Pc muy lenta

#1

Buenos días! me alegra mucho la renovacion del espacio! he perdido mi usuario, pero no hay inconvenientes… vuelvo con otro!!! quisiera si pudieran ayudarme a seguir los pasos correctos y necesarios para limpiar mi pc, pues la encuentro por demas lenta!

Mil gracias a quien pueda ayudarme!!!

#2

Buenas @kaborda bienvenido al Foro.

Para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos Javier.

#3

gracias Javier por tu ayuda!!!

aqui los reportes que pides:

Malwarebytes

www.malwarebytes.com

-Detalles del registro-

Fecha del análisis: 15/5/19

Hora del análisis: 13:56

Archivo de registro: 670afb3a-7732-11e9-961a-c8600098208d.json

-Información del software-

Versión: 3.7.1.2839

Versión de los componentes: 1.0.586

Versión del paquete de actualización: 1.0.10597

Licencia: Gratis

-Información del sistema-

SO: Windows 7 Service Pack 1

CPU: x64

Sistema de archivos: NTFS

Usuario: Kadi-PC\Kadi

-Resumen del análisis-

Tipo de análisis: Análisis de amenazas

Análisis iniciado por:: Manual

Resultado: Completado

Objetos analizados: 332232

Amenazas detectadas: 106

Amenazas en cuarentena: 106

Tiempo transcurrido: 9 min, 39 seg

-Opciones de análisis-

Memoria: Activado

Inicio: Activado

Sistema de archivos: Activado

Archivo: Activado

Rootkits: Desactivado

Heurística: Activado

PUP: Detectar

PUM: Detectar

-Detalles del análisis-

Proceso: 0

(No hay elementos maliciosos detectados)

Módulo: 0

(No hay elementos maliciosos detectados)

Clave del registro: 3

PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{632F07F3-19A1-4D16-A23F-E6CE9486BAB5}, En cuarentena, [210], [236865],1.0.10597

PUP.Optional.Conduit, HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}, En cuarentena, [210], [236865],1.0.10597

PUP.Optional.WebCake, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WebCakeUpdaterService, En cuarentena, [200], [591930],1.0.10597

Valor del registro: 4

PUP.Optional.Conduit, HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}|URL, En cuarentena, [210], [236865],1.0.10597

PUP.Optional.BrowserProtect, HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TABBEDBROWSING|BPROTECTSHOWTABSWELCOME, En cuarentena, [931], [538248],1.0.10597

PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|khjpojamndoobgfcfnkjfncgjlcebpel, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.Spigot.Generic, HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|gmgiiocfodgcfaeilhgikbhhkplfolkf, En cuarentena, [216], [495178],1.0.10597

Datos del registro: 0

(No hay elementos maliciosos detectados)

Secuencia de datos: 0

(No hay elementos maliciosos detectados)

Carpeta: 21

PUP.Optional.MindSpark.Generic, C:\USERS\KADI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Local Extension Settings\khjpojamndoobgfcfnkjfncgjlcebpel, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\_locales\en, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\_metadata, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\_locales, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\config, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\icons, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\USERS\KADI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\KHJPOJAMNDOOBGFCFNKJFNCGJLCEBPEL, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.Spigot.Generic, C:\USERS\KADI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Sync Extension Settings\gmgiiocfodgcfaeilhgikbhhkplfolkf, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\_locales\en, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\html\popup, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\_metadata, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\js\popup, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\_locales, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\newtab, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\html, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\css, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\js, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\USERS\KADI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\GMGIIOCFODGCFAEILHGIKBHHKPLFOLKF, En cuarentena, [216], [495178],1.0.10597

Archivo: 78

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\khjpojamndoobgfcfnkjfncgjlcebpel\000003.log, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\khjpojamndoobgfcfnkjfncgjlcebpel\CURRENT, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\khjpojamndoobgfcfnkjfncgjlcebpel\LOCK, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\khjpojamndoobgfcfnkjfncgjlcebpel\LOG, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\khjpojamndoobgfcfnkjfncgjlcebpel\MANIFEST-000001, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\USERS\KADI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Sustituido, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\USERS\KADI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, Sustituido, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\USERS\KADI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\KHJPOJAMNDOOBGFCFNKJFNCGJLCEBPEL\13.870.15.8467_0\MANIFEST.JSON, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\config\config.json, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\icons\icon128.png, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\icons\icon16.png, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\icons\icon19disabled.png, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\icons\icon19on.png, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\icons\icon48.png, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\meta.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\ajax.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\babAPI.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\babClickHandler.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\babContentScript.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\babContentScriptAPI.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\background.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\browserUtils.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\chrome.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\contentScriptConnectionManager.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\dateTimeUtils.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\dlp.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\dlpHelper.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\extensionDetect.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\index.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\localStorageContentScript.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\logger.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\offerService.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\pageUtils.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\PartnerId.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\polyfill.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\product.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\remoteConfigLoader.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\splashPageLocalStorageSetter.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\splashPageRedirectHandler.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\storageUtils.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\TemplateParser.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\ul.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\urlFragmentActions.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\urlUtils.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\util.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\webtooltabAPI.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\js\webTooltabAPIProxy.js, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\_locales\en\messages.json, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\_metadata\verified_contents.json, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.MindSpark.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel\13.870.15.8467_0\newtabpage.html, En cuarentena, [1756], [443121],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Extension Settings\gmgiiocfodgcfaeilhgikbhhkplfolkf\000003.log, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Extension Settings\gmgiiocfodgcfaeilhgikbhhkplfolkf\CURRENT, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Extension Settings\gmgiiocfodgcfaeilhgikbhhkplfolkf\LOCK, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Extension Settings\gmgiiocfodgcfaeilhgikbhhkplfolkf\LOG, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Extension Settings\gmgiiocfodgcfaeilhgikbhhkplfolkf\LOG.old, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Sync Extension Settings\gmgiiocfodgcfaeilhgikbhhkplfolkf\MANIFEST-000001, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\USERS\KADI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Sustituido, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\USERS\KADI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, Sustituido, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\USERS\KADI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\GMGIIOCFODGCFAEILHGIKBHHKPLFOLKF\1.0_0\BACKGROUND.JS, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\css\description.css, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\css\popup.css, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\html\popup\description.html, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\html\popup\popup.html, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\js\popup\popup.js, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\js\userNewTab.js, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\newtab\newtab.html, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\_locales\en\messages.json, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\_metadata\computed_hashes.json, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\_metadata\verified_contents.json, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\contentscript.js, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\icon.png, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.Spigot.Generic, C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmgiiocfodgcfaeilhgikbhhkplfolkf\1.0_0\manifest.json, En cuarentena, [216], [495178],1.0.10597

PUP.Optional.OpenCandy, C:\USERS\KADI\APPDATA\ROAMING\BITTORRENT\UPDATES\7.9.1_31141.EXE, En cuarentena, [1154], [640283],1.0.10597

PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.7\STANDALONEPHASE1.DAT, En cuarentena, [8024], [393793],1.0.10597

Adware.Elex.ShrtCln, C:\USERS\KADI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Sustituido, [272], [454748],1.0.10597

Adware.Elex.ShrtCln, C:\USERS\KADI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Web Data, Sustituido, [272], [454748],1.0.10597

Adware.Elex.ShrtCln, C:\USERS\KADI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Sync Data\SyncData.sqlite3, Sustituido, [272], [454748],1.0.10597

Adware.Elex.ShrtCln, C:\USERS\KADI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Web Data, Sustituido, [272], [454748],1.0.10597

Sector físico: 0

(No hay elementos maliciosos detectados)

WMI: 0

(No hay elementos maliciosos detectados)

(end)
#4
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-03.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-15-2019
# Duration: 00:00:07
# OS:       Windows 7 Ultimate
# Cleaned:  42
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\AnyFlix
Deleted       C:\Program Files (x86)\Carambis
Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carambis
Deleted       C:\Users\Kadi\AppData\LocalLow\HPAppData
Deleted       C:\Users\Kadi\AppData\Local\VirtualStore\ProgramData\Tencent
Deleted       C:\Users\Kadi\AppData\Roaming\Carambis
Deleted       C:\Users\Kadi\AppData\Roaming\HPAppData
Deleted       C:\Users\Kadi\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
Deleted       C:\Users\Kadi\AppData\Roaming\WinZip\WinZipDU
Deleted       C:\Users\Public\Documents\dmp
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\0116TBUPDATEINFO
Deleted       C:\Windows\Tasks\0116TBUPDATEINFO.JOB

