Problemas con un ordenador que anda muy lento

al spybot no lo desinstalo porque se me va la opcion de inmunizar y quedo expuesto a spywares aparte de que no tiene proteccion en tiempo real es la version free por lo que no interfiere en el antivirus a la hora de usarlo

Hola @Beguelin

Tienes que desinstalarlo o no podemos continuar.

Ya te daré una herramienta mas actual, Spybot esta totalmente obsoleto.

Solo por el momento tienes que navegar por sitios seguros.

Luego al finalizar si crees que aun lo necesitas lo puedes volver a instalar.

Salu2.

Listo todo desinstalado disculpa la demora @SanMar

bueno me voy a acostar, lo dejamos para mañana, gracias x todo nos vemos

ya me desperte, ja paso algo?

Hola @Beguelin

Disculpa la demora hoy fue un día complicado.

El problema con los reportes de AwCleaner es que solo haces el scan y no eliminas todo lo que detecta, por ello siempre te encuentra lo mismo.

Sigue los pasos con mucha atención:

1.- Descarga, instala y/o actualiza a las siguientes herramientas:

2.- Ejecutas respetando el orden los pasos:

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.

  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

  • Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Personalizado marcando todas las unidades
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

3.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: [size=2]¿Como Pegar reportes en el Foro?[/size]

Nos comentas.

Salu2

AdwCleaner[S07].txt (1,8 KB) reporte.txt (1,5 KB) ZHPCleaner ®.txt (24,6 KB) ZHPCleaner (S).txt (23,8 KB)

Ya hice todo note una pequeña mejoria pero sigue igual de lento

Hola @Beguelin

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

ya lo hice te paso los reportesAdwCleaner[S07].txt (1,8 KB) reporte.txt (1,5 KB) ZHPCleaner ®.txt (2,4 KB) ZHPCleaner (S).txt (2,3 KB)

ahh tengo el super anti spyware SUPERA (Free edition) es un software viejo que hago lo desinstalo?

Hola @Beguelin

No es lo pedido, te tomaste el trabajo de leer lo que te solicite en el Post 11.

Salu2

tambien esta infectadisima, me lo hizo con windows telemetry el que me da el tiempo y la hora, PD: este windows es original

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2019 01
Ran by gusta (30-07-2019 20:58:40)
Running from C:\Users\gusta\Downloads
Windows 10 Home Single Language Version 1803 17134.885 (X64) (2018-10-01 00:39:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1498555920-1983202831-2001491286-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1498555920-1983202831-2001491286-503 - Limited - Disabled)
gusta (S-1-5-21-1498555920-1983202831-2001491286-1002 - Administrator - Enabled) => C:\Users\gusta
Invitado (S-1-5-21-1498555920-1983202831-2001491286-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1498555920-1983202831-2001491286-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Airplane Mode Hid Installer (HKLM-x32\...\{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 5.0.0.2 - )
Asistente para actualización a Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Autorizaciones AMR 2.7.5 (HKLM-x32\...\Autorizaciones AMR_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
Control Center 5.0000.0.7 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 5.0000.0.7 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HL-1210W series (HKLM-x32\...\{75E38F04-1BAF-4054-A059-57F831688943}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.4.0.3 - Insyde Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.12.3.0 - LG Electronics)
LibreOffice 5.1.4.2 (HKLM-x32\...\{D5D4AC5C-C757-4EB2-857C-B021DB22482C}) (Version: 5.1.4.2 - The Document Foundation)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 68.0.1 (x64 es-AR) (HKLM\...\Mozilla Firefox 68.0.1 (x64 es-AR)) (Version: 68.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 68.0.1.7137 - Mozilla)
Paquete de controladores de Windows - Insyde (AirplaneModeHid) HIDClass  (07/14/2015 1.4.0.3) (HKLM\...\F6EE2AD6575789BFA9536FE4637A2E06B7F2DD0F) (Version: 07/14/2015 1.4.0.3 - Insyde)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21253 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7629 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1040 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.24.1 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
USB Video/Audio Device Driver (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - Nombre de su organización)
VngPlus (HKLM-x32\...\{E2691A75-49F2-4FE6-A6D5-0FF5C48FE396}) (Version: 16.04.07 - Ecleris)
VngPlusSC (HKLM-x32\...\{77CC634C-0182-11D9-9AEC-000D87ADDD10}) (Version:  - )
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

Packages:
=========
Complemento de teléfono de Microsoft -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-28] (Microsoft Corporation)
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-15] (Microsoft Corporation) [MS Ad]
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt [2019-04-04] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-15] (Microsoft Corporation) [MS Ad]
Microsoft Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.12.28.0_x64__8wekyb3d8bbwe [2019-07-13] (Microsoft Studios)
MSN Deportes -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
MSN Finanzas -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.478.0_x64__mcm4njqhnhss8 [2019-06-27] (Netflix, Inc.)
Paradise Bay -> C:\Program Files\WindowsApps\king.com.ParadiseBay_3.9.0.0_x86__kgqvnymyfvs32 [2018-12-18] (king.com)
Shuffle Party -> C:\Program Files\WindowsApps\Microsoft.ShuffleParty_2.0.0.2_x86__8wekyb3d8bbwe [2015-09-04] (Microsoft Studios)
Teléfono Microsoft -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-11] (Microsoft Corporation)
Traductor -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.5.14.0_x64__8wekyb3d8bbwe [2019-07-13] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-11] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-05-31 21:38 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-05-31 21:39 - 2018-01-18 15:39 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2017-05-31 21:39 - 2017-12-22 12:53 - 000180224 _____ () [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2017-05-31 21:39 - 2018-01-18 15:39 - 000208896 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2017-05-31 21:39 - 2018-01-18 15:39 - 001720832 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2017-05-31 21:39 - 2018-01-19 11:26 - 002976256 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
2017-05-31 21:39 - 2018-01-18 15:39 - 000314368 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
2015-11-16 11:57 - 2015-07-17 11:28 - 001127424 _____ (CLEVO CO.) [File not signed] C:\Program Files (x86)\Hotkey\HkeyTray.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\BRCOM14A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\pwdrvio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwdspio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwNative.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ACTSKIN4.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLM03A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLMW03A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BROSNMP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRTCPCON.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Dao350.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DBGRDES.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DBGRID32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\HiTime32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mfc42loc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSCOMCTL.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msjet35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSJINT35.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSJTER35.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMASK32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrd2x35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSREPL35.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSSTDFMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWINSCK.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NystITFflip.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SPIN32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\THREED32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VB5DB.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VFP6R.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VFP6RESN.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VFP6RUN.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetdiag64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetmodem64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetndis64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\Users\gusta\Desktop\OrapeV3-27.7.X12.1-RB.swf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Desktop\sep-2016-calendario.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\4-99434681-127215.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\4-99434681-127215.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\Archivo.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\Archivo.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\BlncNvsvdrpl.rar:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\BlncNvsvdrpl.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\Caratulas Gustavo.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\Caratulas Gustavo.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\Dev-Cpp 5.11 TDM-GCC 4.9.2 Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\Dev-Cpp 5.11 TDM-GCC 4.9.2 Setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\flashplayer_25_sa.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.0.6_Win_x86.msi:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.0.6_Win_x86.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.1.4_Win_x86.msi:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.1.4_Win_x86.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\spywareblastersetup55.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\spywareblastersetup55.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\VNGPLUSNV_V16.04.07.ZIP:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\VNGPLUSNV_V16.04.07.ZIP:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\[SWF]OrapeV3-27.7.X12.1-RB.zip:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7941 more sites.

IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\1-2005-search.com -> www.1-2005-search.com

There are 12758 more sites.

IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\1-2005-search.com -> www.1-2005-search.com

There are 12758 more sites.

