Pop-up Windows no puede encontrar el archivo


#1

Hola, desde hace un tiempo me aparece una ventana con un mensaje de error. Comenzó a aparecer luego de que entrase un virus en mi PC, el cual CREO haber eliminado con avast, pero el error persiste. Probé haciendo una limpieza de registro sin frutos. Quisiera pedirles ayuda para poder solucionarlo. Se abre una ventana de “cmd” y por encima otra ventana de diálogo que dice lo siguiente:

" Windows no puede encontrar el archivo “C:\Users\Octavio\AppData\Roaming\Microsoft\Windows\sfrfgwtj\rtdfubtg.exe” "

Espero su respuesta, muchas gracias desde ya.

Octavio

PD: No me deja publicar la imagen del error. ¿Es porque soy nuevo?


#3

Buenas @0ctavs bienvenido al Foro.

Para revisar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :


CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relacion al problema planteado. :face_with_monocle:

Saludos, Javier.


#4

Hola @JavierHF el problema se solucionó aparentemente. Dejo los informes por si acaso:

 Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 11/11/18
Hora del análisis: 20:32
Archivo de registro: 13445b4a-e60a-11e8-94c2-1c1b0dab910e.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.482
Versión del paquete de actualización: 1.0.7793
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 17134.345)
CPU: x64
Sistema de archivos: NTFS
Usuario: OCTAVIO\Octavio

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 348545
Amenazas detectadas: 31
Amenazas en cuarentena: 31
Tiempo transcurrido: 2 min, 23 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 7
Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OPERA SCHEDULED AUTOUPDATE 3055412667, En cuarentena, [102], [537380],1.0.7793
Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{97BD64C2-C07D-41DC-956C-91883241C0B6}, En cuarentena, [102], [537380],1.0.7793
Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{97BD64C2-C07D-41DC-956C-91883241C0B6}, En cuarentena, [102], [537380],1.0.7793
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OPERA SCHEDULED AUTOUPDATE 2796787680, En cuarentena, [402], [557703],1.0.7793
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{32C6C4A5-FA99-4D16-AFF0-070A50F5BE4F}, En cuarentena, [402], [557703],1.0.7793
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{32C6C4A5-FA99-4D16-AFF0-070A50F5BE4F}, En cuarentena, [402], [557703],1.0.7793
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, En cuarentena, [472], [-1],0.0.0

Valor del registro: 5
Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [472], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-641470736-260735912-712596116-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [472], [-1],0.0.0
Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En cuarentena, [472], [-1],0.0.0
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{32C6C4A5-FA99-4D16-AFF0-070A50F5BE4F}|PATH, En cuarentena, [402], [557701],1.0.7793
Adware.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{97BD64C2-C07D-41DC-956C-91883241C0B6}|PATH, En cuarentena, [102], [537382],1.0.7793

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 2
Trojan.PowerShellSP.E, C:\USERS\OCTAVIO\APPDATA\ROAMING\MEDIACACHE, En cuarentena, [4052], [591354],1.0.7793
Adware.Wajam, C:\PROGRAM FILES\ZmVmOWNkYjQ4NjVmMWJj, En cuarentena, [472], [556539],1.0.7793

Archivo: 17
Adware.Agent, C:\WINDOWS\SYSTEM32\TASKS\OPERA SCHEDULED AUTOUPDATE 3055412667, En cuarentena, [102], [537380],1.0.7793
Trojan.Agent, C:\WINDOWS\SYSTEM32\TASKS\OPERA SCHEDULED AUTOUPDATE 2796787680, En cuarentena, [402], [557703],1.0.7793
Trojan.PowerShellSP.E, C:\USERS\OCTAVIO\APPDATA\ROAMING\MEDIACACHE\1FC4A1CD.ps1, En cuarentena, [4052], [591354],1.0.7793
Trojan.PowerShellSP.E, C:\Users\Octavio\AppData\Roaming\MediaCache\1FC4.vbs, En cuarentena, [4052], [591354],1.0.7793
Adware.Wajam, C:\PROGRAM FILES\ZmVmOWNkYjQ4NjVmMWJj\WBE_uninstall.dat, En cuarentena, [472], [556539],1.0.7793
Adware.Wajam, C:\Program Files\ZmVmOWNkYjQ4NjVmMWJj\MGNjY.exe, En cuarentena, [472], [556539],1.0.7793
Adware.Wajam, C:\Program Files\ZmVmOWNkYjQ4NjVmMWJj\mozcrt19.dll, En cuarentena, [472], [556539],1.0.7793
Adware.Wajam, C:\Program Files\ZmVmOWNkYjQ4NjVmMWJj\MzkyNTk4, En cuarentena, [472], [556539],1.0.7793
Adware.Wajam, C:\Program Files\ZmVmOWNkYjQ4NjVmMWJj\NGY1N2M5Y.ico, En cuarentena, [472], [556539],1.0.7793
Adware.Wajam, C:\Program Files\ZmVmOWNkYjQ4NjVmMWJj\nspr4.dll, En cuarentena, [472], [556539],1.0.7793
Adware.Wajam, C:\Program Files\ZmVmOWNkYjQ4NjVmMWJj\nss3.dll, En cuarentena, [472], [556539],1.0.7793
Adware.Wajam, C:\Program Files\ZmVmOWNkYjQ4NjVmMWJj\plc4.dll, En cuarentena, [472], [556539],1.0.7793
Adware.Wajam, C:\Program Files\ZmVmOWNkYjQ4NjVmMWJj\plds4.dll, En cuarentena, [472], [556539],1.0.7793
Adware.Wajam, C:\Program Files\ZmVmOWNkYjQ4NjVmMWJj\service.dat, En cuarentena, [472], [556539],1.0.7793
Adware.Wajam, C:\Program Files\ZmVmOWNkYjQ4NjVmMWJj\service_64.dat, En cuarentena, [472], [556539],1.0.7793
Adware.Wajam, C:\Program Files\ZmVmOWNkYjQ4NjVmMWJj\softokn3.dll, En cuarentena, [472], [556539],1.0.7793
Trojan.Agent.Generic, C:\USERS\OCTAVIO\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\SFRFGWTJ.LNK, En cuarentena, [3704], [536200],1.0.7793

