actualizacion_MML.part10-after installing 1-9 and running.exe" -d "C:\Users\waldo\Desktop\MFI - Complete"
Task: {1FDDE464-F904-4DB2-BA56-D317654AF3BC} - System32\Tasks\{B111692B-734A-4EEC-A16B-950832C0A334} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.6.0.106/es/abandoninstall?page=tsPlugin
Task: {27CA069C-8657-4CF1-9071-D0BEE6077198} - System32\Tasks\{FA3D09A6-F222-44B9-B41B-64386460807A} => C:\Windows\system32\pcalua.exe -a F:\joomla\xampp-win32-1.6.3-installer.exe -d F:\joomla
Task: {2E2B31EF-1BB8-461F-9491-7B114A7ECEEC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1128573869-3220864355-3001134129-1000UA => C:\Users\waldo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {314D6269-9CD5-4E88-AF83-4189AB334685} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1128573869-3220864355-3001134129-1000Core => C:\Users\waldo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {34872022-F2D8-4455-AB35-4B49303693A9} - System32\Tasks\Opera scheduled Autoupdate 2796787680 => C:\Users\waldo\AppData\Roaming\Microsoft\Windows\efuuhsud\atsjfvsu.exe [2017-09-13] ()
Task: {348FE048-6455-4250-B55D-8837624F23AD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-19] (Piriform Ltd)
Task: {3E422CBE-90DF-4509-848E-E05C03DBD309} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-02-18] ()
Task: {3F61C21B-6BB9-49E3-B149-2FDC4C944FE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {46A740CA-B08D-449C-A212-F0741143F125} - System32\Tasks\{AC2F7890-E8F6-4E59-9B96-16032ED6B952} => C:\Windows\system32\pcalua.exe -a "C:\Users\waldo\Downloads\Memu-Setup-3 6\Memu-Setup-3.6.9.0.exe" -d "C:\Users\waldo\AppData\Local\JDownloader 2.0"
Task: {487C038D-7E99-4E6C-87FE-1F7997E1966A} - System32\Tasks\{59897BCB-2AE8-43E6-8665-AFA6E651146C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Nox\bin\Nox_unload.exe"
Task: {56E80CD0-891F-425B-9CF4-A764960FD760} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1128573869-3220864355-3001134129-1000Core => C:\Users\waldo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {59DE8043-0B35-4BBF-8F73-3B139A6232ED} - System32\Tasks\{EDA92A65-A3F3-46E6-9CA5-9A1535309CD2} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Antares Audio Technologies\unins000.exe"
Task: {5A596AB5-BE46-4A9A-95A9-9CD29067CEE2} - System32\Tasks\{B370B132-373B-4C27-9DEA-EDC6CFB73218} => "c:\program files\internet explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.5.0.113.259&LastError=12002
Task: {668D40F9-FAB7-442F-AEE2-95FBE31FBBCB} - System32\Tasks\{F18F0F57-3DBB-4E4C-BF43-6F55DBD47C75} => C:\Windows\system32\pcalua.exe -a "C:\Users\waldo\AppData\Local\Temp\Temp1_Avira Antivirus Premium 10 + Key to 2012.zip\avira_antivir_premium_en.exe" <==== ATTENTION
Task: {66EC4182-3C03-41EF-90FB-6DD527F2D547} - System32\Tasks\{CA85B21D-BA3B-4F9C-BC5E-F8EAC98BEDE4} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.6.0.106/es/abandoninstall?page=tsBing
Task: {67E342F3-E45F-40AD-A123-6F2870B1FDFB} - System32\Tasks\{3EC41E30-67AD-4EF2-8424-69375176D577} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\ATI\CIM\Bin\ATISetup.exe" -d "C:\Program Files\ATI\CIM\Bin"
Task: {76951820-1F77-44E2-AA1B-8B2F086BACA3} - System32\Tasks\{4408F672-2153-44CB-8E53-C8FD250695D6} => C:\Windows\system32\pcalua.exe -a "C:\Users\waldo\Desktop\virtual dub\AuxSetup.exe" -d "C:\Users\waldo\Desktop\virtual dub"
Task: {7A0F9D90-411A-4DB0-8578-B1437D681295} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {7DDC09A0-3563-4468-B832-B4BF392ECF0C} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {85690F6C-A99E-46E1-964D-1612CDEBBE37} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-08] ()
Task: {8B6FD19D-F8EB-4CC8-A9B5-BD6F51E7A7BF} - System32\Tasks\{A736FEDC-E2FB-4A8E-B920-D47D77B2E2E4} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.0.0.126/es/abandoninstall?page=tsProgressBar
Task: {8BA42E9F-41CB-45F5-BE8E-23629D1DB440} - System32\Tasks\{83C001F2-7416-4446-AD28-38A4D8126230} => C:\Windows\system32\pcalua.exe -a C:\Users\waldo\Desktop\sp42439.exe -d C:\Users\waldo\Desktop
Task: {8C3DB535-C1C8-482C-99C2-2C3AAD9AF72E} - System32\Tasks\{7852DA7F-B9FB-4849-B57D-479E6CED678D} => C:\Windows\system32\pcalua.exe -a F:\DataCard_Setup.exe -d F:\
Task: {9BF21363-748E-4F8F-BD54-21A1E613E620} - System32\Tasks\PIVA5QGF31JGUTD4IY => C:\ProgramData\{HNZURZ3G-PGKA-2FZQ-XN1Y79PXDUVU}\taskhost.exe [2018-11-01] (ridden/pretty/thought/received/thrown/right<) <==== ATTENTION