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\123simsen.com -> www.123simsen.com

There are 7943 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 08:04 - 2019-07-17 02:09 - 000454656 ____R C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

There are 15606 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194053902\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054136\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\gusta\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\Control Panel\Desktop\\Wallpaper -> C:\Users\gusta\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: isesrv => 2
HKLM\...\StartupApproved\Run32: => "IseUI"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{056C8075-8C8D-4DD1-9A64-6E5F0A22AACE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A9B201C2-B733-442E-AED9-591AA6174B80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{21F2E717-9785-40F9-B4B7-AECD045BFE9F}D:\cfg\ieembed.exe] => (Allow) D:\cfg\ieembed.exe No File
FirewallRules: [UDP Query User{A40C7869-5743-4EDA-8D6F-B62981546B78}D:\cfg\ieembed.exe] => (Allow) D:\cfg\ieembed.exe No File
FirewallRules: [TCP Query User{53C88FEB-4EDA-43FD-8DE6-83B59EB24A0C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{A813B966-72B2-417F-A547-CCD14D7AE2C6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E94B81F7-A517-4F7E-A36D-243C144C80D7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

26-06-2019 21:55:47 Removed COMODO Internet Security
13-07-2019 21:51:23 Punto de control programado
17-07-2019 21:23:44 Windows Update
20-07-2019 15:34:13 ZHPcleaner
21-07-2019 22:42:45 ZHPcleaner

==================== Faulty Device Manager Devices =============

Name: Insyde Airplane Mode HID Mini-Driver
Description: Insyde Airplane Mode HID Mini-Driver
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Insyde
Service: AirplaneModeHid
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2019 08:42:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa ShellExperienceHost.exe, versión 10.0.17134.753, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 1a30

Hora de inicio: 01d54727ec8e88a3

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Identificador de informe: ff1bd2ec-55d5-4cbf-82b0-29e694f7c27e

Nombre completo de paquete con errores: Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy

Identificador de aplicación relativa del paquete con errores: App

Error: (07/18/2019 03:30:33 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.


Operación:
   Ejecutando operación asincrónica

Contexto:
   Estado actual: DoSnapshotSet

Error: (07/18/2019 03:28:36 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {a3261c86-f4d8-4e9f-9881-c3c7caa5049c}

Error: (07/18/2019 02:54:24 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.


Operación:
   Ejecutando operación asincrónica

Contexto:
   Estado actual: DoSnapshotSet

Error: (07/18/2019 02:52:58 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.


Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {e455112f-8fa5-437e-ac71-77c55c176e7f}

Error: (07/18/2019 02:35:19 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.


Operación:
   Ejecutando operación asincrónica

Contexto:
   Estado actual: DoSnapshotSet

Error: (07/18/2019 02:32:50 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.


Operación:
   Ejecutando operación asincrónica

Contexto:
   Estado actual: DoSnapshotSet

Error: (07/18/2019 02:31:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.


Operación:
   Ejecutando operación asincrónica

Contexto:
   Estado actual: DoSnapshotSet


System errors:
=============
Error: (07/30/2019 08:41:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-M7LITVE)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 y APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 al usuario DESKTOP-M7LITVE\gusta con SID (S-1-5-21-1498555920-1983202831-2001491286-1002) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (07/30/2019 07:42:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (07/30/2019 07:42:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (07/30/2019 07:41:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos establecido de forma predeterminada en el equipo no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 y APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (07/30/2019 07:41:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (07/30/2019 07:41:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos establecido de forma predeterminada en el equipo no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 y APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (07/30/2019 07:41:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 y APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (07/30/2019 07:39:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio CmdAgentProt no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.


Windows Defender:
===================================
Date: 2019-07-21 22:41:56.122
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {1FDB4C6E-8F46-42EE-BAAC-6EB21F8EB8B8}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-07-20 15:22:51.822
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {11BB40CE-812E-488D-B22E-788B90ED21E6}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-07-30 20:46:10.211
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.299.867.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.16200.1
Código de error: 0x8050a003
Descripción del error: Este paquete no contiene archivos de definición actualizados para este programa. Para obtener más información, consulte Ayuda y soporte técnico. 

Date: 2019-07-30 20:46:10.211
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.299.867.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.16200.1
Código de error: 0x8050a003
Descripción del error: Este paquete no contiene archivos de definición actualizados para este programa. Para obtener más información, consulte Ayuda y soporte técnico. 

Date: 2019-07-30 20:46:10.211
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.299.867.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.16200.1
Código de error: 0x8050a003
Descripción del error: Este paquete no contiene archivos de definición actualizados para este programa. Para obtener más información, consulte Ayuda y soporte técnico. 

Date: 2019-07-30 20:45:08.432
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.299.224.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16200.1
Código de error: 0x80240016
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-07-30 19:50:15.129
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.299.224.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.16200.1
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

CodeIntegrity:
===================================

Date: 2019-07-15 02:47:27.800
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-26 22:09:15.502
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-26 22:02:50.983
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-26 21:55:14.438
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-26 21:55:14.100
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-26 21:54:47.021
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-26 21:44:30.436
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-26 21:42:22.799
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 4.6.5 08/08/2014
Motherboard: BANGHO MAX G0101
Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 50%
Total physical RAM: 8097.26 MB
Available physical RAM: 4024.86 MB
Total Virtual: 9377.26 MB
Available Virtual: 5140.01 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:480.41 GB) (Free:371.73 GB) NTFS
Drive e: (Datos VNG) (Fixed) (Total:449.9 GB) (Free:449.71 GB) NTFS

\\?\Volume{a8132d7f-7d43-4f94-9295-82714787f5ef}\ (Recovery) (Fixed) (Total:0.98 GB) (Free:0.54 GB) NTFS
\\?\Volume{3a3ed554-fdf8-4520-8e4a-08f63d8330e7}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 161DA336)

Partition: GPT.

==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-07-2019 01
Ran by gusta (administrator) on DESKTOP-M7LITVE (BANGHO MAX G0101) (30-07-2019 20:55:35)
Running from C:\Users\gusta\Downloads
Loaded Profiles: gusta &  (Available Profiles: gusta & DefaultAppPool)
Platform: Windows 10 Home Single Language Version 1803 17134.885 (X64) Language: Español (España, internacional)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(CLEVO CO. -> CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe
(CLEVO CO.) [File not signed] C:\Program Files (x86)\Hotkey\HkeyTray.exe
(DEVGURU CO LTD -> DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\gusta\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Support.com, Inc. -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-11-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9198512 2019-06-25] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9198512 2019-06-25] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [23153344 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194056151\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-17] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NewShortcut1.lnk [2015-11-16]
ShortcutTarget: NewShortcut1.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.) [File not signed]
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16DED0AE-CDC3-4D22-9B42-E8C3E1EBF3B8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {17106D3B-B2BF-4C92-8E6F-1F906CEE5AF0} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {29EBFC51-07B5-414C-9505-F06887B2644A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2BB3EF18-B077-439A-AC0D-1FD65133A40E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {36AF71C9-39C9-4CFC-80A9-E9E9CBE3B71A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-15] (Adobe Inc. -> Adobe)
Task: {37BD4A69-5D73-4C65-9D82-6B1038A87738} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {41B37DCB-9598-45F7-B757-1DD9C9D86CF1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16835256 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {43D942FE-1922-4162-960A-44FB3F473ECB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-20] (Google Inc -> Google LLC)
Task: {5C4052D5-5FA6-423E-88DC-AE5D0688348B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-15] (Adobe Inc. -> Adobe)
Task: {81584AA9-6CFB-4188-B33C-36546734D932} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-20] (Google Inc -> Google LLC)
Task: {BD72ED72-59DE-4732-87FF-BE313F79F0F6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-07-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FE85CCA2-4C8F-4279-B6CA-5A2CBA2C2F61} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0e8df25f-9f12-4896-bf83-4cd651bd7b68}: [DhcpNameServer] 200.49.130.47 200.42.4.199
Tcpip\..\Interfaces\{255e2537-04f9-415d-85bc-68f011c30c9b}: [DhcpNameServer] 200.49.130.41 200.42.4.199
Tcpip\..\Interfaces\{2e72e0c9-d61f-488b-8c08-149214ea2aae}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{4ab7eafa-0b58-49f6-9de3-7d6573c7d108}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6146c236-881d-47d6-b834-3bf9d16eb361}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b4392def-289f-434c-a6d0-31a06a1d9b51}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem15.msn.com/?PC=NMTE
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem15.msn.com/?PC=NMTE
SearchScopes: HKU\.DEFAULT -> DefaultScope {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL = 
SearchScopes: HKU\.DEFAULT -> {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL = 
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002 -> {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL = 
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://ar.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33090001005_10.2.0.6526_u_ds
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL = 
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://ar.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33090001005_10.2.0.6526_u_ds