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-09-21.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-11-2018
# Duration: 00:00:01
# OS:       Windows 10 Pro
# Cleaned:  2
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\Octavio\AppData\Roaming\winservices

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted       User-Agent Switcher for Chrome

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1324 octets] - [11/11/2018 20:41:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64 
Ran by Octavio (Administrator) on dom. 11/11/2018 at 20:46:11,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1 

Successfully deleted: C:\WINDOWS\wininit.ini (File) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on dom. 11/11/2018 at 20:48:41,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.11.2018
Ran by Octavio (administrator) on OCTAVIO (11-11-2018 20:49:48)
Running from C:\Users\Octavio\Desktop
Loaded Profiles: Octavio (Available Profiles: Octavio)
Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: Inglés (Estados Unidos)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\WINWORD.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9072128 2016-11-17] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17662072 2017-07-10] (Logitech Inc.)
HKLM\...\Run: [Gigabyte Speed] => C:\Program Files\cFosSpeed\cFosSpeed.exe [1563480 2016-10-21] (cFos Software GmbH)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-20] (AVAST Software)
HKLM-x32\...\Run: [Launch 0 FwCustom] => C:\Program Files (x86)\Mechanical Gaming Keyboard Driver\Mechanical Gaming Keyboard.exe [3205120 2016-12-03] (0)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2018-09-20] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-06-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [708904 2018-05-09] (Autodesk, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-641470736-260735912-712596116-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3206432 2018-08-08] (Valve Corporation)
HKU\S-1-5-21-641470736-260735912-712596116-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-641470736-260735912-712596116-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5878256 2018-10-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-641470736-260735912-712596116-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Octavio\AppData\Local\Akamai\netsession_win.exe [4586456 2018-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-641470736-260735912-712596116-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd)
HKU\S-1-5-21-641470736-260735912-712596116-1001\...\MountPoints2: {0af59223-0600-11e8-9beb-1c1b0dab910e} - "E:\setup.exe" 
HKU\S-1-5-21-641470736-260735912-712596116-1001\...\MountPoints2: {3b105c31-1a72-11e8-9bec-1c1b0dab910e} - "G:\setup.exe" 
HKU\S-1-5-21-641470736-260735912-712596116-1001\...\MountPoints2: {4e78fa4a-ae2c-11e8-9c38-1c1b0dab910e} - "H:\Setup.exe" 
HKU\S-1-5-21-641470736-260735912-712596116-1001\...\MountPoints2: {6dc3fce8-2edb-11e8-9bf3-1c1b0dab910e} - "F:\setup.exe" 
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{09a0f305-85ac-4a2f-86cc-53f5c41ec533}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7683e657-714e-4bda-ba12-12397a77df0b}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7683e657-714e-4bda-ba12-12397a77df0b}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-05-10] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-13] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-05-10] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-28] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-05-10] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-28] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-05-10] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -  No File
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-02-09] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-02-09] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} -  No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-02-09] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-02-09] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-09-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-06-22] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-06-22] (Adobe Systems)
FF Plugin HKU\S-1-5-21-641470736-260735912-712596116-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Octavio\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-04-10] (Zoom Video Communications, Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Octavio\AppData\Local\Google\Chrome\User Data\Default [2018-11-11]
CHR Extension: (Presentaciones) - C:\Users\Octavio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (BetterTTV) - C:\Users\Octavio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-11-21]
CHR Extension: (Documentos) - C:\Users\Octavio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Octavio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Octavio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-10]
CHR Extension: (uBlock Origin) - C:\Users\Octavio\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-09-29]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Octavio\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2018-01-26]
CHR Extension: (Adobe Acrobat) - C:\Users\Octavio\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-08]
CHR Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Octavio\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-10-05]
CHR Extension: (Hojas de cálculo) - C:\Users\Octavio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Octavio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (Avast Online Security) - C:\Users\Octavio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-26]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Octavio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Octavio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-10]
CHR Extension: (Chrome Media Router) - C:\Users\Octavio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"nodnmlna" => service was unlocked. <==== ATTENTION