Task: {A770E025-E2D6-4A56-BA9C-2DEDA5A080E6} - System32\Tasks\{BE267E02-01E5-4951-BD53-D160B4840216} => C:\Windows\system32\pcalua.exe -a "C:\Users\waldo\Downloads\Shockwave_Installer_Slim (1).exe" -d C:\Users\waldo\Downloads
Task: {AFC68BA8-DD92-43B0-8F61-AEFAE346C1DA} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-10] (Adobe Systems Incorporated)
Task: {AFE4A9D2-8423-44BD-9879-C960CCD1EDA2} - System32\Tasks\{D67CE9FC-6C80-4E04-A683-C00553227954} => "c:\program files\internet explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.5.0.113.259&LastError=12002
Task: {B705F9CB-A80F-49A6-94F0-9E6085A22584} - System32\Tasks\{FD2A2F15-6529-47F2-BC7D-698E4BF98A04} => msiexec.exe /package "C:\Users\waldo\Downloads\OldSchool.msi"
Task: {B9F09C3A-2BB8-4E95-8843-4F4B55089F0B} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {BCCA8457-16C0-4AF1-92B1-361B51C2322F} - System32\Tasks\{EF619A21-73B9-407F-B79E-0C93285507BD} => "c:\program files\internet explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.2.0.163.217&LastError=404
Task: {BD9DFB20-1DCD-497D-9A54-8DC371AC878C} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {C8209C8D-EDAB-42C8-950C-6625BA0B5E14} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1128573869-3220864355-3001134129-1000 => C:\Users\waldo\AppData\Local\MEGAsync\MEGAupdater.exe [2018-01-15] (Mega Limited)
Task: {E034A9CC-852B-4061-9149-3F54D5CDD7EC} - System32\Tasks\{F2EE2C1D-5DCF-4492-AA2B-A83712011773} => C:\Windows\system32\pcalua.exe -a C:\Users\waldo\Desktop\sp45499.exe -d C:\Users\waldo\Desktop
Task: {E1604B40-7897-489E-ACB3-2A1B054B1DEF} - System32\Tasks\{871E88FC-4D89-4C4B-BFCE-B7AF43108B7D} => "c:\program files\internet explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.5.0.113.259&LastError=12002
Task: {E2E83B29-789D-47E5-ABC7-66505D393BD5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-10] (Adobe Systems Incorporated)
Task: {E369F178-3384-4D9D-B988-B158BDF781A0} - System32\Tasks\{9C590BCF-2F81-4841-B2CC-61444EFDC522} => C:\Windows\system32\pcalua.exe -a C:\Users\waldo\Downloads\setup.exe -d "C:\Program Files\Mozilla Firefox"
Task: {E3A5B652-F3D3-48CB-A934-6468CA92661E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd)
Task: {E3DD9893-D303-4FB9-A8BB-97A68B691AC1} - System32\Tasks\{67F77F34-41F2-4692-A769-423DC9B0EE65} => C:\Windows\system32\pcalua.exe -a "C:\Users\waldo\Downloads\EA 8.0 setup.exe" -d C:\Users\waldo\Downloads
Task: {EC66E9CF-40BE-43D0-B226-5C9F292D3CAA} - System32\Tasks\{11D92390-A7CE-4F83-B38D-D6537914AA2C} => C:\Windows\system32\pcalua.exe -a C:\Users\waldo\AppData\Local\Temp\jre-8u171-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {F1404E54-9F9F-4931-BF09-6A91CA6D3B08} - System32\Tasks\{E886EC1B-4F70-4A57-B33F-62CD3AA4ED22} => msiexec.exe /package "C:\Users\waldo\Downloads\OldSchool.msi"
Task: {F2ACFEA2-99A3-4EB2-AFA2-8AF3D25DFF2E} - System32\Tasks\{E96C979E-86CF-4B56-9534-2BBFCBCF12C3} => C:\Windows\system32\pcalua.exe -a C:\Users\waldo\Downloads\avira_antivir_personal_es(1).exe -d "C:\Program Files\Mozilla Firefox"
Task: {F7D42934-5E60-414D-9DE3-3F8598CAED2A} - System32\Tasks\{7F225CB8-79E4-49FE-B50A-82C787EC20CD} => C:\Windows\system32\pcalua.exe -a "C:\Users\waldo\Desktop\Kernel Detective\Kernel Detective.exe" -d "C:\Users\waldo\Desktop\Kernel Detective"
Task: {FBE51BD9-22D5-435D-814B-E43B3BCB400E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1128573869-3220864355-3001134129-1000UA => C:\Users\waldo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1128573869-3220864355-3001134129-1000Core.job => C:\Users\waldo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1128573869-3220864355-3001134129-1000UA.job => C:\Users\waldo\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\waldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\waldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\waldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Jorge - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --disable-quic
ShortcutWithArgument: C:\Users\waldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --ignore-certificate-errors to Chrome desktop shortcut --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2018-11-01 08:29 - 2018-11-01 08:29 - 000581632 _____ () c:\users\waldo\appdata\local\william\william.dll
2018-11-01 08:31 - 2018-11-01 08:31 - 001017856 _____ () C:\Windows\wsswvhzzfoan.wssj