FireFox:
========
FF DefaultProfile: 3qjab6pi.default
FF ProfilePath: C:\Users\gusta\AppData\Roaming\Mozilla\Firefox\Profiles\3qjab6pi.default [2019-07-30]
FF Extension: (No Name) - C:\Users\gusta\AppData\Roaming\Mozilla\Firefox\Profiles\3qjab6pi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-07-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-15] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-15] (Adobe Inc. -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-20] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-20] (Google Inc -> Google LLC)

Chrome: 
=======
CHR Profile: C:\Users\gusta\AppData\Local\Google\Chrome\User Data\Default [2019-07-20]
CHR Extension: (Presentaciones) - C:\Users\gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-20]
CHR Extension: (Documentos) - C:\Users\gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-20]
CHR Extension: (Google Drive) - C:\Users\gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-20]
CHR Extension: (YouTube) - C:\Users\gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-20]
CHR Extension: (Hojas de cálculo) - C:\Users\gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-20]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-05-20]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-20]
CHR Extension: (Gmail) - C:\Users\gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-20]
CHR Extension: (Chrome Media Router) - C:\Users\gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel(R) pGFX -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [31704 2015-04-07] (CLEVO CO. -> CLEVO CO.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2016-01-20] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-11-13] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 CmdAgentProt; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" /ProtectedSvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AirplaneModeHid; C:\WINDOWS\system32\DRIVERS\AirplaneModeHid.sys [33496 2015-07-17] (Insyde Software Corp. -> Insyde Corporation)
S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [29184 2016-01-14] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [36352 2016-01-14] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 andnetndis; C:\WINDOWS\System32\drivers\lgandnetndis64.sys [93696 2016-01-14] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-17] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-07-18] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-07-30] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-07-30] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-30] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-07-30] (Malwarebytes Corporation -> Malwarebytes)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2018-04-11] (Microsoft Windows -> Intel Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-11-24] (PAIPTAC  Driver -> )
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2016-02-25] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2016-02-25] (MiniTool Solution Ltd -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-12-31] (Realtek Semiconductor Corp -> Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [501976 2014-04-25] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-11-13] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44216 2015-11-13] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tpfilter; C:\WINDOWS\System32\drivers\tpfilter.sys [25928 2015-11-13] (BYD precision manufacture company -> TP Microelectronic)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-30] (Microsoft Windows -> Microsoft Corporation)
U1 aswbdisk; no ImagePath
U0 aswblog; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-30 20:48 - 2019-07-30 20:55 - 000052102 _____ C:\Users\gusta\Downloads\Addition.txt
2019-07-30 20:42 - 2019-07-30 20:57 - 000022263 _____ C:\Users\gusta\Downloads\FRST.txt
2019-07-30 20:41 - 2019-07-30 20:55 - 000000000 ____D C:\FRST
2019-07-30 20:40 - 2019-07-30 20:41 - 002096128 _____ (Farbar) C:\Users\gusta\Downloads\FRST64.exe
2019-07-30 20:40 - 2019-07-30 20:40 - 000000000 ___HD C:\OneDriveTemp
2019-07-30 19:40 - 2019-07-30 19:40 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-07-30 19:40 - 2019-07-30 19:40 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-07-30 19:40 - 2019-07-30 19:40 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-07-30 19:39 - 2019-07-30 19:39 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-07-20 16:04 - 2019-07-20 16:04 - 000001876 _____ C:\Users\gusta\Desktop\AdwCleaner[S07].txt
2019-07-20 15:58 - 2019-07-20 15:58 - 000001550 _____ C:\Users\gusta\Desktop\reporte.txt
2019-07-20 15:37 - 2019-07-21 22:46 - 000002463 _____ C:\Users\gusta\Desktop\ZHPCleaner (R).txt
2019-07-20 15:33 - 2019-07-21 22:12 - 000002371 _____ C:\Users\gusta\Desktop\ZHPCleaner (S).txt
2019-07-20 15:25 - 2019-07-21 22:46 - 000000000 ____D C:\Users\gusta\AppData\Roaming\ZHP
2019-07-20 15:25 - 2019-07-20 16:08 - 000000882 _____ C:\Users\gusta\Desktop\ZHPCleaner.lnk
2019-07-20 15:25 - 2019-07-20 15:25 - 000000000 ____D C:\Users\gusta\AppData\Local\ZHP
2019-07-20 14:53 - 2019-07-30 19:43 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-07-20 14:53 - 2019-07-20 14:53 - 000002888 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-07-20 14:53 - 2019-07-20 14:53 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-07-20 14:53 - 2019-07-20 14:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-07-20 14:53 - 2019-07-20 14:53 - 000000000 ____D C:\Program Files\CCleaner
2019-07-20 14:47 - 2019-07-20 14:50 - 020891464 _____ (Piriform Software Ltd) C:\Users\gusta\Downloads\ccsetup560.exe
2019-07-20 14:45 - 2019-07-20 14:52 - 003069824 _____ (Nicolas Coolman) C:\Users\gusta\Desktop\ZHPCleaner.exe
2019-07-20 14:44 - 2019-07-20 15:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-07-18 02:54 - 2019-07-18 02:54 - 000000085 _____ C:\WINDOWS\wininit.ini
2019-07-18 02:20 - 2019-07-18 02:20 - 000001086 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-07-18 02:20 - 2019-07-18 02:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-07-18 02:20 - 2019-07-18 02:20 - 000000000 ____D C:\Program Files\VS Revo Group
2019-07-18 02:19 - 2019-07-18 02:19 - 007411912 _____ (VS Revo Group ) C:\Users\gusta\Downloads\revosetup.exe
2019-07-18 00:38 - 2019-07-18 00:38 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-07-18 00:38 - 2019-07-18 00:38 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-18 00:38 - 2019-07-18 00:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-18 00:38 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-07-18 00:38 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-07-17 21:26 - 2019-07-04 06:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-17 21:26 - 2019-07-04 01:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-17 21:26 - 2019-07-04 01:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-17 21:26 - 2019-07-04 01:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-17 21:26 - 2019-07-04 01:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-17 21:26 - 2019-07-04 01:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-17 21:26 - 2019-07-04 01:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-17 21:26 - 2019-07-04 01:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-17 21:26 - 2019-07-04 01:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-17 21:26 - 2019-07-04 01:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-17 21:26 - 2019-06-13 03:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-17 21:25 - 2019-07-04 06:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-17 21:25 - 2019-07-04 06:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-17 21:25 - 2019-07-04 06:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-07-17 21:25 - 2019-07-04 06:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-17 21:25 - 2019-07-04 06:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-17 21:25 - 2019-07-04 06:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-17 21:25 - 2019-07-04 06:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-17 21:25 - 2019-07-04 06:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-17 21:25 - 2019-07-04 06:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-17 21:25 - 2019-07-04 06:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-17 21:25 - 2019-07-04 06:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-17 21:25 - 2019-07-04 05:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-17 21:25 - 2019-07-04 05:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-17 21:25 - 2019-07-04 05:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-17 21:25 - 2019-07-04 05:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-17 21:25 - 2019-07-04 05:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-17 21:25 - 2019-07-04 05:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-17 21:25 - 2019-07-04 02:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-17 21:25 - 2019-07-04 01:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-17 21:25 - 2019-07-04 01:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-17 21:25 - 2019-07-04 01:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-17 21:25 - 2019-07-04 01:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-17 21:25 - 2019-07-04 01:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-17 21:25 - 2019-07-04 01:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-17 21:25 - 2019-07-04 01:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-17 21:25 - 2019-07-04 01:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-17 21:25 - 2019-07-04 01:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-17 21:25 - 2019-07-04 01:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-17 21:25 - 2019-07-04 01:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-17 21:25 - 2019-07-04 01:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-17 21:25 - 2019-07-04 01:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-17 21:25 - 2019-07-04 01:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-17 21:25 - 2019-07-04 01:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-07-17 21:25 - 2019-07-04 01:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-07-17 21:25 - 2019-07-04 01:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-17 21:25 - 2019-07-04 01:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-17 21:25 - 2019-07-04 01:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-17 21:25 - 2019-07-04 01:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-17 21:25 - 2019-07-04 01:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-17 21:25 - 2019-07-04 01:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-17 21:25 - 2019-07-04 01:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-17 21:25 - 2019-07-04 01:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-17 21:25 - 2019-07-04 01:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-17 21:25 - 2019-07-04 01:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-17 21:25 - 2019-07-04 01:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-07-17 21:25 - 2019-07-04 01:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-17 21:25 - 2019-07-04 01:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-17 21:25 - 2019-07-04 01:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-17 21:25 - 2019-07-04 01:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-17 21:25 - 2019-07-04 01:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-17 21:25 - 2019-07-04 01:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-17 21:25 - 2019-07-04 01:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-17 21:25 - 2019-07-04 01:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-17 21:25 - 2019-07-04 01:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-17 21:25 - 2019-07-04 01:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-17 21:25 - 2019-07-04 01:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-17 21:25 - 2019-07-04 01:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-17 21:25 - 2019-07-04 01:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-17 21:25 - 2019-07-04 01:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-17 21:25 - 2019-07-04 01:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-07-17 21:25 - 2019-07-04 01:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-17 21:25 - 2019-07-04 01:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-17 21:25 - 2019-07-04 01:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-17 21:25 - 2019-07-04 01:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-17 21:25 - 2019-07-04 01:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-17 21:25 - 2019-07-04 01:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-17 21:25 - 2019-07-04 01:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-17 21:25 - 2019-07-04 01:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-17 21:25 - 2019-07-04 01:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-17 21:25 - 2019-07-04 01:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-17 21:25 - 2019-07-04 01:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-17 21:25 - 2019-07-04 01:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-17 21:25 - 2019-07-04 01:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-17 21:25 - 2019-07-04 01:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-17 21:25 - 2019-07-04 01:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-17 21:25 - 2019-07-04 01:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-17 21:25 - 2019-07-04 01:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-17 21:25 - 2019-07-04 01:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-17 21:25 - 2019-07-04 01:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-17 21:25 - 2019-07-04 01:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-17 21:25 - 2019-07-04 01:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-17 21:25 - 2019-07-04 01:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-17 21:25 - 2019-07-04 01:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-17 21:25 - 2019-07-04 01:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-07-17 21:25 - 2019-07-04 01:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-17 21:25 - 2019-07-04 01:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-07-17 21:25 - 2019-07-04 01:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-17 21:25 - 2019-07-04 01:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-17 21:25 - 2019-07-04 01:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-17 