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1388920 2018-05-09] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-06-22] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-20] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-20] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-10-20] (AVAST Software)
R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [598360 2016-10-21] (cFos Software GmbH)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-05-11] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-11] (Hi-Rez Studios) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-05] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-07-10] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-14] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-28] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-28] (Microsoft Corporation)
S2 nodnmlna; C:\WINDOWS\SysWOW64\nodnmlna\tnpmgcmr.exe [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (The OpenVPN Project)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201408 2018-10-20] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230512 2018-10-20] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201928 2018-10-20] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346760 2018-10-20] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59664 2018-10-20] (AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-29] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [185240 2018-10-20] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47064 2018-10-20] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42456 2018-10-20] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163376 2018-10-20] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111968 2018-10-20] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88112 2018-10-20] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028840 2018-10-20] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467904 2018-10-20] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208640 2018-10-20] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381144 2018-10-20] (AVAST Software)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30352 2018-01-26] (Disc Soft Ltd)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-07-10] (Logitech Inc.)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2018-03-20] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-11] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d37ca5c2cde53609\nvlddmkm.sys [17028552 2017-12-18] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-14] (NVIDIA Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2017-05-10] (Realtek )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [44544 2018-04-11] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46592 2018-06-28] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-06-28] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-28] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-11 20:49 - 2018-11-11 20:50 - 000022979 _____ C:\Users\Octavio\Desktop\FRST.txt
2018-11-11 20:49 - 2018-11-11 20:49 - 000000000 ____D C:\FRST
2018-11-11 20:48 - 2018-11-11 20:48 - 000000619 _____ C:\Users\Octavio\Desktop\JRT.txt
2018-11-11 20:43 - 2018-11-11 20:43 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-11 20:40 - 2018-11-11 20:40 - 000005423 _____ C:\Users\Octavio\Desktop\malware bytes informe.txt
2018-11-11 20:37 - 2018-11-11 20:37 - 000000000 ____D C:\WINDOWS\Panther
2018-11-11 20:31 - 2018-11-11 20:31 - 000046572 _____ C:\Users\Octavio\Documents\cc_20181111_203125.reg
2018-11-11 20:13 - 2018-11-11 20:42 - 000000000 ____D C:\AdwCleaner
2018-11-11 20:13 - 2018-11-11 20:13 - 000000000 ____D C:\Users\Octavio\AppData\Local\mbamtray
2018-11-11 20:13 - 2018-11-11 20:13 - 000000000 ____D C:\Users\Octavio\AppData\Local\mbam
2018-11-11 20:12 - 2018-11-11 20:12 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-11-11 20:12 - 2018-11-11 20:12 - 000002858 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-11-11 20:12 - 2018-11-11 20:12 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-11 20:12 - 2018-11-11 20:12 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-11 20:12 - 2018-11-11 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-11 20:12 - 2018-11-11 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-11-11 20:12 - 2018-11-11 20:12 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-11 20:12 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-11 20:11 - 2018-11-11 20:12 - 000000000 ____D C:\Program Files\CCleaner
2018-11-11 20:03 - 2018-11-11 20:06 - 079602504 _____ (Malwarebytes ) C:\Users\Octavio\Desktop\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7793.exe
2018-11-11 19:58 - 2018-11-11 19:59 - 002415616 _____ (Farbar) C:\Users\Octavio\Desktop\FRST64.exe
2018-11-11 19:57 - 2018-11-11 19:59 - 001790024 _____ (Malwarebytes) C:\Users\Octavio\Desktop\JRT.exe
2018-11-11 19:56 - 2018-11-11 19:58 - 007592144 _____ (Malwarebytes) C:\Users\Octavio\Desktop\adwcleaner_7.2.4.0.exe
2018-11-11 19:55 - 2018-11-11 19:58 - 016796856 _____ (Piriform Ltd) C:\Users\Octavio\Desktop\ccsetup547.exe
2018-11-11 19:54 - 2018-11-11 19:55 - 005614260 _____ (Piriform Ltd) C:\Users\Octavio\Desktop\Sin confirmar 238868.crdownload
2018-10-20 02:48 - 2018-10-20 02:48 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-10-20 02:48 - 2018-10-20 02:47 - 000042456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2018-10-15 00:01 - 2018-10-15 00:01 - 000001132 _____ C:\Users\Public\Desktop\Lightning Returns Final Fantasy XIII.lnk
2018-10-15 00:01 - 2018-10-15 00:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
2018-10-15 00:01 - 2015-12-10 17:28 - 000000000 ____D C:\Users\Octavio\AppData\Roaming\Steam
2018-10-14 23:40 - 2018-10-14 23:40 - 000000000 ____D C:\Program Files (x86)\Square Enix
2018-10-12 20:31 - 2018-10-12 20:31 - 000007670 _____ C:\Users\Octavio\Desktop\bd26a148-75b2-417e-8ea4-31c2f8097076.html

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-11 20:47 - 2017-05-11 03:48 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-11 20:45 - 2018-06-29 16:28 - 000000000 ____D C:\Users\Octavio\AppData\Local\AVAST Software
2018-11-11 20:43 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-11 20:43 - 2017-05-11 07:00 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-11-11 20:42 - 2018-05-13 23:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-11 20:42 - 2018-04-11 18:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-11-11 20:30 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-11 20:30 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-11 20:30 - 2018-01-26 06:33 - 000000000 ____D C:\Users\Octavio\AppData\Roaming\DAEMON Tools Lite
2018-11-11 20:30 - 2017-05-11 08:38 - 000000000 ____D C:\Users\Octavio\AppData\Local\CrashDumps
2018-11-11 20:30 - 2017-05-11 04:11 - 000000000 ____D C:\Program Files (x86)\Steam
2018-11-11 20:20 - 2018-05-28 08:14 - 000000000 ____D C:\Users\Octavio\AppData\Local\D3DSCache
2018-11-11 20:11 - 2018-09-01 20:53 - 000000000 ____D C:\Users\Octavio\Documents\3dsMax
2018-11-11 19:42 - 2018-10-04 22:36 - 000003140 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-11 19:42 - 2018-08-28 21:15 - 000002756 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-OCTAVIO-Octavio
2018-11-11 19:42 - 2018-06-29 16:26 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-11-11 19:42 - 2018-05-13 23:19 - 000003484 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-11 19:42 - 2018-05-13 23:19 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-11-11 19:42 - 2018-05-13 23:19 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-11 19:42 - 2018-05-13 23:19 - 000003260 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-11 19:42 - 2018-05-13 23:19 - 000003176 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-11 19:42 - 2018-05-13 23:19 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2018-11-11 19:42 - 2018-05-13 23:19 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-11 19:42 - 2018-05-13 23:19 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-11 19:42 - 2018-05-13 23:19 - 000002914 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-11 19:42 - 2018-05-13 23:19 - 000002848 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-641470736-260735912-712596116-1001
2018-11-11 19:42 - 2018-05-13 23:19 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-11 19:42 - 2018-05-13 23:19 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-11 19:42 - 2018-05-13 23:19 - 000002710 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-OCTAVIO-Octavio
2018-11-11 19:41 - 2018-09-02 23:25 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-11-11 18:38 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-09 18:52 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-07 17:44 - 2018-06-28 17:50 - 000000000 ____D C:\Users\Octavio\AppData\Roaming\WhatsApp
2018-11-05 14:33 - 2018-01-12 15:04 - 000000089 _____ C:\Users\Octavio\Desktop\Requisitos S21.txt
2018-10-31 17:50 - 2018-02-27 19:51 - 000000000 ____D C:\Users\Octavio\AppData\Local\Packages
2018-10-30 19:44 - 2017-05-10 17:25 - 000002329 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-30 19:44 - 2017-05-10 17:25 - 000002288 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-28 23:59 - 2018-05-13 23:07 - 000000000 ____D C:\Users\Octavio
2018-10-28 17:16 - 2018-05-13 23:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-28 12:20 - 2017-05-10 20:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-28 12:20 - 2017-05-10 20:13 - 000000000 ____D C:\Program Files (x86)\Java
2018-10-28 12:19 - 2017-05-10 20:13 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-10-27 12:53 - 2018-06-28 17:50 - 000002267 _____ C:\Users\Octavio\Desktop\WhatsApp.lnk
2018-10-27 12:53 - 2018-06-28 17:50 - 000000000 ____D C:\Users\Octavio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-10-27 12:53 - 2018-06-28 17:50 - 000000000 ____D C:\Users\Octavio\AppData\Local\WhatsApp
2018-10-27 12:49 - 2018-04-20 00:09 - 000000000 ____D C:\Users\Octavio\AppData\Local\SquirrelTemp
2018-10-27 12:14 - 2017-11-08 22:43 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-27 12:10 - 2018-06-29 20:38 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2018-10-23 08:02 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-10-20 02:48 - 2018-06-29 16:26 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-10-20 02:48 - 2018-06-29 16:25 - 000467904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-10-20 02:48 - 2018-06-29 16:25 - 000381144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-10-20 02:48 - 2018-06-29 16:25 - 000208640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-10-20 02:48 - 2018-06-29 16:25 - 000201408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-10-20 02:48 - 2018-06-29 16:25 - 000163376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-10-20 02:48 - 2018-06-29 16:25 - 000111968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-10-20 02:48 - 2018-06-29 16:25 - 000088112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-10-20 02:48 - 2018-06-29 16:25 - 000047064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-10-20 02:48 - 2018-04-11 20:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-10-20 02:47 - 2018-06-29 16:25 - 001028840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-10-20 02:47 - 2018-06-29 16:25 - 000346760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-10-20 02:47 - 2018-06-29 16:25 - 000230512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-10-20 02:47 - 2018-06-29 16:25 - 000201928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-10-20 02:47 - 2018-06-29 16:25 - 000185240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-10-20 02:47 - 2018-06-29 16:25 - 000059664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-10-18 23:18 - 2018-05-13 23:07 - 000002365 _____ C:\Users\Octavio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-18 23:18 - 2017-05-10 16:56 - 000000000 ___RD C:\Users\Octavio\OneDrive
2018-10-18 04:16 - 2017-08-23 22:29 - 000000000 ____D C:\ProgramData\X360CE
2018-10-16 21:46 - 2017-05-29 18:19 - 000000299 _____ C:\Users\Octavio\Desktop\credicoop.txt
2018-10-15 21:43 - 2018-07-20 20:09 - 000000000 ____D C:\ProgramData\Packages
2018-10-15 21:31 - 2017-11-08 22:47 - 000000000 ____D C:\Users\Octavio\AppData\LocalLow\Adobe
2018-10-15 21:30 - 2017-05-28 04:32 - 000000000 ____D C:\Users\Octavio\AppData\Roaming\uTorrent
2018-10-14 04:17 - 2018-03-14 13:11 - 000000000 ____D C:\Descarga de juegos