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B5D5DBD-C857-4377-A755-06E50B4AC2B0}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{639B74F1-0594-432C-97C8-68C8C17A1E1D}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Deleted       HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost.exe
Deleted       HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E46BA27-A526-471B-AA5E-793076CE9985}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E46BA27-A526-471B-AA5E-793076CE9985}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0116TBUPDATEINFO
Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
Deleted       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
Deleted       HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
Deleted       HKLM\Software\1832BFF4F2BF43989682B0AF5ECB8F68
Deleted       HKLM\Software\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Deleted       HKLM\Software\Classes\qmgcfiles
Deleted       HKLM\Software\DivX\Install\Setup\WizardLayout\UniblueDriverScanner
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B81759E6-5669-4DB3-A3A7-6CD76555DE1D}_is1
Deleted       HKLM\Software\Wow6432Node\1832BFF4F2BF43989682B0AF5ECB8F68
Deleted       HKLM\Software\Wow6432Node\MaxPower
Deleted       HKLM\Software\Wow6432Node\\Loader|Iminent
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost.exe
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD|BackgroundHost.exe
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\Iminent
Deleted       HKU\.DEFAULT\SOFTWARE\83055D39AB3A713C1F4B8002FF2016B7
Deleted       HKU\.DEFAULT\SOFTWARE\d4d68ce23eed48
Deleted       HKU\S-1-5-18\SOFTWARE\83055D39AB3A713C1F4B8002FF2016B7
Deleted       HKU\S-1-5-18\SOFTWARE\d4d68ce23eed48

***** [ Chromium (and derivatives) ] *****

Deleted       Bing Search Engine

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5430 octets] - [15/05/2019 14:39:25]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
#6
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64 
Ran by Kadi (Administrator) on 15/05/2019 at 14:56:19,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 9 

Successfully deleted: C:\Users\Kadi\Documents\add-in express (Folder) 
Successfully deleted: C:\Users\Kadi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ATNYKI5A (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Kadi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRY2S2VM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Kadi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S223F7TP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Kadi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2UI5175 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ATNYKI5A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRY2S2VM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S223F7TP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2UI5175 (Temporary Internet Files Folder) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/05/2019 at 15:00:36,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#7

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05.2019 01

Ran by Kadi (administrator) on KADI-PC (15-05-2019 15:06:13)

Running from C:\Users\Kadi\Desktop

Loaded Profiles: Kadi (Available Profiles: Kadi)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)

Internet Explorer Version 10 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(AVG Netherlands B.V. -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\AVGBrowserCrashHandler.exe

(AVG Netherlands B.V. -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\AVGBrowserCrashHandler64.exe

(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe

(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe

(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe

(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe

(Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [308656 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle America, Inc. -> Oracle Corporation)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->

HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->

HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Kadi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape -> Octoshape ApS)

HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-21] (Glarysoft Ltd -> Glarysoft Ltd)

HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\Run: [deskPDF Creator] => C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe [2346664 2013-11-02] (Docudesk -> Docudesk Corporation)

HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\Run: [BingSvc] => C:\Users\Kadi\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (Microsoft Corporation -> © 2015 Microsoft Corporation)

HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53540200 2019-03-26] (Skype Software Sarl -> Skype Technologies S.A.)

HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)

HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Windows -> Microsoft Corporation)

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

HKLM\...\Drivers32: [vidc.tscc] => C:\Windows\SysWOW64\tsccvid.dll [411480 2010-03-04] (TechSmith Corporation -> TechSmith Corporation)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-02] (Google LLC -> Google Inc.)

HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{48F69C39-1356-4A7B-A899-70E3539D4982}] -> C:\Program Files (x86)\AVG\Browser\Application\73.0.762.88\Installer\chrmstp.exe [2019-04-25] (AVG Technologies USA, Inc. -> AVG Technologies)

HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)

HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-04-30]

ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (WinZip Computing LLC -> Nico Mak Computing)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-04-30]

ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing LLC -> WinZip Computing, S.L.)

BootExecute: autocheck autochk * BootDefrag.exe

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04CF1E0B-5A5B-4A27-9723-8EAD78432910} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2408496 2019-04-05] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

Task: {2908128C-D59C-412C-A007-FC6738E6BFB6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig

Task: {2908128C-D59C-412C-A007-FC6738E6BFB6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent

Task: {2908128C-D59C-412C-A007-FC6738E6BFB6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)

Task: {2CCA1932-186A-4234-A631-38DFAA52645B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)

Task: {3656B5CC-6D81-48AB-BC25-C55D5EEA54AE} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris\Trojan Remover\ltr.exe

Task: {3C62CAC6-2AED-4FD0-80B0-2660916411F7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime

Task: {3C62CAC6-2AED-4FD0-80B0-2660916411F7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)

Task: {4CB93F94-BEF8-4BE8-99B0-56A98E723A94} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [1956064 2019-04-11] (AVG Technologies USA, Inc. -> AVG Technologies)

Task: {5959D32E-E8C5-4FDA-B8F7-E8EA32433DDF} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-14] (Adobe Inc. -> Adobe)

Task: {5E013F6A-7C8D-4F2F-B730-83702D6082C5} - System32\Tasks\{35EF8130-3EBB-44AA-A910-00E7BCFA3ECA} => C:\Windows\system32\pcalua.exe -a C:\Users\Kadi\Downloads\Evernote_5.2.1.3108.exe -d C:\Users\Kadi\Downloads

Task: {5E7B2E85-A448-42C7-AFC5-4D7BC848A63D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-16] (Google Inc -> Google Inc.)

Task: {61243E1C-AE54-45B8-BE37-48484BFD12A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Task: {71439002-ED37-46AC-A37C-77F8E32B65B6} - \{7A7E0E47-057D-7879-0B11-0E0F7E7A110D} -> No File <==== ATTENTION

Task: {8226F10A-D5A7-4C84-AEBD-43518B9AD5B6} - System32\Tasks\{E62F500C-EC60-459E-991E-0296C9CA0BB5} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Adobe\Acrobat 7.0\Setup Files\RdrBig705\ENU\setup.exe" -d "C:\Program Files (x86)\Adobe\Acrobat 7.0\Setup Files\RdrBig705\ENU"

Task: {92679049-800D-4EA0-AD69-BD12DA80F217} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-16] (Google Inc -> Google Inc.)

Task: {99F38B41-EBAA-4263-8DF1-77BC9E8AB34B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent

Task: {99F38B41-EBAA-4263-8DF1-77BC9E8AB34B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)

Task: {9C7C7558-3868-42AA-A545-07705A9F2E32} - System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [1956064 2019-04-11] (AVG Technologies USA, Inc. -> AVG Technologies)

Task: {9F1AD998-F716-4362-A3EA-4666D596BF71} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

Task: {A0BB5884-ECDA-469F-90F2-EB7755FF6E55} - System32\Tasks\{35D2BFDF-605B-4F7A-88A0-8039EAFF597D} => C:\Windows\system32\pcalua.exe -a D:\100-descargas\SetupDWGTrueView2014_ENU_64bit.sfx.exe -d D:\100-descargas

Task: {B0D8494D-986A-4075-A20B-7C9F4DB7C659} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3362957246-3994920205-2013797631-1000Core => C:\Users\Kadi\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: {B580556D-0B36-4E08-9E0B-24031CE5861C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1642672 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

Task: {B8922CA2-2382-414D-B5B6-7A00B3C0AB26} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [16832 2015-07-08] (LENOVO -> Lenovo)

Task: {B924DC20-2A24-4E04-BD53-C3F7F49EBC45} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-12-02] (AVG Netherlands B.V. -> AVG Technologies)

Task: {BDC6D560-6B3A-4B58-97FC-344FBE223E46} - System32\Tasks\{4442066F-B891-47C9-909B-36BDD5781588} => C:\Windows\system32\pcalua.exe -a C:\Users\Kadi\Downloads\SetupDWGTrueView2013_32bit.exe -d C:\Users\Kadi\Downloads