21:25 - 2019-07-04 01:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-17 21:25 - 2019-07-04 01:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-17 21:25 - 2019-07-04 01:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-17 21:25 - 2019-07-04 01:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-17 21:25 - 2019-07-04 01:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-17 21:25 - 2019-07-04 01:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-17 21:25 - 2019-07-04 01:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-17 21:25 - 2019-07-04 01:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-17 21:25 - 2019-07-04 01:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-17 21:25 - 2019-07-04 01:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-17 21:25 - 2019-07-04 01:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-17 21:25 - 2019-07-04 01:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-17 21:25 - 2019-07-04 01:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-17 21:25 - 2019-07-04 01:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-17 21:25 - 2019-07-04 01:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-17 21:25 - 2019-07-04 01:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-17 21:25 - 2019-07-04 00:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-07-17 21:25 - 2019-06-21 05:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-17 21:25 - 2019-06-13 09:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-17 21:25 - 2019-06-13 09:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-17 21:25 - 2019-06-13 09:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-17 21:25 - 2019-06-13 09:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-17 21:25 - 2019-06-13 09:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-17 21:25 - 2019-06-13 08:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-17 21:25 - 2019-06-13 08:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-17 21:25 - 2019-06-13 08:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-17 21:25 - 2019-06-13 08:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-17 21:25 - 2019-06-13 08:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-17 21:25 - 2019-06-13 08:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-17 21:25 - 2019-06-13 08:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-17 21:25 - 2019-06-13 08:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-17 21:25 - 2019-06-13 08:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-17 21:25 - 2019-06-13 08:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-07-17 21:25 - 2019-06-13 08:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-07-17 21:25 - 2019-06-13 08:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-07-17 21:25 - 2019-06-13 08:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-07-17 21:25 - 2019-06-13 08:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-17 21:25 - 2019-06-13 08:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-17 21:25 - 2019-06-13 08:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-17 21:25 - 2019-06-13 08:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-17 21:25 - 2019-06-13 08:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-17 21:25 - 2019-06-13 08:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-17 21:25 - 2019-06-13 08:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-17 21:25 - 2019-06-13 08:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-17 21:25 - 2019-06-13 08:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-17 21:25 - 2019-06-13 08:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-17 21:25 - 2019-06-13 08:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-17 21:25 - 2019-06-13 08:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-17 21:25 - 2019-06-13 08:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-17 21:25 - 2019-06-13 08:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-17 21:25 - 2019-06-13 08:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-17 21:25 - 2019-06-13 08:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-17 21:25 - 2019-06-13 08:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-17 21:25 - 2019-06-13 08:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-17 21:25 - 2019-06-13 08:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-17 21:25 - 2019-06-13 08:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-07-17 21:25 - 2019-06-13 08:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-17 21:25 - 2019-06-13 08:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-17 21:25 - 2019-06-13 07:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-07-17 21:25 - 2019-06-13 07:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-17 21:25 - 2019-06-13 07:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-17 21:25 - 2019-06-13 07:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-17 21:25 - 2019-06-13 06:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-17 21:25 - 2019-06-13 06:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-17 21:25 - 2019-06-13 06:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-17 21:25 - 2019-06-13 06:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-07-17 21:25 - 2019-06-13 06:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-17 21:25 - 2019-06-13 06:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-17 21:25 - 2019-06-13 06:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-17 21:25 - 2019-06-13 06:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-17 21:25 - 2019-06-13 04:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-07-17 21:25 - 2019-06-13 04:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-17 21:25 - 2019-06-13 04:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-17 21:25 - 2019-06-13 04:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-17 21:25 - 2019-06-13 04:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-17 21:25 - 2019-06-13 03:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-17 21:25 - 2019-06-13 03:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-17 21:25 - 2019-06-13 03:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-17 21:25 - 2019-06-13 03:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-07-17 21:25 - 2019-06-13 03:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-17 21:25 - 2019-06-13 03:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-17 21:25 - 2019-06-13 03:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-17 21:25 - 2019-06-13 03:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-17 21:25 - 2019-06-13 03:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-07-17 21:25 - 2019-06-13 03:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-17 21:25 - 2019-06-13 03:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-07-17 21:25 - 2019-06-13 03:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-07-17 21:25 - 2019-06-13 03:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-07-17 21:25 - 2019-06-13 03:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-17 21:25 - 2019-06-13 03:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-07-17 21:25 - 2019-06-13 03:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-17 21:25 - 2019-06-13 03:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-17 21:25 - 2019-06-13 03:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-17 21:25 - 2019-06-13 03:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-07-17 21:25 - 2019-06-13 03:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-07-17 21:25 - 2019-06-13 03:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-07-17 21:25 - 2019-06-13 03:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-07-17 21:25 - 2019-06-13 03:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-17 21:25 - 2019-06-13 03:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-17 21:25 - 2019-06-13 03:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-17 21:25 - 2019-06-13 03:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-17 21:25 - 2019-06-13 03:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-17 21:25 - 2019-06-13 03:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-17 21:25 - 2019-06-13 03:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-17 21:25 - 2019-06-13 03:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-07-17 21:25 - 2019-06-13 03:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-17 21:25 - 2019-06-13 03:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-17 21:25 - 2019-06-13 03:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-17 21:25 - 2019-06-13 03:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-07-17 21:25 - 2019-06-13 03:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-17 21:25 - 2019-06-13 03:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-17 21:25 - 2019-06-13 03:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-17 21:25 - 2019-06-13 03:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-17 21:25 - 2019-06-13 03:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-17 21:25 - 2019-06-13 03:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-07-17 21:25 - 2019-06-13 03:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-17 21:25 - 2019-06-13 03:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-17 21:25 - 2019-06-13 03:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-07-17 21:25 - 2019-06-13 03:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-17 21:25 - 2019-06-13 03:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-07-17 21:25 - 2019-06-13 03:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-17 21:25 - 2019-06-13 03:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-17 21:25 - 2019-06-13 03:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-17 21:25 - 2019-06-13 03:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-17 21:25 - 2019-06-13 03:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-17 21:25 - 2019-06-13 02:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-17 21:25 - 2019-06-13 02:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-07-17 21:25 - 2019-06-13 02:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-07-17 21:25 - 2019-06-13 02:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-17 21:25 - 2019-06-13 02:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-17 21:25 - 2019-06-13 02:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-07-17 21:25 - 2019-06-13 02:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-07-17 21:25 - 2019-06-13 01:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-07-17 21:25 - 2019-06-13 01:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2019-07-17 21:25 - 2019-06-13 01:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-07-17 21:25 - 2019-06-13 01:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-17 21:25 - 2019-06-13 01:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-17 21:25 - 2019-06-13 01:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-17 21:25 - 2019-06-13 01:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-17 21:25 - 2019-06-13 01:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-17 21:25 - 2019-06-13 01:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-17 21:25 - 2019-06-13 01:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-17 21:25 - 2019-06-13 01:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-07-17 21:25 - 2019-06-13 01:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-07-17 21:25 - 2019-06-13 01:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-07-17 21:25 - 2019-06-13 01:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-17 21:25 - 2019-06-13 01:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-17 21:25 - 2019-06-13 01:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-17 21:25 - 2019-06-13 01:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-17 02:09 - 2019-07-15 04:08 - 000454656 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20190717-020901.backup
2019-07-17 01:43 - 2019-07-17 01:43 - 000000000 ____D C:\Users\gusta\Documents\ComboKey
2019-07-17 01:08 - 2019-07-17 01:08 - 000001856 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2019-07-17 01:08 - 2019-07-17 01:08 - 000000000 ____D C:\Users\gusta\AppData\Roaming\SUPERAntiSpyware.com
2019-07-17 01:08 - 2019-07-17 01:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2019-07-17 01:07 - 2019-07-17 01:08 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-07-17 01:07 - 2019-07-17 01:07 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2019-07-17 00:57 - 2019-07-17 00:59 - 042725712 _____ (SUPERAntiSpyware) C:\Users\gusta\Downloads\SUPERAntiSpyware.exe
2019-07-15 04:08 - 2019-07-15 00:46 - 000454656 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20190715-040806.backup
2019-07-15 00:46 - 2019-07-15 00:41 - 000454656 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20190715-004656.backup
2019-07-15 00:40 - 2019-07-15 00:47 - 000000282 __RSH C:\ProgramData\ntuser.pol
2019-07-15 00:38 - 2019-07-15 00:39 - 000000000 ____D C:\AdwCleaner
2019-07-15 00:37 - 2019-07-15 00:37 - 007025360 _____ (Malwarebytes) C:\Users\gusta\Downloads\adwcleaner_7.3.exe
2019-07-15 00:37 - 2019-07-15 00:34 - 000454656 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20190715-003713.backup
2019-07-15 00:34 - 2019-07-15 00:33 - 000454656 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20190715-003410.backup
2019-07-15 00:33 - 2015-07-10 08:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20190715-003310.backup
2019-07-15 00:28 - 2019-07-15 00:28 - 000000000 ____D C:\Users\gusta\AppData\Local\mbamtray
2019-07-15 00:28 - 2019-07-15 00:28 - 000000000 ____D C:\Users\gusta\AppData\Local\mbam
2019-07-15 00:27 - 2019-07-15 00:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-15 00:27 - 2019-07-15 00:27 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-15 00:25 - 2019-07-15 00:25 - 064309056 _____ (Malwarebytes ) C:\Users\gusta\Downloads\mb3-setup-009996.009996-3.7.1.2839-1.0.538-1.0.9074.exe
2019-07-15 00:23 - 2019-07-18 02:57 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-07-15 00:23 - 2019-07-18 02:54 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-07-15 00:23 - 2019-07-15 00:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2019-07-15 00:20 - 2019-07-15 00:21 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\gusta\Downloads\spybotsd-2.7.64.0.exe
2019-07-15 00:18 - 2019-07-15 00:18 - 006074936 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-07-13 20:40 - 2019-07-13 20:40 - 000000000 ____C C:\unp307511881262872423i-manual.mdmp