==================== Files in the root of some directories =======

2018-04-04 05:11 - 2018-05-15 23:24 - 000000033 _____ () C:\Users\Octavio\AppData\Roaming\AdobeWLCMCache.dat
2018-06-28 19:42 - 2018-06-28 19:42 - 000002480 _____ () C:\Users\Octavio\AppData\Roaming\Rarog.exe
2017-07-26 10:40 - 2017-07-26 10:40 - 000000000 ___SH () C:\Users\Octavio\AppData\Local\LumaEmu
2018-09-29 12:49 - 2018-09-29 12:49 - 000000000 _____ () C:\Users\Octavio\AppData\Local\oobelibMkey.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-13 23:03

==================== End of FRST.txt ============================

#5
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.11.2018
Ran by Octavio (11-11-2018 20:50:33)
Running from C:\Users\Octavio\Desktop
Windows 10 Pro Version 1803 17134.345 (X64) (2018-05-14 02:20:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-641470736-260735912-712596116-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-641470736-260735912-712596116-503 - Limited - Disabled)
Guest (S-1-5-21-641470736-260735912-712596116-501 - Limited - Disabled)
Octavio (S-1-5-21-641470736-260735912-712596116-1001 - Administrator - Enabled) => C:\Users\Octavio
WDAGUtilityAccount (S-1-5-21-641470736-260735912-712596116-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-641470736-260735912-712596116-1001\...\uTorrent) (Version: 3.5.4.44632 - BitTorrent Inc.)
Actualización de NVIDIA 31.1.10.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.1.10.0 - NVIDIA Corporation) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe Ae (HKLM\...\{B910FB1A-0B9D-412D-A735-28AF88A52FF1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_0) (Version: 15.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.6.0.384 - Adobe Systems Incorporated)
Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_0_0) (Version: 22.0.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-641470736-260735912-712596116-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Aplicación Blizzard (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Autodesk 3ds Max 2019 (HKLM\...\{52B37EC7-D836-0410-0864-3C24BCED2010}) (Version: 21.0.0.845 - Autodesk) Hidden
Autodesk 3ds Max 2019 (HKLM\...\Autodesk 3ds Max 2019) (Version: 21.0.0.845 - Autodesk)
Autodesk Advanced Material Library Base Resolution Image Library 2019 (HKLM-x32\...\{105181A1-013C-4EE7-A368-999FD7ED950A}) (Version: 17.11.3.0 - Autodesk)
Autodesk Advanced Material Library Low Resolution Image Library 2019 (HKLM-x32\...\{ACC0DD09-7E20-4792-87D5-BDBE40206584}) (Version: 17.11.3.0 - Autodesk)
Autodesk Advanced Material Library Medium Resolution Image Library 2019 (HKLM-x32\...\{078698AF-8BB1-4631-86D0-D91FEE147256}) (Version: 17.11.3.0 - Autodesk)
Autodesk Certificate Package  (x64) - 7.1.4 (HKLM\...\{1C891560-9ECD-4234-8BBD-752AFE0682D7}) (Version: 7.1.4.0 - Autodesk)
Autodesk Civil View for 3ds Max 2019 64-bit (HKLM\...\{70AA18E3-D2DE-4367-93BF-15F9CD3AC2E4}) (Version: 21.0.0.0 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.10.89 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2019 (HKLM\...\{A2C7815D-2162-4709-9291-12959AED42CA}) (Version: 21.0 - Autodesk)
Autodesk License Service (x64) - 7.1.4 (HKLM\...\{F53D6D10-7A75-4A39-8C53-A3D855C7C50A}) (Version: 7.1.4.0 - Autodesk)
Autodesk Material Library 2019 (HKLM-x32\...\{8F69EE2C-DC34-4746-9B47-7511147BD4B0}) (Version: 17.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2019 (HKLM-x32\...\{3AAA4C1B-51DA-487D-81A3-4234DBB9A8F9}) (Version: 17.11.3.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2019 (HKLM-x32\...\{2E819775-E94C-42CC-9C5D-ABB2ADABC7C2}) (Version: 17.11.3.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2019 (HKLM\...\{0BB716E0-1900-0610-0000-097DC2F354DF}) (Version: 19.0.0.401 - Autodesk) Hidden
Autodesk Revit Interoperability for 3ds Max 2019 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2019) (Version: 19.0.0.401 - Autodesk)
Autodesk Single Sign On Component (HKLM\...\{7D4DA6F4-7498-4946-ABA3-8010F2FB8405}) (Version: 9.27.0.600 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.7.2354 - AVAST Software)
Bayonetta (HKLM-x32\...\Bayonetta_is1) (Version:  - )
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 9.1 - Codeusa Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
Cuphead (HKLM-x32\...\1963513391_is1) (Version: 20170929 - GOG.com)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-641470736-260735912-712596116-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
FINAL FANTASY XV (HKLM-x32\...\FINAL FANTASY XV_is1) (Version:  - )
Gigabyte Speed v10.21 (HKLM\...\Gigabyte Speed) (Version: 10.21 - cFos Software GmbH, Bonn)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.2.0 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Lightning Returns Final Fantasy XIII version 1.0.0 (HKLM-x32\...\Lightning Returns Final Fantasy XIII_is1) (Version: 1.0.0 - Square Enix)
Logitech Gaming Software 8.94 (HKLM\...\Logitech Gaming Software) (Version: 8.94.108 - Logitech Inc.)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MAXtoA for 3ds Max 2019 (HKLM\...\{F27AD68F-774D-4AC6-AEE8-C9A48687FFBD}) (Version: 1.2.926.0 - Solid Angle)
Mechanical Gaming Keyboard Driver (HKLM-x32\...\{BB4A79B0-FB38-4F91-AF17-DBD43CF9F736}) (Version: 2016.11.05 - 0)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-641470736-260735912-712596116-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{db012557-340e-4a46-adae-81a6b0f6a1e9}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{5c75eda4-d029-43bf-a70b-a73d380f52ee}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MiniTool Partition Wizard 10.2.1 (DEMO) (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Nier Automata (HKLM-x32\...\{0F48043A-5115-42C3-B1B3-958AC3A319CF}_is1) (Version:  - Square Enix)
NVIDIA Controlador de la controladora 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA mental ray and IRay feature plugins for 3ds Max 2019 (HKLM\...\{4A02A23C-8BBF-4429-84AA-6DBFC4AC64DF}) (Version: 21.0.0.0 - Autodesk)