Task: {C2B56D43-4EE7-4D11-A3B6-09777A45E401} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

Task: {C38599BA-0CDD-4D2D-99B6-5CBC6E6F4D65} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2970544 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

Task: {C5552996-FD41-40C3-81DA-C66EB9FB8C16} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe

Task: {DA390D64-69BF-42EC-9223-464462D3E7C5} - System32\Tasks\CCleaner Update => C:\Program Files (x86)\CCleaner\CCUpdate.exe [619416 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)

Task: {DA877DC6-3298-4D82-877E-6A04F8314A95} - System32\Tasks\{34337A51-0D28-404D-AEA5-909CEDF1AB4A} => C:\Windows\system32\pcalua.exe -a D:\100-descargas\SetupDWGTrueView2013_32bit.exe -d D:\100-descargas

Task: {F5588BA2-DF9B-4AED-A20C-AB92ADF66373} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig

Task: {F5588BA2-DF9B-4AED-A20C-AB92ADF66373} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)

Task: {F5B89AA1-6AB2-4148-891D-0D3579F8DF03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)

Task: {FE52822C-2563-40F8-8C98-68953FA830E4} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-12-02] (AVG Netherlands B.V. -> AVG Technologies)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 181.47.254.164 200.115.192.90 200.115.192.29

Tcpip\Parameters: [NameServer] 8.8.8.8

Tcpip\..\Interfaces\{1128A294-0FFC-41EF-AB6A-08B4C32614FA}: [NameServer] 8.8.8.8

Tcpip\..\Interfaces\{1128A294-0FFC-41EF-AB6A-08B4C32614FA}: [DhcpNameServer] 8.8.8.8

Tcpip\..\Interfaces\{559CB794-E8E5-40C3-AD0A-3D3160ECAF93}: [NameServer] 8.8.8.8

Tcpip\..\Interfaces\{559CB794-E8E5-40C3-AD0A-3D3160ECAF93}: [DhcpNameServer] 181.47.254.164 200.115.192.90 200.115.192.29

Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8

Tcpip\..\Interfaces\{9C7E5F79-C617-4DF4-9E85-80AF789CE229}: [NameServer] 8.8.8.8

Tcpip\..\Interfaces\{BD664F9F-3EBA-4081-9F2F-1355E3FEEAA6}: [NameServer] 8.8.8.8

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}

SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =

SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-3362957246-3994920205-2013797631-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =

SearchScopes: HKU\S-1-5-21-3362957246-3994920205-2013797631-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Skype Technologies SA -> Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Company -> Hewlett-Packard Co.)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-15] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-15] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Company -> Hewlett-Packard Co.)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Skype Technologies SA -> Microsoft Corporation)

FireFox:

========

FF DefaultProfile: lc39amda.Firefox Default-1549661720219

FF ProfilePath: C:\Users\Kadi\AppData\Roaming\Mozilla\Firefox\Profiles\su6eelht.default [2019-05-15]

FF Homepage: Mozilla\Firefox\Profiles\su6eelht.default -> hxxps://www.malwarebytes.org/restorebrowser//?ts=AHEqAX0mA3EmAE..&v=20160425&uid=83055D39AB3A713C1F4B8002FF2016B7&ptid=wak&mode=ffseng

FF Extension: (Bing Search Engine) - C:\Users\Kadi\AppData\Roaming\Mozilla\Firefox\Profiles\su6eelht.default\Extensions\[email protected] [2017-09-08] [Legacy] [not signed]

FF Extension: (leethax.net extension) - C:\Users\Kadi\AppData\Roaming\Mozilla\Firefox\Profiles\su6eelht.default\Extensions\[email protected]pi [2015-10-06] [Legacy]

FF SearchPlugin: C:\Users\Kadi\AppData\Roaming\Mozilla\Firefox\Profiles\su6eelht.default\searchplugins\bing-.xml [2015-03-28]

FF ProfilePath: C:\Users\Kadi\AppData\Roaming\Mozilla\Firefox\Profiles\lc39amda.Firefox Default-1549661720219 [2019-05-15]

FF Homepage: Mozilla\Firefox\Profiles\lc39amda.Firefox Default-1549661720219 -> hxxps://www.google.com/

FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\Kadi\AppData\Roaming\Mozilla\Firefox\Profiles\lc39amda.Firefox Default-1549661720219\Extensions\[email protected] [2019-05-12]

FF Extension: (dark_aurora 1) - C:\Users\Kadi\AppData\Roaming\Mozilla\Firefox\Profiles\lc39amda.Firefox Default-1549661720219\Extensions\{66bb1f8a-6ba6-4762-92cc-7b38691af3a4}.xpi [2019-02-08]

FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06] [Legacy]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: (HP Smart Web Printing) - D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-05-01] [Legacy] [not signed]

FF HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\Firefox\Extensions: [[email protected]] - D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_192.dll [2019-05-14] (Adobe Inc. -> )

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Software Incorporated -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Software Incorporated -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Software Incorporated -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-09-11] (Foxit Software Incorporated -> Foxit Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-15] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-15] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll [2011-11-17] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3362957246-3994920205-2013797631-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Kadi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-npoctoshape.dll [2017-02-15] (Octoshape -> Octoshape ApS)

FF Plugin ProgramFiles/Appdata: C:\Users\Kadi\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-06-16]

FF Plugin ProgramFiles/Appdata: C:\Users\Kadi\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2016-06-16]

Chrome:

=======

CHR DefaultProfile: Profile 1

CHR HomePage: Profile 1 -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=es-xl

CHR StartupUrls: Profile 1 -> "hxxp://www.google.com.ar/","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=83055D39AB3A713C1F4B8002FF2016B7&v=20160425&ts=AHEqAX0mA3EmAE..","hxxps://www.google.com/"

CHR DefaultSearchURL: Profile 1 -> hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t

CHR DefaultSearchKeyword: Profile 1 -> google.com__

CHR DefaultSuggestURL: Profile 1 -> hxxp://suggestqueries.google.com/complete/search?q={searchTerms}

CHR Session Restore: Profile 1 -> is enabled.

CHR Profile: C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Default [2019-05-15]

CHR Extension: (Documentos) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-21]

CHR Extension: (Google Drive) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-10]

CHR Extension: (YouTube) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-21]

CHR Extension: (Búsqueda de Google) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]

CHR Extension: (Adobe Acrobat) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-03-21]

CHR Extension: (MSN Homepage) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2019-03-21]

CHR Extension: (Documentos de Google sin conexión) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-03-21]

CHR Extension: (Skype) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2019-03-21]

CHR Extension: (AVG SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2019-03-21]

CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-03-21]

CHR Extension: (Gmail) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

CHR Extension: (Chrome Media Router) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-21]

CHR Profile: C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-05-15]

CHR Extension: (Descargas) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh [2015-09-30]

CHR Extension: (Documentos) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]

CHR Extension: (Google Drive) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]

CHR Extension: (Adobe Acrobat) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-05-15]

CHR Extension: (Booking.com for Chrome™) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip [2019-01-19]

CHR Extension: (Documentos de Google sin conexión) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-03]

CHR Extension: (AdBlock) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-05-11]

CHR Extension: (Botón Guardar de Pinterest) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2019-05-11]

CHR Extension: (Cisco Webex Extension) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-07-29]

CHR Extension: (PlayTo para Chromecast™) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jngkenaoceimiimeokpdbmejeonaaami [2018-10-10]

CHR Extension: (VideoDownloadConverter) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khjpojamndoobgfcfnkjfncgjlcebpel [2019-05-15]

CHR Extension: (TV para Google Chrome™) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe [2019-01-28]

CHR Extension: (AVG SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2019-03-19]

CHR Extension: (Drive Migrator) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nakklajdcijlkfagghhcdofbgbhddoed [2019-02-08]

CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]

CHR Extension: (Chrome Media Router) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-13]

CHR Extension: (uBlock Adblocker Plus) - C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnhflmgomffaphmnbcogleagmloijbkd [2018-10-10]

CHR HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

StartMenuInternet: Google Chrome.T4P6NQVVLTWST7HKAQTJDONDMQ - C:\Users\Kadi\AppData\Local\Google\Chrome\Application\old_chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203776 2011-01-26] (Microsoft Windows Hardware Compatibility Publisher -> AMD)

S2 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-12-02] (AVG Netherlands B.V. -> AVG Technologies)

R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [362536 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [6709272 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-12-02] (AVG Netherlands B.V. -> AVG Technologies)

R3 hpqcxs08; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [254824 2010-05-27] (Hewlett Packard -> Hewlett-Packard Co.)