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-30 20:48 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-30 20:48 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-30 20:44 - 2018-09-30 21:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-30 20:40 - 2015-12-30 16:10 - 000000000 ___RD C:\Users\gusta\OneDrive
2019-07-30 20:39 - 2016-11-20 10:39 - 000000000 ____D C:\Users\gusta\AppData\LocalLow\Mozilla
2019-07-30 20:38 - 2018-09-30 21:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-30 19:51 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-30 19:39 - 2018-09-30 21:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-30 19:39 - 2017-09-07 14:48 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-07-30 19:39 - 2015-12-30 16:10 - 000000000 __SHD C:\Users\gusta\IntelGraphicsProfiles
2019-07-21 23:06 - 2018-04-11 18:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-07-21 22:51 - 2019-03-19 09:34 - 000000000 ___HD C:\$WINDOWS.~BT
2019-07-21 22:51 - 2018-09-25 10:37 - 000000000 ___DC C:\WINDOWS\Panther
2019-07-20 15:06 - 2018-09-30 21:30 - 002004384 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-20 15:06 - 2018-04-12 13:18 - 000862728 _____ C:\WINDOWS\system32\perfh00A.dat
2019-07-20 15:06 - 2018-04-12 13:18 - 000185216 _____ C:\WINDOWS\system32\perfc00A.dat
2019-07-20 15:06 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2019-07-20 15:04 - 2015-12-30 16:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-20 14:57 - 2015-12-30 16:49 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-07-20 14:56 - 2019-06-22 17:40 - 000000000 ____D C:\Users\gusta\AppData\Local\CrashDumps
2019-07-20 14:56 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-07-18 03:46 - 2018-04-11 20:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-07-18 02:49 - 2015-09-04 12:30 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-07-18 02:37 - 2019-06-17 19:22 - 000000000 ____D C:\ProgramData\AVAST Software
2019-07-18 02:22 - 2015-12-30 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2019-07-18 00:38 - 2018-04-11 20:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-17 22:06 - 2015-12-31 18:18 - 000000000 ___RD C:\Users\gusta\3D Objects
2019-07-17 22:06 - 2015-09-04 11:45 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-17 22:03 - 2018-09-30 21:11 - 000307944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-17 22:01 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-07-17 22:01 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-17 22:01 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-17 22:01 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-17 22:01 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-17 22:01 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-17 22:01 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-17 22:01 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-17 22:01 - 2018-04-11 18:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-17 21:42 - 2015-09-04 12:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-17 21:39 - 2015-09-04 12:28 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-17 21:37 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-17 21:15 - 2019-05-20 22:09 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-17 21:15 - 2019-05-20 22:09 - 000002265 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-17 02:29 - 2018-03-08 18:42 - 000000000 ____D C:\Users\gusta\AppData\Local\Packages
2019-07-15 04:14 - 2019-05-20 22:08 - 000003484 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-07-15 04:14 - 2019-05-20 22:08 - 000003260 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-07-15 04:14 - 2018-09-30 21:38 - 000003782 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-07-15 04:14 - 2018-09-30 21:38 - 000003286 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-07-15 04:14 - 2018-09-30 21:38 - 000002862 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1498555920-1983202831-2001491286-1002
2019-07-15 04:14 - 2018-09-30 21:38 - 000002428 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2019-07-15 04:12 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-07-15 04:12 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-07-15 04:12 - 2016-01-14 18:28 - 000000000 ____D C:\Users\gusta\AppData\Local\Adobe
2019-07-15 00:48 - 2015-12-30 17:34 - 000000000 ____D C:\ProgramData\TEMP
2019-07-15 00:20 - 2015-07-10 08:04 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-07-15 00:19 - 2015-12-30 17:34 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2019-07-15 00:18 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-07-13 20:31 - 2018-09-30 21:18 - 000002408 _____ C:\Users\gusta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Files in the root of some directories ================