NVIDIA Software del sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.2 - OBS Project)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Pro Evolution Soccer 2018 (HKLM-x32\...\{9C9C432B-A926-42D1-B16D-6C566431AC59}_is1) (Version:  - Konami)
Proxy 4.00 (HKLM-x32\...\Proxy 4.00) (Version: 4.00 - Proxy)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.)
Resident Evil 7 Biohazard (HKLM-x32\...\{1ECBF8F3-7079-44CA-AD32-B2AECBCF636F}_is1) (Version:  - Capcom)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Rise of the Tomb Raider (HKLM-x32\...\Rise of the Tomb Raider_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Elder Scrolls V Skyrim Legendary Edition version 1.9.32.8 (HKLM-x32\...\The Elder Scrolls V Skyrim Legendary Edition_is1) (Version: 1.9.32.8 - Mr DJ)
TP-LINK TL-WN7200ND Driver (HKLM-x32\...\{9F88C456-C1E7-4D96-81BE-8D9E75C0229E}) (Version: 1.3.1 - TP-LINK)
Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-012B-0C0A-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{E345A108-D9E8-456B-9550-435132D5C9CE}) (Version: 2.13.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{035FFC43-55D6-4F5C-BCC5-21FED122C8B4}) (Version: 1.11.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WhatsApp (HKU\S-1-5-21-641470736-260735912-712596116-1001\...\WhatsApp) (Version: 0.3.1409 - WhatsApp)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-641470736-260735912-712596116-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-641470736-260735912-712596116-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-20] (AVAST Software)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-20] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-20] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-15] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-20] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {080DE66C-A908-44CE-85BF-CDC87F868D89} - System32\Tasks\AdobeGCInvoker-1.0-OCTAVIO-Octavio => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-09-10] (Adobe Systems, Incorporated)
Task: {0A6406A9-FF9B-4B53-9877-B855FAECC926} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-03-14] (NVIDIA Corporation)
Task: {0F75F4A2-0619-471E-B935-F74DD78C7E88} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-19] (Piriform Ltd)
Task: {1841A052-F1CF-4F6F-B4D3-C9C8C41D87EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-10] (Google Inc.)
Task: {1BC2DADE-713E-4A19-A306-4F40855AAAD8} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)
Task: {352636AA-881C-4DDF-B189-89B1AD7672B2} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-03-14] (NVIDIA Corporation)
Task: {354B02E5-A847-43D5-AE1F-8F50A1EA3D63} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-03-14] (NVIDIA Corporation)
Task: {35BA1AF0-6E2C-47FB-B1E4-786C987A9211} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {3B4FBB6E-0A7D-43FF-90B4-E22261E05933} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-10] (Google Inc.)
Task: {5BAC94B2-2FED-48AB-84D1-4C465B3B4661} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-03-14] (NVIDIA Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {90670D50-A730-4DA1-8848-92AF5604EA3B} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
Task: {919C03AD-AB8E-435A-910B-9CA14092CF98} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {9B28BBBF-F95B-4253-9A36-1B96A62E2AE5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd)
Task: {BF553425-D6E0-4753-B471-350B83D8434E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {D80C2BBA-6AEB-4072-B11F-FDBF461FAD8E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DD2A86A3-398E-4315-99D1-DDBE68E90A80} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-10-28] (AVAST Software)
Task: {E269A379-ADB3-47CA-BEC8-50977D1EAC19} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {EECB150F-52E4-4305-AF4D-D649C6B4D72A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-03-14] (NVIDIA Corporation)
Task: {F5041A3F-6861-4EAE-A35A-2DE1F9086D5D} - System32\Tasks\cFos\Registration Tasks\Open Browser => c:\program files (x86)\google\chrome\application\chrome.exe "hxxp://localhost:1487/cfosspeed/console.htm"
Task: {F561A0EA-04A4-479D-B132-C96A0AA1781A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-10-20] (AVAST Software)
Task: {F6985118-562E-4337-BA75-5429F60B2EC2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {F7F44B17-B61E-4FB4-AEC8-936D2FB121C8} - System32\Tasks\AdobeAAMUpdater-1.0-OCTAVIO-Octavio => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {F951BF59-1AC8-4CC9-A66C-F1495C59A970} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-14] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2018-11-11 20:12 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-09-26 02:52 - 2017-09-26 02:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-10-09 20:35 - 2018-09-20 00:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-23 19:12 - 2018-10-23 19:17 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2017-05-11 04:07 - 2018-03-14 10:05 - 001267648 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-09-20 03:32 - 2018-09-20 03:32 - 000151552 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\es_es\PDFMaker\PDFMOfficeAddin.ESP
2018-09-01 21:33 - 2018-05-09 03:54 - 000062840 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head2.dll
2018-09-01 21:33 - 2018-05-09 03:54 - 000140152 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2018-06-29 16:28 - 2018-06-29 16:28 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-10-20 02:47 - 2018-10-20 02:47 - 000598232 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2016-10-05 21:17 - 2016-10-05 21:17 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-05-11 04:07 - 2018-03-14 10:05 - 001041344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7939 more sites.

IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-641470736-260735912-712596116-1001\...\123simsen.com -> www.123simsen.com

There are 7939 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 08:04 - 2018-06-29 16:53 - 000454512 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

There are 15601 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-641470736-260735912-712596116-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Octavio\Pictures\stars_sky_shore_84534_1920x1080.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-641470736-260735912-712596116-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-641470736-260735912-712596116-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0E0B6FF9-5140-475A-BC02-1A9CDA0DEDE3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{293AF646-E67C-4E1D-B956-AA6ABFC463F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BCA55E16-CED7-4751-96C7-E71C19EA9130}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C2040CCE-DBE2-4293-8486-B8C471104063}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E9495CCC-CE23-430D-B709-98DDA66ECE90}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{52A38003-3144-424E-8E79-97FB050F98EA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DCF646EC-9C6A-43AF-A429-B307B64ADC6B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{83DDEA46-468B-48DE-91E7-33E5819C7B3E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{68EE7CD5-1397-40AC-9628-4200E3E48DFB}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{5AA6A45D-DCEA-44A4-BC75-6FE824173401}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [{B32DEB6F-F283-4955-982E-99E09B8788B1}] => (Allow) C:\Users\Octavio\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{90D28275-7255-420F-AD51-1D1ACEED452A}] => (Allow) C:\Users\Octavio\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0A925EDD-E23E-4BBA-8817-EC331CC3E4BF}] => (Allow) C:\Users\Octavio\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CFF1BD25-AE97-4F89-A1EE-9ABF88C8475F}] => (Allow) C:\Users\Octavio\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2307571D-D9A7-4BF7-9689-CABD562EC9EE}] => (Allow) C:\Users\Octavio\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{261CA1E4-AF4C-4EE3-BAC7-011494D9DC5D}] => (Allow) C:\Users\Octavio\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{2A6483E9-8099-49C3-BF3D-96B371FA73BF}D:\rise of the tomb raider\rottr.exe] => (Allow) D:\rise of the tomb raider\rottr.exe
FirewallRules: [UDP Query User{4CB20134-833D-4668-908B-FD87F83FD3AF}D:\rise of the tomb raider\rottr.exe] => (Allow) D:\rise of the tomb raider\rottr.exe
FirewallRules: [TCP Query User{F1064160-7E13-4E35-B64D-4CA9ED24DE9D}D:\rise of the tomb raider\rottr.exe] => (Block) D:\rise of the tomb raider\rottr.exe
FirewallRules: [UDP Query User{AFBB6EB6-0C84-4C0D-8ACD-FDC3ADA9B096}D:\rise of the tomb raider\rottr.exe] => (Block) D:\rise of the tomb raider\rottr.exe
FirewallRules: [TCP Query User{9D1D1ED1-88A5-499B-BF13-537F5C4F9D08}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{C7529BB9-DEAB-4F72-B44D-8F486F9A2F2A}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{211D36D1-B91D-43B0-8B2D-E772BA81ECEA}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{7B3596B3-4E4C-49B2-BA74-5586035596B7}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{FA8D9AC5-BA9F-4E93-BFFD-2F8BFE4F90CB}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E41381BC-B39F-45CB-9BDC-2EA2E9413014}D:\overwatch\overwatch.exe] => (Allow) D:\overwatch\overwatch.exe
FirewallRules: [{B4303E98-4952-49EF-B99A-3A2E03B4A33F}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{B79D9D86-88E3-45D4-B6B1-361A4B170778}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{6CAF3BC2-3C68-4205-973A-623715B0CD20}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{99429A42-DB11-46CA-B532-F2742E2A89B1}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{14251763-F5E6-40BB-9FF9-0CE52A7B8F66}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{6A172102-0697-4390-9BF0-CB853BE2C4E8}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{3F13730D-6342-4F2C-99AD-D73939708B96}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{007CB08C-8306-48E2-98C0-261EA7CF0741}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [TCP Query User{8F8C0CBD-7B32-4DE3-87F4-442890BBE734}C:\program files (x86)\pro evolution soccer 2018\pes2018.exe] => (Allow) C:\program files (x86)\pro evolution soccer 2018\pes2018.exe
FirewallRules: [UDP Query User{A39CD8DF-68BF-4251-AD34-281807502692}C:\program files (x86)\pro evolution soccer 2018\pes2018.exe] => (Allow) C:\program files (x86)\pro evolution soccer 2018\pes2018.exe
FirewallRules: [{6D8749CD-432E-4859-B2A1-8C1DD3AF0DBB}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{A2ABB45F-B922-4293-9BC1-D991B3887B9C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{F95D801E-BA43-4CFF-9FCB-09898DFFD3AF}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [{2F3147E6-B9EB-43CB-AB16-680C29A04A6E}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [TCP Query User{36194B47-24E9-4827-B896-4153FB1D4651}C:\users\octavio\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\octavio\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{0C981665-288F-4881-A6EF-53AC162A68CE}C:\users\octavio\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\octavio\appdata\local\akamai\netsession_win.exe
FirewallRules: [{10E83BE0-05E9-43D6-B043-B4E76FB8DD9B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C3432574-58D3-42A6-BB90-6D4EE83B7B07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E7B3C404-9841-427E-99D6-D9DD8AD5B1CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0EF04BD9-A423-43EF-B3C4-CC1919254B63}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{511961C3-A8CD-48BF-A370-B28A86B47E42}C:\users\octavio\appdata\roaming\utorrent\updates\3.5.4_44632.exe] => (Allow) C:\users\octavio\appdata\roaming\utorrent\updates\3.5.4_44632.exe
FirewallRules: [UDP Query User{F5144510-69B4-4F37-BFE4-1265DA4EEE17}C:\users\octavio\appdata\roaming\utorrent\updates\3.5.4_44632.exe] => (Allow) C:\users\octavio\appdata\roaming\utorrent\updates\3.5.4_44632.exe
FirewallRules: [{3A55E35B-4DE3-4FA2-9562-8EDF03383ED9}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{488CF8E3-82B0-42F7-B836-6C2C4B18A6B7}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{F0E88ED0-F814-47A8-BA0B-5D5F186E24C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1934824D-0F89-47F2-A70B-B94F70FAA382}C:\users\octavio\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\octavio\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{FDF448E1-7B9E-4B0D-8011-53D3EC8DAAD9}C:\users\octavio\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\octavio\appdata\local\akamai\netsession_win.exe
FirewallRules: [{624EA5A4-1A7C-4391-BEBF-8466533CA6B1}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{406E2042-08B5-44C0-8EBC-185901E6FE2C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