R2 hpqddsvc; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [138600 2010-05-28] (Hewlett Packard -> Hewlett-Packard Co.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11446104 2019-04-24] (TeamViewer GmbH -> TeamViewer GmbH)

R2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

S3 AVGSecureBrowserElevationService; "C:\Program Files (x86)\AVG\Browser\Application\73.0.762.88\elevation_service.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9085952 2011-01-26] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)

R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [299520 2011-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)

R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37368 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [205656 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [254680 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [196560 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

R0 avgblog; C:\Windows\System32\drivers\avgblog.sys [320672 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [58152 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42336 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [166896 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [112360 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [87992 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1030832 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [476824 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [220472 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [385904 2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd -> Glarysoft Ltd)

R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-07-22] (Glarysoft Ltd -> Glarysoft Ltd)

R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)

S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2013-09-23] (Akeo Consulting -> hxxp://libusb-win32.sourceforge.net)

R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-05-15] (Malwarebytes Corporation -> Malwarebytes)

S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Generic USB smartcard reader)

S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-15 15:06 - 2019-05-15 15:08 - 000039730 _____ C:\Users\Kadi\Desktop\FRST.txt

2019-05-15 15:05 - 2019-05-15 15:04 - 002434560 _____ (Farbar) C:\Users\Kadi\Desktop\FRST64.exe

2019-05-15 15:00 - 2019-05-15 15:00 - 000001929 _____ C:\Users\Kadi\Desktop\JRT.txt

2019-05-15 14:55 - 2019-05-15 14:55 - 000005430 _____ C:\Users\Kadi\Desktop\AdwCleaner[S00].txt

2019-05-15 14:55 - 2019-05-15 14:55 - 000004851 _____ C:\Users\Kadi\Desktop\AdwCleaner[C00].txt

2019-05-15 14:41 - 2019-05-15 14:41 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys

2019-05-15 14:34 - 2019-05-15 14:34 - 000022743 _____ C:\Users\Kadi\Desktop\Minforme.txt

2019-05-15 14:33 - 2019-05-15 14:33 - 000022740 _____ C:\Users\Kadi\Downloads\Minforme.txt

2019-05-15 13:56 - 2019-05-15 13:56 - 000000000 ____D C:\Users\Kadi\AppData\Local\mbamtray

2019-05-15 13:56 - 2019-05-15 13:56 - 000000000 ____D C:\Users\Kadi\AppData\Local\mbam

2019-05-15 13:55 - 2019-05-15 13:55 - 000001862 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2019-05-15 13:55 - 2019-05-15 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2019-05-15 13:55 - 2019-05-15 13:55 - 000000000 ____D C:\Program Files\Malwarebytes

2019-05-15 13:55 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys

2019-05-15 13:53 - 2019-05-15 14:49 - 000004140 _____ C:\Windows\System32\Tasks\CCleaner Update

2019-05-15 13:53 - 2019-05-15 13:53 - 000001056 _____ C:\Users\Public\Desktop\CCleaner.lnk

2019-05-15 13:40 - 2019-05-15 13:40 - 007025360 _____ (Malwarebytes) C:\Users\Kadi\Desktop\adwcleaner_7.3.exe

2019-05-15 13:40 - 2019-05-15 13:40 - 001790024 _____ (Malwarebytes) C:\Users\Kadi\Desktop\JRT.exe

2019-05-15 13:39 - 2019-05-15 13:40 - 063304984 _____ (Malwarebytes ) C:\Users\Kadi\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.586-1.0.10597.exe

2019-05-15 13:39 - 2019-05-15 13:39 - 021254208 _____ (Piriform Software Ltd) C:\Users\Kadi\Desktop\ccsetup556.exe

2019-05-09 17:21 - 2019-05-15 13:15 - 000000000 ____D C:\Users\Kadi\Desktop\Inteligencia emocional

2019-05-08 12:29 - 2019-05-08 12:29 - 000473584 _____ C:\Users\Kadi\Desktop\Ferraro Malena CV.pdf

2019-05-06 14:41 - 2019-05-06 14:41 - 002361653 _____ C:\Users\Kadi\Desktop\PDF13supresion_cronica_de_pensamientos.pdf

2019-04-25 13:25 - 2019-04-25 13:25 - 000003706 _____ C:\Windows\System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly)

2019-04-25 13:25 - 2019-04-25 13:25 - 000003124 _____ C:\Windows\System32\Tasks\AVG Secure Browser Heartbeat Task (Logon)

2019-04-24 18:31 - 2019-04-24 18:31 - 000362928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe

2019-04-17 15:14 - 2019-04-17 15:14 - 000002003 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-15 15:06 - 2014-07-22 19:04 - 000000000 ____D C:\FRST

2019-05-15 14:50 - 2018-12-02 11:02 - 000004174 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update

2019-05-15 14:48 - 2013-02-28 15:28 - 000000000 ____D C:\Program Files (x86)\TeamViewer

2019-05-15 14:46 - 2009-07-14 01:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2019-05-15 14:46 - 2009-07-14 01:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2019-05-15 14:40 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2019-05-15 14:39 - 2014-07-19 20:25 - 000000000 ____D C:\AdwCleaner

2019-05-15 14:39 - 2013-11-22 14:23 - 000000000 ____D C:\Users\Kadi\AppData\Roaming\WinZip

2019-05-15 14:28 - 2014-07-22 08:59 - 000000000 ____D C:\Users\Kadi\AppData\Roaming\DiskDefrag

2019-05-15 13:56 - 2012-07-10 09:42 - 000000000 ____D C:\ProgramData\Malwarebytes

2019-05-15 13:55 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf

2019-05-15 13:54 - 2013-02-28 17:08 - 000000000 ____D C:\Users\Kadi\AppData\Roaming\TeamViewer

2019-05-15 13:53 - 2012-08-09 09:42 - 000000000 ____D C:\Program Files (x86)\CCleaner

2019-05-15 12:01 - 2017-12-18 12:09 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2019-05-15 11:51 - 2019-03-19 14:30 - 000003140 _____ C:\Windows\System32\Tasks\{35D2BFDF-605B-4F7A-88A0-8039EAFF597D}

2019-05-15 11:51 - 2019-03-19 14:18 - 000003124 _____ C:\Windows\System32\Tasks\{34337A51-0D28-404D-AEA5-909CEDF1AB4A}

2019-05-15 11:51 - 2018-12-20 08:32 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software

2019-05-15 11:51 - 2018-03-13 15:36 - 000004488 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier

2019-05-15 11:51 - 2016-11-16 13:00 - 000003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2019-05-15 11:51 - 2016-11-16 13:00 - 000003342 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2019-05-15 11:51 - 2016-05-25 11:59 - 000003702 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart

2019-05-15 11:51 - 2016-05-03 19:04 - 000003126 _____ C:\Windows\System32\Tasks\Trojan Remover

2019-05-15 11:51 - 2015-10-06 16:16 - 000004320 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2019-05-15 11:51 - 2015-01-01 21:21 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2019-05-15 11:51 - 2014-04-02 21:52 - 000003138 _____ C:\Windows\System32\Tasks\{35EF8130-3EBB-44AA-A910-00E7BCFA3ECA}

2019-05-15 11:51 - 2013-05-01 20:21 - 000003152 _____ C:\Windows\System32\Tasks\{4442066F-B891-47C9-909B-36BDD5781588}

2019-05-15 11:51 - 2012-09-12 09:10 - 000003290 _____ C:\Windows\System32\Tasks\{E62F500C-EC60-459E-991E-0296C9CA0BB5}

2019-05-15 11:51 - 2012-09-10 09:25 - 000002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2019-05-14 12:36 - 2012-07-10 09:28 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe

2019-05-14 12:36 - 2012-07-10 09:28 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2019-05-14 12:36 - 2012-07-10 09:28 - 000000000 ____D C:\Windows\system32\Macromed