2017-07-27 14:24 - 2017-05-09 02:08 - 000139776 _____ () C:\Program Files\PostgreSQL\9.3\bin\LIBPQ.dll
2017-07-27 14:26 - 2016-08-02 04:10 - 001738752 _____ () C:\Program Files\PostgreSQL\9.3\bin\libxml2.dll
2017-10-18 17:58 - 2017-10-18 17:58 - 000570368 _____ () C:\Users\waldo\AppData\Local\MEGAsync\ShellExtX32.dll
2013-09-05 00:44 - 2013-09-05 00:44 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2011-06-24 08:03 - 2011-05-28 22:34 - 000140288 _____ () C:\Program Files\WinRAR\rarext.dll
2018-11-01 08:29 - 2018-11-01 08:29 - 000586240 _____ () C:\Users\waldo\AppData\Roaming\AutoHot.exe
2018-09-19 04:13 - 2018-09-19 04:13 - 000095168 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
2018-01-08 13:15 - 2017-09-13 11:08 - 000169984 ___SH () C:\Users\waldo\AppData\Roaming\Microsoft\Windows\efuuhsud\atsjfvsu.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-10-09 17:43 - 2018-11-01 08:37 - 008389131 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1128573869-3220864355-3001134129-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.8.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: jswpbapi => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Drive Manager Real-Time.lnk => C:\Windows\pss\Samsung Drive Manager Real-Time.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^waldo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ares => "C:\Program Files\Ares\Ares.exe" -h
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BingSvc => C:\Users\waldo\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: com.squirrel.slack.slack => "C:\Users\waldo\AppData\Local\slack\Update.exe" --processStart "slack.exe" --process-start-args "--startup"
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: Facebook Update => "C:\Users\waldo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => C:\Users\waldo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files\Jumpstart\jswtrayutil.exe"
MSCONFIG\startupreg: MinerGateGui => C:\Program Files\MinerGate\minergate.exe --auto
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Samsung Drive Manager => C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient.exe" /uihelp
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Tuxler => "C:\Program Files\Tuxler Proxy\TuxlerProxy.exe" --auto-start
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{7C2CECD9-C689-4895-B438-9A6A9E19DD8C}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{DF837369-BA16-4C61-BD93-BD5101EA63F0}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{CA0FD7A8-024B-472C-833C-1C5C7C2568E4}C:\program files\ares\ares.exe] => (Block) C:\program files\ares\ares.exe
FirewallRules: [UDP Query User{1950F966-8CDE-4A51-A8A6-4870D0C477F0}C:\program files\ares\ares.exe] => (Block) C:\program files\ares\ares.exe
FirewallRules: [TCP Query User{91ECC97A-78EE-43A7-96AF-252B128EED33}C:\program files\hewlett-packard\hp linkup sender\linkupftsender.exe] => (Block) C:\program files\hewlett-packard\hp linkup sender\linkupftsender.exe
FirewallRules: [UDP Query User{711CB321-5E9D-4942-BB95-F0CFE18CB063}C:\program files\hewlett-packard\hp linkup sender\linkupftsender.exe] => (Block) C:\program files\hewlett-packard\hp linkup sender\linkupftsender.exe
FirewallRules: [{BCDD8E2D-2F39-4BE2-84A5-EBF4B21D8FE1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0F5F8418-4483-4AEF-8DD4-1B048CB5283E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9F08A43A-9C78-4F10-B8E2-BF291057E654}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FEEC80EF-FE42-40EA-B616-A0D21320AE7B}] => (Allow) LPort=2869
FirewallRules: [{1F03C8BF-40D8-45C4-B15D-E055A9B5E80C}] => (Allow) LPort=1900
FirewallRules: [{E61FFD18-B311-4855-96E5-065BCBAEF545}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{82C5A67E-F4E7-4F9A-B131-BCBC9846B51E}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{4A03F7A5-01A8-4F80-B0E7-A15358524E6B}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{F2159A84-535C-4717-8163-30F560AA94FB}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{13FFF003-154C-4A7F-9C9E-D847CF337A04}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{ECFC6E69-CFFF-4565-9833-5E34925DE5C8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{D9219BE1-6215-4203-9104-E5B0B2810EB7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2018 03:55:12 PM) (Source: ESENT) (EventID: 104) (User: )
Description: DllHost (5648) WebCacheLocal: El motor de base de datos detuvo la instancia (0) con el error (-510).