09-10-2018 20:33:48 Windows Update
09-10-2018 20:34:21 Windows Update
31-10-2018 17:45:33 Chrome Cleanup Tool
11-11-2018 20:14:00 JRT Pre-Junkware Removal
11-11-2018 20:46:14 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2018 08:44:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (11/11/2018 08:39:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (11/11/2018 08:27:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/11/2018 08:26:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa CCleaner64.exe, versión 5.47.0.6716, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 18cc

Hora de inicio: 01d47a15323538e7

Hora de finalización: 8

Ruta de la aplicación: C:\Program Files\CCleaner\CCleaner64.exe

Identificador de informe: ee269616-880e-434d-bb62-95e91b628929

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (11/11/2018 08:26:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/11/2018 08:20:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa CCleaner64.exe, versión 5.47.0.6716, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 680

Hora de inicio: 01d47a14681de169

Hora de finalización: 5

Ruta de la aplicación: C:\Program Files\CCleaner\CCleaner64.exe

Identificador de informe: 9c4ec14a-90d1-4413-ab78-ff102dcb111a

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (11/11/2018 08:11:22 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/11/2018 08:10:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (11/11/2018 08:49:51 PM) (Source: DCOM) (EventID: 10010) (User: OCTAVIO)
Description: El servidor {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/11/2018 08:47:51 PM) (Source: DCOM) (EventID: 10010) (User: OCTAVIO)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/11/2018 08:47:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio NVIDIA LocalSystem Container terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 6000 milisegundos: Restart the service.

Error: (11/11/2018 08:47:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio NVIDIA Display Container LS terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 1000 milisegundos: Restart the service.

Error: (11/11/2018 08:45:51 PM) (Source: DCOM) (EventID: 10010) (User: OCTAVIO)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (11/11/2018 08:43:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos application-specific no concede el permiso Launch Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
Unavailable
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (Using LRPC) que se ejecuta en el contenedor de aplicaciones con SID Unavailable (Unavailable). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (11/11/2018 08:42:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio nodnmlna no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (11/11/2018 08:42:09 PM) (Source: DCOM) (EventID: 10010) (User: OCTAVIO)
Description: El servidor Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy!App no se registró con DCOM dentro del tiempo de espera requerido.


Windows Defender:
===================================
Date: 2018-06-29 16:21:35.880
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0
Nombre: HackTool:Win32/Keygen
Id.: 2147593794
Gravedad: High
Categoría: Tool
Ruta de acceso: containerfile:_C:\Descarga de juegos\Adobe After Effects CC 2018 v15.0.0 incl Patch.zip;file:_C:\Descarga de juegos\Adobe After Effects CC 2018 v15.0.0 incl Patch.zip->Crack/Adobe CC 2015.5 XFORCE Activation/Keygen_XF-adobecc2015.exe;file:_C:\Descarga de juegos\Adobe After Effects CC 2018 v15.0.0 incl Patch.zip->Crack/adobe.snr.patch.v2.0-painter.zip->adobe.snr.patch.v2.0-painter.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.271.201.0, AS: 1.271.201.0, NIS: 1.271.201.0
Versión de motor: AM: 1.1.15000.2, NIS: 1.1.15000.2