2019-05-14 12:36 - 2012-06-14 18:52 - 000000000 ____D C:\Windows\SysWOW64\Macromed

2019-05-13 10:07 - 2017-11-25 16:49 - 000000000 ____D C:\Users\Kadi\AppData\LocalLow\Mozilla

2019-05-12 12:14 - 2019-03-28 09:38 - 000000000 ____D C:\Program Files\Mozilla Firefox

2019-05-03 06:30 - 2018-01-07 13:43 - 000001006 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk

2019-05-02 20:23 - 2015-04-08 01:29 - 000002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2019-04-25 13:25 - 2018-12-02 11:22 - 000002339 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk

2019-04-24 18:32 - 2019-04-12 15:18 - 000000077 _____ C:\Windows\system32\Drivers\avgSP.sys.sum

2019-04-24 18:32 - 2018-12-02 11:02 - 000476824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys

2019-04-24 18:32 - 2018-12-02 11:02 - 000385904 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys

2019-04-24 18:31 - 2019-01-04 18:00 - 000037368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys

2019-04-24 18:31 - 2018-12-02 11:02 - 001030832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys

2019-04-24 18:31 - 2018-12-02 11:02 - 000220472 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys

2019-04-24 18:31 - 2018-12-02 11:02 - 000205656 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys

2019-04-24 18:31 - 2018-12-02 11:02 - 000166896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys

2019-04-24 18:31 - 2018-12-02 11:02 - 000112360 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys

2019-04-24 18:31 - 2018-12-02 11:02 - 000087992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys

2019-04-24 18:31 - 2018-12-02 11:02 - 000042336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys

2019-04-24 18:30 - 2019-01-15 23:36 - 000254680 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys

2019-04-24 18:30 - 2019-01-04 18:00 - 000320672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblog.sys

2019-04-24 18:30 - 2019-01-04 18:00 - 000196560 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys

2019-04-24 18:30 - 2019-01-04 18:00 - 000058152 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys

2019-04-18 18:41 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF

2019-04-17 15:07 - 2019-02-08 18:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2019-04-16 16:29 - 2019-04-03 15:22 - 000000000 ____D C:\Users\Kadi\Desktop\agenda

==================== Files in the root of some directories =======

2013-06-17 18:11 - 2012-10-04 07:30 - 006516280 _____ (AVAST Software) C:\Program Files\A

2016-04-30 09:51 - 2016-04-30 09:51 - 000005120 _____ () C:\Users\Kadi\AppData\Roaming\GiftBag.db

2012-07-08 11:59 - 2012-07-13 11:03 - 000000132 _____ () C:\Users\Kadi\AppData\Roaming\Prefs. de formato PNG de Adobe CS6

2016-04-30 20:32 - 2016-04-30 20:32 - 039550976 _____ (Tencent Inc.) C:\Users\Kadi\AppData\Roaming\TXQBINSTX2.EXE

2013-06-18 00:15 - 2013-06-18 00:15 - 000000005 _____ () C:\Users\Kadi\AppData\Roaming\WBPU-Q2-TTL.DAT

2013-06-17 23:14 - 2013-06-25 11:57 - 000000005 _____ () C:\Users\Kadi\AppData\Roaming\WBPU-TTL.DAT

2012-09-05 11:10 - 2016-11-05 21:37 - 000016384 _____ () C:\Users\Kadi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2016-05-19 14:45 - 2016-05-19 14:45 - 000000036 _____ () C:\Users\Kadi\AppData\Local\housecall.guid.cache

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-05-13 14:22

==================== End of FRST.txt ============================
#8

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05.2019 01

Ran by Kadi (15-05-2019 15:08:47)

Running from C:\Users\Kadi\Desktop

Windows 7 Ultimate Service Pack 1 (X64) (2012-06-13 23:00:05)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrador (S-1-5-21-3362957246-3994920205-2013797631-500 - Administrator - Disabled)

HomeGroupUser$ (S-1-5-21-3362957246-3994920205-2013797631-1006 - Limited - Enabled)

Invitado (S-1-5-21-3362957246-3994920205-2013797631-501 - Limited - Enabled)

Kadi (S-1-5-21-3362957246-3994920205-2013797631-1000 - Administrator - Enabled) => C:\Users\Kadi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Disabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG Antivirus (Disabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3600_Help (HKLM-x32\...\{AFDAB4B7-E5CE-4277-9ABB-8D8C5E12853D}) (Version: 1.00.0000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.192 - Adobe)

Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.192 - Adobe)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Apowersoft Online Launcher versión 1.4.4 (HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.4 - APOWERSOFT LIMITED)

ATI AVIVO64 Codecs (HKLM\...\{D0CE4A83-018E-C14F-734C-6BEBF469C681}) (Version: 11.6.0.10126 - ATI Technologies Inc.) Hidden

ATI Catalyst Install Manager (HKLM\...\{2496B756-C386-B088-7644-55F16C18A6E7}) (Version: 3.0.812.0 - ATI Technologies, Inc.)

AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.4.3089 - AVG Technologies)

AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 73.0.762.88 - Los creadores de AVG Secure Browser)

bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden

BPD_Scan (HKLM-x32\...\{8CE4CB34-8187-42A1-B597-517760BEE8EC}) (Version: 3.00.0000 - Hewlett-Packard) Hidden

BPDSoftware (HKLM-x32\...\{2965EB43-0543-459A-81D9-F4F7CD812075}) (Version: 140.0.000.000 - Hewlett-Packard) Hidden

BPDSoftware_Ini (HKLM-x32\...\{E593C3B6-6C5A-4AFC-A4F7-CCB94F60C888}) (Version: 1.00.0000 - Hewlett-Packard) Hidden

BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden

ccc-core-static (HKLM-x32\...\{CA212D9E-EDFB-B0D8-B1D5-05ED5838F6B7}) (Version: 2011.0126.1749.31909 - Nombre de su organización) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)

Centro de dispositivos de Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version: - Cheat Engine)

Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)

Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)

Corel Graphics - Windows Shell Extension (HKLM-x32\...\{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.487 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - BR (HKLM-x32\...\{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Capture (HKLM-x32\...\{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Common (HKLM-x32\...\{CA3861BA-1D96-4D66-B577-318E1602C4F3}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Connect (HKLM-x32\...\{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Custom Data (HKLM-x32\...\{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Draw (HKLM-x32\...\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - EN (HKLM-x32\...\{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - ES (HKLM-x32\...\{68EE5C41-2F79-4F36-BE85-22A814F55AF7}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: - Corel Corporation)

CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Filters (HKLM-x32\...\{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - FontNav (HKLM-x32\...\{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - FR (HKLM-x32\...\{8F18CFF8-8259-4148-AD00-2EE572754E92}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - IPM (HKLM-x32\...\{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - PHOTO-PAINT (HKLM-x32\...\{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Photozoom Plugin (HKLM-x32\...\{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Redist (HKLM-x32\...\{59123CCF-FED2-46FF-9293-D1DC80042219}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Setup Files (HKLM-x32\...\{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - VBA (HKLM-x32\...\{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - VideoBrowser (HKLM-x32\...\{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - VSTA (HKLM-x32\...\{260ED378-2B8C-4831-ADAE-D0712D119AC5}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (HKLM\...\{66C10F29-31F0-4A9B-B2CF-465F488AE086}) (Version: 15.0.487 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - WT (HKLM-x32\...\{9244E956-5939-4B88-930C-0699D4AB2B95}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 (HKLM-x32\...\{368FCA18-C510-4F87-B60E-192B9BDBAE3D}) (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)

CuteFTP 8 Home (HKLM-x32\...\{949DBB22-2FB7-4de1-804C-23D495A988D8}) (Version: 8.3.4 - GlobalSCAPE)

Debut, capturador de vídeo (HKLM-x32\...\Debut) (Version: 4.06 - NCH Software)

deskPDF Studio X (HKLM-x32\...\deskPDF Studio_is1) (Version: - Docudesk)

Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden

DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)

DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.100.000 - Hewlett-Packard) Hidden

Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden

Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

FILEminimizer Suite (HKLM-x32\...\FILEminimizer Suite_is1) (Version: - balesio AG)

Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)

Foxit PhantomPDF Standard (HKLM-x32\...\{D357F3E5-E140-4EA9-8751-4354FD7BAACD}) (Version: 7.0.5.1021 - Foxit Software Inc.)