Error: (11/01/2018 03:55:11 PM) (Source: ESENT) (EventID: 492) (User: )
Description: DllHost (5648) WebCacheLocal: La secuencia de archivos de registro de "C:\Users\waldo\AppData\Local\Microsoft\Windows\WebCache\" se interrumpió por un error grave. No será posible realizar futuras actualizaciones en las bases de datos que utilicen esta secuencia de archivos de registro. Corrija el problema y reinicie, o restaure desde una copia de seguridad.

Error: (11/01/2018 03:55:11 PM) (Source: ESENT) (EventID: 413) (User: )
Description: DllHost (5648) WebCacheLocal: No se puede crear un nuevo archivo de registro, la base de datos no puede escribir en la unidad de registro. Puede que la unidad sea de sólo lectura, no tenga espacio disponible, esté incorrectamente configurada o esté dañada. Error -1022.

Error: (11/01/2018 03:55:11 PM) (Source: ESENT) (EventID: 486) (User: )
Description: DllHost (5648) WebCacheLocal: Al intentar mover el archivo "C:\Users\waldo\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log" a C:\Users\waldo\AppData\Local\Microsoft\Windows\WebCache\V01.log se produjo el error de sistema 183 (0x000000b7): "No se puede crear un archivo que ya existe. ". La operación para mover el archivo se cerrará con el error -1022 (0xfffffc02).

Error: (11/01/2018 03:11:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Explorer.EXE, versión: 6.1.7601.23537, marca de tiempo: 0x57c44cc4
Nombre del módulo con errores: kernel32.dll, versión: 6.1.7601.23889, marca de tiempo: 0x598d4d1d
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00040397
Id. del proceso con errores: 0xbd0
Hora de inicio de la aplicación con errores: 0x01d47215b8940fa9
Ruta de acceso de la aplicación con errores: C:\Windows\Explorer.EXE
Ruta de acceso del módulo con errores: C:\Windows\system32\kernel32.dll
Id. del informe: f0fe8951-de09-11e8-8f59-0094b20e05da

Error: (11/01/2018 02:48:53 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x00000000.

Error: (11/01/2018 02:48:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
0x8007043C

Error: (11/01/2018 02:10:09 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {75059bd0-27a9-4c04-b50f-de1cec5f26b7}


System errors:
=============
Error: (11/01/2018 09:29:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio YjczOTI1NWY0NDAx no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (11/01/2018 09:29:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio YjczOTI1NWY0NDAx.

Error: (11/01/2018 08:37:58 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1083" al intentar iniciar el servicio winmgmt con argumentos "" para ejecutar el servidor:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (11/01/2018 08:29:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio YjczOTI1NWY0NDAx no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (11/01/2018 08:29:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio YjczOTI1NWY0NDAx.