2019-06-26 22:09 - 2019-04-16 08:30 - 000447680 _____ (COMODO) C:\ProgramData\cmdres.dll

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

disculpa que me haya demorado en contestar tuve que hacer varias cosas en la semana se me paso volando

alguna recomendacion con lo que me esta pasando con malwarebytes que me esta bloqueando sitios malware de mi sistema operativo?

Hola @Beguelin

No es así, lo que te esta bloqueando Malwarebytes es otra cosa no FRST.

El problema es que como tardas tanto en volver el equipo se te reinfecta con cada reinicio, por lo cual no sirve limpiar ya que al volver te reinfectas de nuevo.

A la brevedad te dejo el script.

Salu2

Tienes activado Sandbox?

estaba usando sandboxie pero no lo estoy usando actualmente, me estuvo tirando varios errores ese era el unico sandbox que uso actualmente

actualmente estoy sin antivirus, antes usaba comodo internet security essencials, me lo instalo de vuelta a ese o cual me recomendas, que no sea avast ya lo probe y es muy malo

si podes avisame de uno a la brevedad que me tengo que ir en un rato y la pc puede quedar sin proteccion

Esto es otra cosa rara que le pasa a la pc, abro revo uninstaller y mira lo que me muestra

[/img]

Hola @Beguelin

Recuerda que esto no es un Chat, no podemos estar todo el día conectados pues también tenemos una vida.


Por el momento no instales absolutamente nada.

Y mucho menos productos piratas.

No estas sin antivirus tienes el nativo de Windows 10 que es Windows Defender.

Sobre la imagen que muestras de Revo Uninstaller es parte de Windows Update, ya desaparecerá cuando actualices a la ultima versión.

Y en cuanto a lo bloqueado por Malwarebytes ya veremos cual es el problema.


1.- Ejecutaste FRST desde un lugar incorrecto:

  • Running from C:\Users\gusta\Downloads

Corta el ejecutable y pegalo en tu escritorio <<< Esto es Muy Importante.


2.- Desinstala con Revo Uninstaller en su Modo Avanzado:

  • SUPERAntiSpyware y el Sandbox que tengas instalado

Manual de Revo Uninstaller.


3.- Luego de reiniciar sigue estos pasos:

Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

4.- Desactiva Temporalmente tu antivirus. >>> en tu caso Windows Defender

5.- Posteriormente con todos los programas cerrados inclusive los navegadores, abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {17106D3B-B2BF-4C92-8E6F-1F906CEE5AF0} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\COMODO
Task: {FE85CCA2-4C8F-4279-B6CA-5A2CBA2C2F61} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Tcpip\..\Interfaces\{0e8df25f-9f12-4896-bf83-4cd651bd7b68}: [DhcpNameServer] 200.49.130.47 200.42.4.199
Tcpip\..\Interfaces\{255e2537-04f9-415d-85bc-68f011c30c9b}: [DhcpNameServer] 200.49.130.41 200.42.4.199
Tcpip\..\Interfaces\{4ab7eafa-0b58-49f6-9de3-7d6573c7d108}: [DhcpNameServer] 192.168.42.129
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem15.msn.com/?PC=NMTE
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem15.msn.com/?PC=NMTE
SearchScopes: HKU\.DEFAULT -> DefaultScope {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL = 
SearchScopes: HKU\.DEFAULT -> {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL = 
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002 -> {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL = 
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://ar.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33090001005_10.2.0.6526_u_ds
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL = 
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://ar.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33090001005_10.2.0.6526_u_ds
FF Extension: (No Name) - C:\Users\gusta\AppData\Roaming\Mozilla\Firefox\Profiles\3qjab6pi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-07-30]
S2 CmdAgentProt; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" /ProtectedSvc [X]
U1 aswbdisk; no ImagePath
U0 aswblog; no ImagePath
2019-07-15 00:23 - 2019-07-18 02:57 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-07-15 00:23 - 2019-07-18 02:54 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-07-15 00:23 - 2019-07-15 00:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2019-07-15 00:20 - 2019-07-15 00:21 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\gusta\Downloads\spybotsd-2.7.64.0.exe
2019-07-30 19:39 - 2017-09-07 14:48 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-07-18 02:37 - 2019-06-17 19:22 - 000000000 ____D C:\ProgramData\AVAST Software
2019-07-18 02:22 - 2015-12-30 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2019-07-15 04:14 - 2018-09-30 21:38 - 000002428 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2019-07-15 00:48 - 2015-12-30 17:34 - 000000000 ____D C:\ProgramData\TEMP
2019-06-26 22:09 - 2019-04-16 08:30 - 000447680 _____ (COMODO) C:\ProgramData\cmdres.dll
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\WINDOWS\system32\BRCOM14A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\pwdrvio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwdspio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwNative.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ACTSKIN4.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLM03A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLMW03A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BROSNMP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRTCPCON.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Dao350.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DBGRDES.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DBGRID32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\HiTime32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mfc42loc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSCOMCTL.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msjet35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSJINT35.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSJTER35.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMASK32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrd2x35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSREPL35.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSSTDFMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWINSCK.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NystITFflip.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SPIN32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\THREED32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VB5DB.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VFP6R.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VFP6RESN.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VFP6RUN.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetdiag64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetmodem64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetndis64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\Users\gusta\Desktop\OrapeV3-27.7.X12.1-RB.swf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Desktop\sep-2016-calendario.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\4-99434681-127215.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\4-99434681-127215.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\Archivo.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\Archivo.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\BlncNvsvdrpl.rar:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\BlncNvsvdrpl.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\Caratulas Gustavo.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\Caratulas Gustavo.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\Dev-Cpp 5.11 TDM-GCC 4.9.2 Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\Dev-Cpp 5.11 TDM-GCC 4.9.2 Setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\flashplayer_25_sa.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.0.6_Win_x86.msi:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.0.6_Win_x86.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.1.4_Win_x86.msi:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.1.4_Win_x86.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\spywareblastersetup55.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\spywareblastersetup55.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\VNGPLUSNV_V16.04.07.ZIP:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\VNGPLUSNV_V16.04.07.ZIP:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\[SWF]OrapeV3-27.7.X12.1-RB.zip:$CmdZnID [26]
FirewallRules: [TCP Query User{21F2E717-9785-40F9-B4B7-AECD045BFE9F}D:\cfg\ieembed.exe] => (Allow) D:\cfg\ieembed.exe No File
FirewallRules: [UDP Query User{A40C7869-5743-4EDA-8D6F-B62981546B78}D:\cfg\ieembed.exe] => (Allow) D:\cfg\ieembed.exe No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Reinicias si no lo hizo la herramienta y nos comentas como sigue el equipo.