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)

Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.4 - EZ Freeware)

G Suite Migration For Microsoft Outlook® 4.0.117.0 (HKLM\...\{A192D75D-8490-405F-82C5-A29906B8DA95}) (Version: 4.0.117.0 - Google, Inc.)

Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)

Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden

Glary Utilities 5.4 (HKLM-x32\...\Glary Utilities 5) (Version: 5.4.0.11 - Glarysoft Ltd)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden

GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP OfficeJet J3600 (HKLM\...\{269402AB-D600-4961-80EF-779CB346D29E}) (Version: 14.0 - HP)

HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)

HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden

HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden

HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden

HydraVision (HKLM-x32\...\{DE9069FA-EF9E-25CD-67E7-0242935CCD49}) (Version: 4.2.184.0 - ATI Technologies Inc.) Hidden

InPixio Photo Clip 8 Demo (HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\{9F45A8A5-0487-4aa6-A67E-46E103C927AD}) (Version: 8.00 - InPixio)

Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)

J3600 (HKLM-x32\...\{1356E5A2-D867-4C4F-BC67-E468AF8410E0}) (Version: 140.0.000.000 - Hewlett-Packard) Hidden

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

JDiskReport 1.4.1 (HKLM-x32\...\JDiskReport 1.4.1) (Version: 1.4.1 (2014-02-26 11:50:44) - JGoodies Karsten Lentzsch)

KMSpico v9.0.2.20131020 (Beta) (HKLM\...\KMSpico & Ratiborus_is1) (Version: 9.0.2.20131020 - )

Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)

MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden

Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden

Microsoft .NET Framework 4.6 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.6.00081 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.0.61118.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 Language Pack - ESN (HKLM-x32\...\{6D972506-DC01-39BC-A5DD-06DA86E00031}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - ESN (HKLM-x32\...\{4A28444E-0532-3264-B07D-5AFE590E30BE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)

Mozilla Firefox 66.0.3 (x64 es-AR) (HKLM\...\Mozilla Firefox 66.0.3 (x64 es-AR)) (Version: 66.0.3 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0 - Mozilla)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

Noise Reduction Plug-in 2.0i (HKLM-x32\...\{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}) (Version: 2.0.455 - Sony)

OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)

Octoshape Streaming Services (HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\Octoshape Streaming Services) (Version: - Octoshape ApS)

Online Video Converter version 1.0.6 (HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\{628BF902-EB66-4BDB-97CB-AE4AAAAA5A7F}_is1) (Version: 1.0.6 - APOWERSOFT LIMITED)

Oracle VM VirtualBox 4.3.20 (HKLM\...\{86401870-7AB7-4A8D-8AD6-12B27DF2E6E3}) (Version: 4.3.20 - Oracle Corporation)

Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden

ProductContext (HKLM-x32\...\{24F5EAD9-7D46-4ED6-9F61-085A76ADF523}) (Version: 140.0.000.000 - Hewlett-Packard) Hidden

Q-Dir (HKLM-x32\...\Q-Dir) (Version: - )

Q-Dir (HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\Q-Dir) (Version: - )

QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.)

Revisión para Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{6D972506-DC01-39BC-A5DD-06DA86E00031}.KB947789) (Version: 1 - Microsoft Corporation)

Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.167.000 - Hewlett-Packard) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)

Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)

Skype versión 8.42 (HKLM-x32\...\Skype_is1) (Version: 8.42 - Skype Technologies S.A.)

SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden

SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden

Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.256.000 - Hewlett-Packard) Hidden

TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.36215 - TeamViewer)

Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden

TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden

UltraISO Premium V9.36 (HKLM-x32\...\UltraISO_is1) (Version: - )

VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.213.017 - Hewlett-Packard) Hidden

Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )

WMV9/VC-1 Video Playback (HKLM\...\{3520B663-C056-D2F8-77E2-4F0CA41D3803}) (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 15.4.062.17802 - Check Point)

Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\ChromeHTML: -> <==== ATTENTION

CustomCLSID: HKU\S-1-5-21-3362957246-3994920205-2013797631-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll () [File not signed]

SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll (Microsoft Windows -> Microsoft Corporation)

SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll (Microsoft Windows -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File

ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File

ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2014-09-11] (Foxit Software Incorporated -> Foxit Software Inc.)

ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2014-09-11] (Foxit Software Incorporated -> Foxit Software Inc.)

ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2014-07-18] (Glarysoft Ltd -> Glarysoft Ltd)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-24] (WinZip Computing LLC -> WinZip Computing, S.L.)

ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2014-07-18] (Glarysoft Ltd -> Glarysoft Ltd)

ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)

ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File

ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)

ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-24] (WinZip Computing LLC -> WinZip Computing, S.L.)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-01-26] (Advanced Micro Devices, Inc.) [File not signed]

ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-04-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)

ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2014-07-18] (Glarysoft Ltd -> Glarysoft Ltd)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-24] (WinZip Computing LLC -> WinZip Computing, S.L.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::

WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]

WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

ShortcutWithArgument: C:\Users\Kadi\AppData\Local\Google\Chrome\User Data\Selector de aplicaciones de Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list

==================== Loaded Modules (Whitelisted) ==============

2013-06-14 10:28 - 2005-03-11 15:07 - 000087040 _____ () [File not signed] C:\Windows\System32\redmonnt.dll

2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll

2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll

2009-08-18 11:24 - 2009-08-18 11:24 - 000167424 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Kadi\AppData\Local\Archivos temporales de Internet:MvD1eeVFjIkCyE3i5lmbJqoz3 [2358]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\UserChoice => FileAssociationManager

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2018-12-10 19:55 - 000000280 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;%C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%CommonProgramFiles%\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;%PROGRAMFILES%\Internet Explorer;C:\Program Files\Google\Google Apps Migration;C:\Program Files\Google\Google Apps Migration\

HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kadi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: Media is not connected to internet.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{751F2A99-E0F9-40D0-8CA0-E2211703BCB8}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)

FirewallRules: [UDP Query User{53BBD8E8-DD85-458F-8425-7F08E340E86F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)

FirewallRules: [{CE1D7B9C-EFC5-48BA-9FDD-A2C422D33163}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)

FirewallRules: [{CE1AC2C0-D247-4059-B928-09CFF22E2E16}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)

FirewallRules: [{17D9CAE4-957B-434C-8117-6BA9AAFFAAA1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)

FirewallRules: [{22B2218B-33F8-4C68-8CAC-70EC44E208F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)

FirewallRules: [{869B13C7-8353-4CC1-9CE4-E8BF78594C12}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{9CEDAAA9-451B-44D6-ADBD-2BB681F2BDB9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{178C88BA-84AA-4FAC-9EE4-B5BCC7B1F528}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{CBC9150B-FDD5-4DDE-9684-153374792380}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{E8943359-1FF8-42CA-B2AC-61A48FC40601}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{3AB9F507-72A5-40D4-A86C-A4C9C661C15B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{03E49067-EC00-4389-B05E-6D8CB18BACEF}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{C1BCFA05-617E-4B71-BD42-D45B843CEFBB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{66551A8F-0FAD-44E4-B62B-EC5A2FE49156}] => (Allow) C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe (AVG Technologies USA, Inc. -> AVG Technologies)

FirewallRules: [{C407574B-F45A-45E5-8EA0-74A52B6ABAD1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

FirewallRules: [{711B4CAC-A989-49CE-BD05-9089DABF4E38}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)

FirewallRules: [{9DBE5D89-77BD-49B7-9BA0-1C9383F488C5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)

FirewallRules: [{D8F9A564-05B4-4B1A-8503-E649AD8E4BE2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)

FirewallRules: [{FD09495C-16EA-4F24-9083-05753D040A87}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)

==================== Restore Points =========================

15-05-2019 14:56:21 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter

Description: VirtualBox Host-Only Ethernet Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Oracle Corporation

Service: VBoxNetAdp

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (05/15/2019 02:42:38 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (05/15/2019 02:29:57 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (05/15/2019 02:23:44 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)

Description: Product: AVG Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\GoogleUpdateHelper.msi

Error: (05/15/2019 01:23:53 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)

Description: Product: AVG Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\GoogleUpdateHelper.msi

Error: (05/15/2019 12:23:43 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)

Description: Product: AVG Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\GoogleUpdateHelper.msi

Error: (05/15/2019 11:23:43 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)

Description: Product: AVG Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\GoogleUpdateHelper.msi

Error: (05/15/2019 10:42:21 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)

Description: Product: AVG Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\GoogleUpdateHelper.msi

Error: (05/15/2019 10:42:19 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Event-ID 0

System errors:

=============

Error: (05/15/2019 02:39:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: El servicio Windows Live ID Sign-in Assistant terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (05/15/2019 02:39:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: El servicio Protexis Licensing V2 se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (05/15/2019 02:39:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: El servicio Instalador de módulos de Windows terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.