Date: 2018-06-29 16:21:35.879
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Patcher&threatid=2147659947&enterprise=0
Nombre: HackTool:Win32/Patcher
Id.: 2147659947
Gravedad: High
Categoría: Tool
Ruta de acceso: containerfile:_C:\Descarga de juegos\Adobe After Effects CC 2018 v15.0.0 incl Patch.zip;file:_C:\Descarga de juegos\Adobe After Effects CC 2018 v15.0.0 incl Patch.zip->Crack/AMT Emulator v0.9.2 PainteR [Recommended]/amtemu.v0.9.2-painter.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.271.201.0, AS: 1.271.201.0, NIS: 1.271.201.0
Versión de motor: AM: 1.1.15000.2, NIS: 1.1.15000.2

Date: 2018-06-29 01:11:58.813
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Patcher&threatid=2147659947&enterprise=0
Nombre: HackTool:Win32/Patcher
Id.: 2147659947
Gravedad: High
Categoría: Tool
Ruta de acceso: containerfile:_C:\Descarga de juegos\Adobe After Effects CC 2018 v15.0.0 incl Patch.zip;file:_C:\Descarga de juegos\Adobe After Effects CC 2018 v15.0.0 incl Patch.zip->Crack/AMT Emulator v0.9.2 PainteR [Recommended]/amtemu.v0.9.2-painter.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Usuario
Usuario: OCTAVIO\Octavio
Nombre de proceso: Unknown
Versión de firma: AV: 1.271.201.0, AS: 1.271.201.0, NIS: 1.271.201.0
Versión de motor: AM: 1.1.15000.2, NIS: 1.1.15000.2

Date: 2018-06-29 01:11:58.812
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0
Nombre: HackTool:Win32/Keygen
Id.: 2147593794
Gravedad: High
Categoría: Tool
Ruta de acceso: containerfile:_C:\Descarga de juegos\Adobe After Effects CC 2018 v15.0.0 incl Patch.zip;file:_C:\Descarga de juegos\Adobe After Effects CC 2018 v15.0.0 incl Patch.zip->Crack/Adobe CC 2015.5 XFORCE Activation/Keygen_XF-adobecc2015.exe;file:_C:\Descarga de juegos\Adobe After Effects CC 2018 v15.0.0 incl Patch.zip->Crack/adobe.snr.patch.v2.0-painter.zip->adobe.snr.patch.v2.0-painter.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Usuario
Usuario: OCTAVIO\Octavio
Nombre de proceso: Unknown
Versión de firma: AV: 1.271.201.0, AS: 1.271.201.0, NIS: 1.271.201.0
Versión de motor: AM: 1.1.15000.2, NIS: 1.1.15000.2

Date: 2018-06-28 20:50:44.808
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS.A&threatid=2147726953&enterprise=0
Nombre: HackTool:Win32/AutoKMS.A
Id.: 2147726953
Gravedad: High
Categoría: Tool
Ruta de acceso: file:_C:\Program Files\KMSpico\Service_KMS.exe->[MSILRES:Service_KMS.SECOH-QAD.x64.dll]
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: OCTAVIO\Octavio
Nombre de proceso: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Versión de firma: AV: 1.271.193.0, AS: 1.271.193.0, NIS: 1.271.193.0
Versión de motor: AM: 1.1.15000.2, NIS: 1.1.15000.2

Date: 2018-11-11 20:45:11.488
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.271.246.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\NETWORK SERVICE
Versión de motor actual: 
Versión de motor anterior: 1.1.15000.2
Código de error: 0x80072ee7
Descripción del error: The server name or address could not be resolved 

Date: 2018-11-11 20:45:11.488
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.271.246.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\NETWORK SERVICE
Versión de motor actual: 
Versión de motor anterior: 1.1.15000.2
Código de error: 0x80072ee7
Descripción del error: The server name or address could not be resolved 

Date: 2018-11-11 20:45:11.488
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.271.246.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\NETWORK SERVICE
Versión de motor actual: 
Versión de motor anterior: 1.1.15000.2
Código de error: 0x80072ee7
Descripción del error: The server name or address could not be resolved 

Date: 2018-11-11 20:45:11.480
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.271.246.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\NETWORK SERVICE
Versión de motor actual: 
Versión de motor anterior: 1.1.15000.2
Código de error: 0x80072ee7
Descripción del error: The server name or address could not be resolved 

Date: 2018-11-11 20:45:11.480
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.271.246.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\NETWORK SERVICE
Versión de motor actual: 
Versión de motor anterior: 1.1.15000.2
Código de error: 0x80072ee7
Descripción del error: The server name or address could not be resolved 

CodeIntegrity:
===================================

Date: 2018-07-07 01:34:00.764
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.116.2.25\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-07 01:34:00.761
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.116.2.25\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-07 01:34:00.758
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.116.2.25\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-07 01:34:00.753
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.116.2.25\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-07 01:34:00.750
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.116.2.25\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-07 01:34:00.745
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.116.2.25\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-07 01:34:00.742
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.116.2.25\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-07 01:34:00.737
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.116.2.25\x64\OWExplorer.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 13%
Total physical RAM: 16342.76 MB
Available physical RAM: 14108.83 MB
Total Virtual: 18774.76 MB
Available Virtual: 15790.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.2 GB) (Free:105.01 GB) NTFS
Drive d: (Juegos y Media) (Fixed) (Total:465.74 GB) (Free:164.36 GB) NTFS
Drive e: (Lightning Returns FFXIII) (CDROM) (Total:7.63 GB) (Free:0 GB) UDF

\\?\Volume{670e6f03-eb3f-4ae2-977a-4bc858959be1}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{4c9fb5be-b003-4cc7-9022-cd491d3c329c}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0E880D0F)

Partition: GPT.

==================== End of Addition.txt ============================

#6

Hola.

APAGA y ENCIENDE totalmente tu equipo al menos tres veces seguidas y compruebas.

Nos comentas.

Saludos.


#7

Hola, el error no ha vuelto a aparecer, muchas gracias!


#8

Perfecto @0ctavs :+1: excelente, nos alegra ver que ya está el problema inicial completamente arreglado, ahora solo queda eliminar las herramientas usadas.

Para hacerlo descarga :arrow_forward: DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador -).

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.


Para cualquier otro problema, no dudes en volver a postear., ya sabes dónde estamos. :+1:

Tema Solucionado.

Saludos, Javier.


#9