Error: (11/01/2018 07:29:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio YjczOTI1NWY0NDAx no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (11/01/2018 07:29:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio YjczOTI1NWY0NDAx.

Error: (11/01/2018 06:29:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio YjczOTI1NWY0NDAx no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.


Windows Defender:
===================================
Date: 2011-06-27 20:27:58.730
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{D55E726B-8C00-41BE-B120-9165B8D96E21}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:waldo-PC\waldo

Date: 2011-06-27 20:27:54.531
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{3EF1A9E0-D90F-42E3-A4CF-02C9C192EB54}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:waldo-PC\waldo

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 49%
Total physical RAM: 3003.21 MB
Available physical RAM: 1510 MB
Total Virtual: 6004.74 MB
Available Virtual: 4215.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:142.42 GB) NTFS

\\?\Volume{4df07745-9cea-11e0-ab0f-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 000CD368)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

@gorge2004 no realices nada que yo no te haya indicado, nos puede hacer cambios en el equipo para lo que ya no nos serviría el reporte de Frst.

En cuanto lo revise vuelvo con una respuesta.

Un saludo

1 me gusta

Esta bien pero ahora LA PC enciende y cuando inicia, me muestra el mensaje que window no es original . lo cierro y la pantalla no carga Nada . intento presionando las teclas win + r . tambien intento iniciar end modo seguro y all iniciar me lanzan un mensaje diciendo: error ‘53’ file no found: << @

Hola

Has realizado algo después de analizar y limpiar con AdwCleaner?

Con FRST no se ha tocado nada, solo se ha analizado tu equipo.

Ese error suele salir cuando falta un .DLL, ya sea porqué se ha eliminado.

El Windows es original o pirateado.

Un saludo

no, no he hecho nada despues del adwcleaner solo ejecutar el frst.exe , ya pude hacer que cargara el inicio moviendo el mouse en circulos como por 1-2 min. el pc esta lentisiomo y revise los proceso a travez del administrador de tarea y existe un monton de procesos llamados cohost.exe ejecutandose como 10 veces al igual que la cmd.exe un monton de veces,al igual uno llamadao autohost.exe , otro mas con un monton de atsjf.exe, un monton de procesos firefox.exe, un monton de proceso de explorer.exe, lo unico que tengo abierto en la pc es esta pestaña para responderte

buenas el virus ahora se propago por todo el sistema . me ha infectado todo. todos mis archivos tienen una nueva extension .no_more_ransom no puedo usar nada . por favor ayuda tengo todo mi trabajos pendiente en mi pc necesito desinfectar lo mas rapido posible

Hola

Esto no te pasaba antes, te has infectado de nuevo pero está vez con algo más delicado, es un ransomware.

Lo primero que vas ha hacer, es mirar que tipo de rasonware es y si hay herramienta para poder desencriptar los archivos.

Sube un archivo a ID-Ransomware

Nos comentas que es lo que dice.

Un saludo

no me infectado nuevamente . siempre estuve el mismo virus solo he ejecutado lo que usted me ha dicho solo que hasta el momento no me habia dado porque no usaba la pc esperando su respuesta y tengo desde entonces sin poder trabajar. ya visite el id-ransom-ware y me dice esto " Este ransomware no tiene ninguna forma conocida para descifrar los datos en este momento."

Hola

Lamentablemente, como pudiste ver, no hay forma de que recuperes los archivos, puedes guardarlos en un USB por si en un futuro crearan alguna herramienta par desencriptarlos.

Vas a analizar con ESET Online para que elimine si encuentra algo en tu equipo.

Sigue los pasos que se indica en el manual: Manual Eset Online

Trae el reporte y nos comentas como sigue el problema de los navegadores.

Un saludo

Una cosa antes . Tampoco puede ni siquieta abrir la ruta de las capertas porque todo esta encriptado tanto carpetas como archivos y todo . Ni siquiera puedo abrir el explorador ni acceder de forma normal a la carpeta de descarga . No sera mejor formatear?

Hola

En el estado que está tu equipo, lo mejor es que formatees.

Si no tienes copias de tus archivos, puedes guardar lo que te interese en un Usb.

Nos comentas si damos el tema por terminado.

Un saludo

disculpe la tardanza pero decidi formatear la pc, ya que consideraba que era la mejor opcion . con eso solucione

Hola

Me parece muy bien, en estos casos es lo mejor :+1:

Gracias por confiar en ForoSpyware. Ha sido un placer ayudarte :manos:

Me alegro que se te haya resuelto.

Un saludo