Error: (05/15/2019 02:39:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: El servicio Adobe Acrobat Update Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (05/15/2019 02:39:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: El servicio AMD External Events Utility se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (05/15/2019 01:25:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: El servicio AVG Secure Browser Elevation Service no pudo iniciarse debido al siguiente error:

El sistema no puede encontrar el archivo especificado.

Error: (05/15/2019 12:25:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: El servicio AVG Secure Browser Elevation Service no pudo iniciarse debido al siguiente error:

El sistema no puede encontrar el archivo especificado.

Error: (05/15/2019 12:25:29 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: Error de DCOM "2" al intentar iniciar el servicio AVGSecureBrowserElevationService con argumentos "" para ejecutar el servidor:

{CA348B59-06AD-4482-AD87-966302908F0F}

CodeIntegrity:

===================================

Date: 2018-01-04 08:26:26.783

Description:

Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Program Files (x86)\Cheat Engine 6.7\dbk32.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-01-04 08:26:24.890

Description:

Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Program Files (x86)\Cheat Engine 6.7\dbk64.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-01-03 11:35:14.286

Description:

Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Program Files (x86)\Cheat Engine 6.7\dbk32.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-01-03 11:35:13.292

Description:

Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Program Files (x86)\Cheat Engine 6.7\dbk64.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-01-03 10:26:14.142

Description:

Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Program Files (x86)\Cheat Engine 6.7\dbk32.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2018-01-03 10:26:12.336

Description:

Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\Program Files (x86)\Cheat Engine 6.7\dbk64.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2014-07-21 20:33:52.595

Description:

Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

Date: 2014-07-21 20:33:52.575

Description:

Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 3501 02/08/2012

Motherboard: ASUSTeK COMPUTER INC. P8H61-M LX

Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz

Percentage of memory in use: 74%

Total physical RAM: 6111.14 MB

Available physical RAM: 1530.43 MB

Total Virtual: 12220.46 MB

Available Virtual: 7580.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.59 GB) (Free:6.15 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Drive d: (Disco local) (Fixed) (Total:90.45 GB) (Free:26.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 0C8C0C8B)

Partition 1: (Active) - (Size=58.6 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=90.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
#9

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\ChromeHTML: -> <==== ATTENTION
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
AlternateDataStreams: C:\Users\Kadi\AppData\Local\Archivos temporales de Internet:MvD1eeVFjIkCyE3i5lmbJqoz3 [2358]
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\Run: [BingSvc] => C:\Users\Kadi\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
BootExecute: autocheck autochk * BootDefrag.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {2908128C-D59C-412C-A007-FC6738E6BFB6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {2908128C-D59C-412C-A007-FC6738E6BFB6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {2908128C-D59C-412C-A007-FC6738E6BFB6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {3656B5CC-6D81-48AB-BC25-C55D5EEA54AE} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris\Trojan Remover\ltr.exe
Task: {3C62CAC6-2AED-4FD0-80B0-2660916411F7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {3C62CAC6-2AED-4FD0-80B0-2660916411F7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {71439002-ED37-46AC-A37C-77F8E32B65B6} - \{7A7E0E47-057D-7879-0B11-0E0F7E7A110D} -> No File <==== ATTENTION
Task: {99F38B41-EBAA-4263-8DF1-77BC9E8AB34B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {99F38B41-EBAA-4263-8DF1-77BC9E8AB34B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {A0BB5884-ECDA-469F-90F2-EB7755FF6E55} - System32\Tasks\{35D2BFDF-605B-4F7A-88A0-8039EAFF597D} => C:\Windows\system32\pcalua.exe -a D:\100-descargas\SetupDWGTrueView2014_ENU_64bit.sfx.exe -d D:\100-descargas
Task: {B0D8494D-986A-4075-A20B-7C9F4DB7C659} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3362957246-3994920205-2013797631-1000Core => C:\Users\Kadi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {BDC6D560-6B3A-4B58-97FC-344FBE223E46} - System32\Tasks\{4442066F-B891-47C9-909B-36BDD5781588} => C:\Windows\system32\pcalua.exe -a C:\Users\Kadi\Downloads\SetupDWGTrueView2013_32bit.exe -d C:\Users\Kadi\Downloads
Task: {DA877DC6-3298-4D82-877E-6A04F8314A95} - System32\Tasks\{34337A51-0D28-404D-AEA5-909CEDF1AB4A} => C:\Windows\system32\pcalua.exe -a D:\100-descargas\SetupDWGTrueView2013_32bit.exe -d D:\100-descargas
Task: {F5588BA2-DF9B-4AED-A20C-AB92ADF66373} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {F5588BA2-DF9B-4AED-A20C-AB92ADF66373} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-15] (Oracle America, Inc. -> Oracle Corporation)
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com.ar/","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=83055D39AB3A713C1F4B8002FF2016B7&v=20160425&ts=AHEqAX0mA3EmAE..","hxxps://www.google.com/"
2013-06-17 18:11 - 2012-10-04 07:30 - 006516280 _____ (AVAST Software) C:\Program Files\A
2016-04-30 20:32 - 2016-04-30 20:32 - 039550976 _____ (Tencent Inc.) C:\Users\Kadi\AppData\Roaming\TXQBINSTX2.EXE
2019-05-15 11:51 - 2018-12-20 08:32 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora inicia tu equipo desde el :arrow_forward: Modo Seguro – con funciones de Red, de Windows

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.