Salu2.

Listo ya hice todo aca te paso el log de fixlist.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019
Ran by gusta (31-07-2019 16:02:31) Run:1
Running from C:\Users\gusta\Desktop
Loaded Profiles: gusta &  (Available Profiles: gusta & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction - Chrome <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {17106D3B-B2BF-4C92-8E6F-1F906CEE5AF0} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\COMODO
Task: {FE85CCA2-4C8F-4279-B6CA-5A2CBA2C2F61} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Tcpip\..\Interfaces\{0e8df25f-9f12-4896-bf83-4cd651bd7b68}: [DhcpNameServer] 200.49.130.47 200.42.4.199
Tcpip\..\Interfaces\{255e2537-04f9-415d-85bc-68f011c30c9b}: [DhcpNameServer] 200.49.130.41 200.42.4.199
Tcpip\..\Interfaces\{4ab7eafa-0b58-49f6-9de3-7d6573c7d108}: [DhcpNameServer] 192.168.42.129
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem15.msn.com/?PC=NMTE
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem15.msn.com/?PC=NMTE
SearchScopes: HKU\.DEFAULT -> DefaultScope {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL = 
SearchScopes: HKU\.DEFAULT -> {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL = 
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002 -> {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL = 
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://ar.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33090001005_10.2.0.6526_u_ds
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL = 
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://ar.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33090001005_10.2.0.6526_u_ds
FF Extension: (No Name) - C:\Users\gusta\AppData\Roaming\Mozilla\Firefox\Profiles\3qjab6pi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-07-30]
S2 CmdAgentProt; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" /ProtectedSvc [X]
U1 aswbdisk; no ImagePath
U0 aswblog; no ImagePath
2019-07-15 00:23 - 2019-07-18 02:57 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-07-15 00:23 - 2019-07-18 02:54 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2019-07-15 00:23 - 2019-07-15 00:23 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2019-07-15 00:20 - 2019-07-15 00:21 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\gusta\Downloads\spybotsd-2.7.64.0.exe
2019-07-30 19:39 - 2017-09-07 14:48 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-07-18 02:37 - 2019-06-17 19:22 - 000000000 ____D C:\ProgramData\AVAST Software
2019-07-18 02:22 - 2015-12-30 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2019-07-15 04:14 - 2018-09-30 21:38 - 000002428 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2019-07-15 00:48 - 2015-12-30 17:34 - 000000000 ____D C:\ProgramData\TEMP
2019-06-26 22:09 - 2019-04-16 08:30 - 000447680 _____ (COMODO) C:\ProgramData\cmdres.dll
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\WINDOWS\system32\BRCOM14A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\pwdrvio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwdspio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwNative.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ACTSKIN4.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLM03A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRLMW03A.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BROSNMP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BRTCPCON.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Dao350.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DBGRDES.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DBGRID32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\HiTime32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mfc42loc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSCOMCTL.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msjet35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSJINT35.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSJTER35.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMASK32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrd2x35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSREPL35.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSSTDFMT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWINSCK.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NystITFflip.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SPIN32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\THREED32.OCX:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VB5DB.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VFP6R.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VFP6RESN.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VFP6RUN.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetdiag64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetmodem64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetndis64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\Users\gusta\Desktop\OrapeV3-27.7.X12.1-RB.swf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Desktop\sep-2016-calendario.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\4-99434681-127215.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\4-99434681-127215.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\Archivo.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\Archivo.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\BlncNvsvdrpl.rar:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\BlncNvsvdrpl.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\Caratulas Gustavo.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\Caratulas Gustavo.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\Dev-Cpp 5.11 TDM-GCC 4.9.2 Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\Dev-Cpp 5.11 TDM-GCC 4.9.2 Setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\document.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\document.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\flashplayer_25_sa.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.0.6_Win_x86.msi:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.0.6_Win_x86.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.1.4_Win_x86.msi:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\LibreOffice_5.1.4_Win_x86.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\spywareblastersetup55.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\spywareblastersetup55.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\VNGPLUSNV_V16.04.07.ZIP:$CmdTcID [64]
AlternateDataStreams: C:\Users\gusta\Downloads\VNGPLUSNV_V16.04.07.ZIP:$CmdZnID [26]
AlternateDataStreams: C:\Users\gusta\Downloads\[SWF]OrapeV3-27.7.X12.1-RB.zip:$CmdZnID [26]
FirewallRules: [TCP Query User{21F2E717-9785-40F9-B4B7-AECD045BFE9F}D:\cfg\ieembed.exe] => (Allow) D:\cfg\ieembed.exe No File
FirewallRules: [UDP Query User{A40C7869-5743-4EDA-8D6F-B62981546B78}D:\cfg\ieembed.exe] => (Allow) D:\cfg\ieembed.exe No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{17106D3B-B2BF-4C92-8E6F-1F906CEE5AF0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17106D3B-B2BF-4C92-8E6F-1F906CEE5AF0}" => removed successfully
C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" => removed successfully
"C:\Program Files\COMODO" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE85CCA2-4C8F-4279-B6CA-5A2CBA2C2F61}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE85CCA2-4C8F-4279-B6CA-5A2CBA2C2F61}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0e8df25f-9f12-4896-bf83-4cd651bd7b68}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{255e2537-04f9-415d-85bc-68f011c30c9b}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4ab7eafa-0b58-49f6-9de3-7d6573c7d108}\\DhcpNameServer" => removed successfully
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem15.msn.com/?PC=NMTE => Error: No automatic fix found for this entry.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} => removed successfully
HKLM\Software\Classes\CLSID\{4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} => not found
"HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} => removed successfully
HKLM\Software\Classes\CLSID\{4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} => not found
HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} => removed successfully
HKLM\Software\Classes\CLSID\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} => not found
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15 => Error: No automatic fix found for this entry.
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15 => Error: No automatic fix found for this entry.
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> {4E1C498E-5C14-4A49-A5F8-8A5AFF4526E0} URL = => Error: No automatic fix found for this entry.
SearchScopes: HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07302019194054370 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://ar.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=33090001005_10.2.0.6526_u_ds => Error: No automatic fix found for this entry.
C:\Users\gusta\AppData\Roaming\Mozilla\Firefox\Profiles\3qjab6pi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi => moved successfully
HKLM\System\CurrentControlSet\Services\CmdAgentProt => removed successfully
CmdAgentProt => service removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\aswblog => removed successfully
aswblog => service removed successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\WINDOWS\System32\Tasks\Safer-Networking => moved successfully
C:\Users\gusta\Downloads\spybotsd-2.7.64.0.exe => moved successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO => moved successfully
"C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" => not found
C:\ProgramData\TEMP => moved successfully
C:\ProgramData\cmdres.dll => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\WINDOWS\system32\BRCOM14A.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\d3dx9_24.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\d3dx9_28.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\d3dx9_29.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\d3dx9_31.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\pwdrvio.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\pwdspio.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\pwNative.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\x3daudio1_0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\x3daudio1_1.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\xactengine2_0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\xactengine2_2.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\xactengine2_3.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\xactengine2_4.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\xactengine2_5.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\xinput1_2.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\ACTSKIN4.OCX => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\BRLM03A.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\BRLMW03A.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\BROSNMP.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\BRTCPCON.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\comctl32.ocx => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\comdlg32.ocx => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\d3dx9_24.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\d3dx9_25.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\d3dx9_26.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\d3dx9_27.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\d3dx9_28.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\d3dx9_29.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\d3dx9_30.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\d3dx9_31.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\d3dx9_32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\Dao350.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\DBGRDES.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\DBGRID32.OCX => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\HiTime32.OCX => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\indexeddbserver.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\Mfc42loc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\MSCOMCTL.OCX => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\msjet35.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\MSJINT35.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\MSJTER35.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\MSMASK32.OCX => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\msrd2x35.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\MSREPL35.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\MSSTDFMT.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\MSWINSCK.OCX => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\NystITFflip.ax => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SPIN32.OCX => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\THREED32.OCX => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\VB5DB.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\VFP6R.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\VFP6RESN.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\VFP6RUN.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\x3daudio1_0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\x3daudio1_1.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\xactengine2_0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\xactengine2_1.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\xactengine2_2.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\xactengine2_3.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\xactengine2_4.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\xactengine2_5.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\xinput1_1.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\xinput1_2.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\xinput1_3.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\lgandnetdiag64.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\lgandnetmodem64.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\lgandnetndis64.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\ssudbus.sys => ":$CmdTcID" ADS removed successfully
"C:\ProgramData\TEMP" => ":5C321E34" ADS not found.
C:\Users\gusta\Desktop\OrapeV3-27.7.X12.1-RB.swf => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Desktop\sep-2016-calendario.jpg => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Downloads\4-99434681-127215.pdf => ":$CmdTcID" ADS removed successfully
C:\Users\gusta\Downloads\4-99434681-127215.pdf => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Downloads\Archivo.zip => ":$CmdTcID" ADS removed successfully
C:\Users\gusta\Downloads\Archivo.zip => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Downloads\BlncNvsvdrpl.rar => ":$CmdTcID" ADS removed successfully
C:\Users\gusta\Downloads\BlncNvsvdrpl.rar => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Downloads\Caratulas Gustavo.zip => ":$CmdTcID" ADS removed successfully
C:\Users\gusta\Downloads\Caratulas Gustavo.zip => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Downloads\Dev-Cpp 5.11 TDM-GCC 4.9.2 Setup.exe => ":$CmdTcID" ADS removed successfully
C:\Users\gusta\Downloads\Dev-Cpp 5.11 TDM-GCC 4.9.2 Setup.exe => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Downloads\document(1).pdf => ":$CmdTcID" ADS removed successfully
C:\Users\gusta\Downloads\document(1).pdf => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Downloads\document(2).pdf => ":$CmdTcID" ADS removed successfully
C:\Users\gusta\Downloads\document(2).pdf => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Downloads\document(3).pdf => ":$CmdTcID" ADS removed successfully
C:\Users\gusta\Downloads\document(3).pdf => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Downloads\document.pdf => ":$CmdTcID" ADS removed successfully
C:\Users\gusta\Downloads\document.pdf => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Downloads\flashplayer_25_sa.exe => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Downloads\LibreOffice_5.0.6_Win_x86.msi => ":$CmdTcID" ADS removed successfully
C:\Users\gusta\Downloads\LibreOffice_5.0.6_Win_x86.msi => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Downloads\LibreOffice_5.1.4_Win_x86.msi => ":$CmdTcID" ADS removed successfully
C:\Users\gusta\Downloads\LibreOffice_5.1.4_Win_x86.msi => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Downloads\setup.exe => ":$CmdTcID" ADS removed successfully
C:\Users\gusta\Downloads\setup.exe => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Downloads\spywareblastersetup55.exe => ":$CmdTcID" ADS removed successfully
C:\Users\gusta\Downloads\spywareblastersetup55.exe => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Downloads\VNGPLUSNV_V16.04.07.ZIP => ":$CmdTcID" ADS removed successfully
C:\Users\gusta\Downloads\VNGPLUSNV_V16.04.07.ZIP => ":$CmdZnID" ADS removed successfully
C:\Users\gusta\Downloads\[SWF]OrapeV3-27.7.X12.1-RB.zip => ":$CmdZnID" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{21F2E717-9785-40F9-B4B7-AECD045BFE9F}D:\cfg\ieembed.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A40C7869-5743-4EDA-8D6F-B62981546B78}D:\cfg\ieembed.exe" => removed successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet 4 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 6 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 7 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de red Bluetooth 2 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet 4:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 6:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 7:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Wi-Fi 3:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::528:36ac:2406:23cb%15
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.108
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

Adaptador de Ethernet Conexi¢n de red Bluetooth 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to cancel {8475FDE3-3A97-48B0-AE41-5B1A4F96F26A}.
0 out of 1 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07312019154935935\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07312019154935935\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1498555920-1983202831-2001491286-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07312019154936892\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1498555920-1983202831-2001491286-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07312019154936892\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 256100568 B
Java, Flash, Steam htmlcache => 1182 B
Windows/system/drivers => 1384 B
Edge => 116010 B
Chrome => 621685 B
Firefox => 136725544 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 26326 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 888 B
LocalService => 0 B
NetworkService => 42652 B
NetworkService => 0 B
gusta => 259509240 B
DefaultAppPool => 26326 B

RecycleBin => 0 B
EmptyTemp: => 631.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:03:56 ====

Hola @Beguelin

Perfecto…:+1:

Falto que comentaras como sientes ahora el equipo.

Salu2

lo veo igual que siempre no cambio mucho, PD que antivirus me recomendas?

Hola @Beguelin

Optimiza tu equipo:

1.- Descarga y/o CCleaner a tu escritorio.

  • Siguiendo su manual, lo instalas y ejecutas y utiliza las opciones Limpiador y Registro del mismo, tal como se explican en su Manual.

2.- Realiza un análisis completo del Disco duro siguiendo la guía:

IMPORTANTE: Si el porcentaje de Avance parece pararse, NO Canceles el proceso. Déjalo continuar si es necesario durante 24 horas más. .

3.- Libera espacio en disco siguiendo los pasos de:

4. Desfragmenta el/los discos duros y particiones del PC, siguiendo los pasos de:

Siempre que tu disco sea mecánico (HDD) si es SSD NO realizas este paso.

Luego de reiniciar, nos comentas como sigue el equipo.

Cuando finalicemos instalaras un AV por el momento es preferible que aun no.


Luego de reiniciar vuelve a ejecutar FRST tal como lo hiciste la primera vez y nos traes sus nuevos reportes.

Salu2.

che me instale comodo antivirus, tiro un examen de inicio, me encontro 4 amenazas no me las limpio, quedaron en la carpeta gustavo el usuario que usa la pc pero no se como solucionarlo algun consejo?