#10

Muchas gracias Javier! aqui esta el reporte que me pides…


Fix result of Farbar Recovery Scan Tool (x64) Version: 15-05.2019 01
Ran by Kadi (15-05-2019 19:38:57) Run:1
Running from C:\Users\Kadi\Desktop
Loaded Profiles: Kadi (Available Profiles: Kadi)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\ChromeHTML: -> <==== ATTENTION
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
AlternateDataStreams: C:\Users\Kadi\AppData\Local\Archivos temporales de Internet:MvD1eeVFjIkCyE3i5lmbJqoz3 [2358]
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\...\Run: [BingSvc] => C:\Users\Kadi\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (Microsoft Corporation -> � 2015 Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
BootExecute: autocheck autochk * BootDefrag.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {2908128C-D59C-412C-A007-FC6738E6BFB6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {2908128C-D59C-412C-A007-FC6738E6BFB6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {2908128C-D59C-412C-A007-FC6738E6BFB6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {3656B5CC-6D81-48AB-BC25-C55D5EEA54AE} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris\Trojan Remover\ltr.exe
Task: {3C62CAC6-2AED-4FD0-80B0-2660916411F7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {3C62CAC6-2AED-4FD0-80B0-2660916411F7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {71439002-ED37-46AC-A37C-77F8E32B65B6} - \{7A7E0E47-057D-7879-0B11-0E0F7E7A110D} -> No File <==== ATTENTION
Task: {99F38B41-EBAA-4263-8DF1-77BC9E8AB34B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {99F38B41-EBAA-4263-8DF1-77BC9E8AB34B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {A0BB5884-ECDA-469F-90F2-EB7755FF6E55} - System32\Tasks\{35D2BFDF-605B-4F7A-88A0-8039EAFF597D} => C:\Windows\system32\pcalua.exe -a D:\100-descargas\SetupDWGTrueView2014_ENU_64bit.sfx.exe -d D:\100-descargas
Task: {B0D8494D-986A-4075-A20B-7C9F4DB7C659} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3362957246-3994920205-2013797631-1000Core => C:\Users\Kadi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {BDC6D560-6B3A-4B58-97FC-344FBE223E46} - System32\Tasks\{4442066F-B891-47C9-909B-36BDD5781588} => C:\Windows\system32\pcalua.exe -a C:\Users\Kadi\Downloads\SetupDWGTrueView2013_32bit.exe -d C:\Users\Kadi\Downloads
Task: {DA877DC6-3298-4D82-877E-6A04F8314A95} - System32\Tasks\{34337A51-0D28-404D-AEA5-909CEDF1AB4A} => C:\Windows\system32\pcalua.exe -a D:\100-descargas\SetupDWGTrueView2013_32bit.exe -d D:\100-descargas
Task: {F5588BA2-DF9B-4AED-A20C-AB92ADF66373} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {F5588BA2-DF9B-4AED-A20C-AB92ADF66373} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [355328 [355328 2016-03-20]] (Microsoft Windows -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-15] (Oracle America, Inc. -> Oracle Corporation)
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com.ar/","hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=83055D39AB3A713C1F4B8002FF2016B7&v=20160425&ts=AHEqAX0mA3EmAE..","hxxps://www.google.com/"
2013-06-17 18:11 - 2012-10-04 07:30 - 006516280 _____ (AVAST Software) C:\Program Files\A
2016-04-30 20:32 - 2016-04-30 20:32 - 039550976 _____ (Tencent Inc.) C:\Users\Kadi\AppData\Roaming\TXQBINSTX2.EXE
2019-05-15 11:51 - 2018-12-20 08:32 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKU\S-1-5-21-3362957246-3994920205-2013797631-1000_Classes\ChromeHTML => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => removed successfully
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\###MegaContextMenuExt => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\###MegaContextMenuExt => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
C:\Users\Kadi\AppData\Local\Archivos temporales de Internet => ":MvD1eeVFjIkCyE3i5lmbJqoz3" ADS could not remove.
"HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE" => removed successfully
"HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE" => removed successfully
"HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc" => removed successfully
"HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE" => removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2908128C-D59C-412C-A007-FC6738E6BFB6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2908128C-D59C-412C-A007-FC6738E6BFB6}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2908128C-D59C-412C-A007-FC6738E6BFB6}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2908128C-D59C-412C-A007-FC6738E6BFB6}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3656B5CC-6D81-48AB-BC25-C55D5EEA54AE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3656B5CC-6D81-48AB-BC25-C55D5EEA54AE}" => removed successfully
C:\Windows\System32\Tasks\Trojan Remover => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trojan Remover" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C62CAC6-2AED-4FD0-80B0-2660916411F7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C62CAC6-2AED-4FD0-80B0-2660916411F7}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C62CAC6-2AED-4FD0-80B0-2660916411F7}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71439002-ED37-46AC-A37C-77F8E32B65B6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71439002-ED37-46AC-A37C-77F8E32B65B6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7A7E0E47-057D-7879-0B11-0E0F7E7A110D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99F38B41-EBAA-4263-8DF1-77BC9E8AB34B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99F38B41-EBAA-4263-8DF1-77BC9E8AB34B}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99F38B41-EBAA-4263-8DF1-77BC9E8AB34B}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0BB5884-ECDA-469F-90F2-EB7755FF6E55}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0BB5884-ECDA-469F-90F2-EB7755FF6E55}" => removed successfully
C:\Windows\System32\Tasks\{35D2BFDF-605B-4F7A-88A0-8039EAFF597D} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{35D2BFDF-605B-4F7A-88A0-8039EAFF597D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0D8494D-986A-4075-A20B-7C9F4DB7C659}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0D8494D-986A-4075-A20B-7C9F4DB7C659}" => removed successfully
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3362957246-3994920205-2013797631-1000Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3362957246-3994920205-2013797631-1000Core" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDC6D560-6B3A-4B58-97FC-344FBE223E46}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDC6D560-6B3A-4B58-97FC-344FBE223E46}" => removed successfully
C:\Windows\System32\Tasks\{4442066F-B891-47C9-909B-36BDD5781588} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4442066F-B891-47C9-909B-36BDD5781588}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA877DC6-3298-4D82-877E-6A04F8314A95}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA877DC6-3298-4D82-877E-6A04F8314A95}" => removed successfully
C:\Windows\System32\Tasks\{34337A51-0D28-404D-AEA5-909CEDF1AB4A} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{34337A51-0D28-404D-AEA5-909CEDF1AB4A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5588BA2-DF9B-4AED-A20C-AB92ADF66373}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5588BA2-DF9B-4AED-A20C-AB92ADF66373}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5588BA2-DF9B-4AED-A20C-AB92ADF66373}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-15] (Oracle America, Inc." => not found
C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-15] (Oracle America, Inc." => not found
C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => moved successfully
"Chrome StartupUrls" => removed successfully
C:\Program Files\A => moved successfully
C:\Users\Kadi\AppData\Roaming\TXQBINSTX2.EXE => moved successfully
C:\Windows\System32\Tasks\AVAST Software => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3362957246-3994920205-2013797631-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : cpe.telecentro.net.ar
   Direcci¢n IPv6 . . . . . . . . . . : 2800:810:44c:866e:9199:4d3e:5e34:6dd0
   Direcci¢n IPv6 temporal. . . . . . : 2800:810:44c:866e:6115:93fd:3e2e:46b6
   V¡nculo: direcci¢n IPv6 local. . . : fe80::9199:4d3e:5e34:6dd0%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.14
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : fe80::8e10:d4ff:fe94:e17c%11
                                       192.168.0.1

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17216031 B
Java, Flash, Steam htmlcache => 1253 B
Windows/system/drivers => 6852 B
Edge => 0 B
Chrome => 190783897 B
Firefox => 25700173 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 33253 B
LocalService => 99141 B
NetworkService => 33125 B
Kadi => 4928433 B

RecycleBin => 97743424 B
EmptyTemp: => 321 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:41:06 ====
#11

Perfecto… :+1:

Te falto comentar como sigue tu equipo en relación al problema planteado inicialmente. :thinking:

#12

Disculpa la demora en responder Javier!!! estuve con una mano mal y no he podido sentarme al ordenador. Aparentemente se ha activado un poco la velocidad… con los días lo probaré y te cuento mejor. Muchísimas gracias por la disposición y la ayuda que me has dado! Maravillosas las respuestas y el tiempo. Un placer volver por aqui!!!

#13

Hola.

No hay problema, pruebalo en 24-72 horas más y dinos si notas mejoría en los problemas planteados inicialmente.

:warning: Y de momento , Por Favor, mientras estemos desinfectando/arreglando tu maquina :

No realices pasos/acciones que NOSOTROS no te hayamos indicado.

No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.

No instales NADA (programas/software/complementos/extensiones del navegador…)

No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…)

No realices por tu cuenta otros procedimientos.

Usa tu equipo EXCLUSIVAMENTE para desinfectarlo/arreglarlo siguiendo nuestras indicaciones.

Y dinos también que antivirus tuviste instalados en TU equipo y como fueron desinstalados en su momento. :thinking:

Y cuando has realizado el ultimo cambio de antivirus al actual de AVG.

Saludos.

#14

Mil gracias javier!!! Mi ordenador ya esta mucho más veloz!!! lo he podido usar y ya puedo confirmarte. Me resta saber si la lentitud en la banda es por causa de la empresa que la brinda o es mi ordenador… :thinking:

#15

La lentitud navegando…sigues notandola.:thinking:

Faltaría que comentes lo que te había consultado en mi última respuesta . sobre los antivirus. ??

#16

Javier, no lo se sinceramente! se que tengo el AVG, pero no recuerdo anteriores ni como los he desinstalado. No soy experta en esto, asi que no lo debo haber hecho de manera segura para eliminar todo tipo de rastros, tu diras. En cuanto al funcionamiento de la pc, ya lo noto muy bien. La banda, algo lenta… tal vez sea mi proveedor?

#17

Hola.

Como proveedor de Internet tienes a “Telecentro S.A.” si yo NO estoy equivocado, pudes ponerte en contacto y que te verifiquen resultados, aunque suelen ser(todos los proveedores) bastante poco dados a reconocer sus problemas.

Antes de eso, el problema de rendimiento en Internet lo notas con TODOS los navegadores que tengas instalados o solo en alguno de ellos. :thinking: