Proceso osrss


#1

Hola tengo abierto el proceso osrss que podria ser ? es normal ?


#2

Hola @guillermo77j

Veamos…si tenemos algo escondido. :roll_eyes:

Descarga y descomprime esta herramienta en tu escritorio :arrow_right: Manual de Malwarebytes Anti-Rootkits Beta, y sigues los pasos que se indican para revisar el equipo :

  • Abre la carpeta Mbar, haces doble clic en el archivo Mbar.exe.
  • En la ventana que saldrá pulsas en Next.
  • Pulsar en Update, y cuando termine en Next.
  • Ahora inicias el análisis pulsando en el botón Scan.
  • Al terminar, si existe infección pulsamos en CleanUp y si no hay infección pulsamos en Exit.

Al terminar busca en la carpeta Mbar, y abres los archivos mbar-log.txt y system-log.txt, nos copias el contenido en la siguiente respuesta y comentas resultados.

Saludos.


#5

Los resultados :

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2019.02.06.07
  rootkit: v2019.02.06.07

Windows 10 x64 NTFS
Internet Explorer 11.0.10240.17319
williams :: DESKTOP-RQ8C1Q6 [administrator]

6/2/2019 7:48:39 p. m.
mbar-log-2019-02-06 (19-48-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 268229
Time elapsed: 1 hour(s), 30 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
-----------------
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.0.10240.17319

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.295000 GHz
Memory total: 1980235776, free: 421515264

Downloaded database version: v2019.02.06.07
Downloaded database version: v2019.02.06.07
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     02/06/2019 19:48:05
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\??\C:\Program Files\ESET\ESET Security\Modules\em000k_64\1012\em000k_64.dll
\??\C:\Program Files\ESET\ESET Security\Modules\em006_64\1199\em006_64.dll
\??\C:\Program Files\ESET\ESET Security\Modules\em018k_64\1552\em018k_64.dll
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\SeLow_x64.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\epfwwfp.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\tap0901.sys
\SystemRoot\System32\drivers\ptun0901.sys
\SystemRoot\System32\drivers\tapwindscribe0901.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\rtwlane.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\necbatt.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\Drivers\RtsUer.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\Users\guillermo\Desktop\Microvirt\MEmuHyperv\MEmuDrv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\7545610E.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2019.02.06.07
  rootkit: v2019.02.06.07

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe0015a0b6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe0015a0b6b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe0015a0b6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00159e4f200, DeviceName: \Device\0000002d\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: EDCE7

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1024000
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1026048  Numsec = 620234752
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Extended with CSH (0x5)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 621262846  Numsec = 3878914
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-1026048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-621262846-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

#7

Bien… y ahora sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos Javier.


#8
Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 7/2/19
Hora del análisis: 7:29
Archivo de registro: 9409d90c-2acb-11e9-a73f-00ff720e97ec.json

-Información del software-
Versión: 3.7.1.2839
Versión de los componentes: 1.0.538
Versión del paquete de actualización: 1.0.9140
Licencia: Gratis

-Información del sistema-
SO: Windows 10 (Build 10240.17319)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-RQ8C1Q6\williams

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 337106
Amenazas detectadas: 1
Amenazas en cuarentena: 1
Tiempo transcurrido: 16 min, 40 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 1
Adware.InstallCore, C:\USERS\GUILLERMO\DOWNLOADS\MEMU-INSTALLER.EXE, En cuarentena, [422], [620512],1.0.9140

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-01-25.2 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-07-2019
# Duration: 00:01:04
# OS:       Windows 10 Pro
# Scanned:  31769
# Detected: 30


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare C:\Users\guillermo\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Shopper            C:\Users\guillermo\AppData\Local\CatalinaGroup

***** [ Files ] *****

PUP.Optional.DriverBooster      C:\Users\guillermo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy             C:\Windows\System32\Tasks\Driver Booster Scheduler

***** [ Registry ] *****

PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ApnTBMon
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
PUP.Optional.Legacy             HKLM\Software\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C49DC2D-017F-4E8E-96DE-8CC5D7FE5791} 
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build:    01-30-2019
# Database: 2019-01-25.2 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-07-2019
# Duration: 00:00:35
# OS:       Windows 10 Pro
# Cleaned:  30
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\guillermo\AppData\Roaming\IObit\Advanced SystemCare
Deleted       C:\Users\guillermo\AppData\Local\CatalinaGroup

***** [ Files ] *****

Deleted       C:\Users\guillermo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\Driver Booster Scheduler

***** [ Registry ] *****

Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ApnTBMon
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
Deleted       HKLM\Software\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Deleted       HKLM\Software\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Deleted       HKLM\Software\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Deleted       HKLM\Software\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Deleted       HKLM\Software\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Deleted       HKLM\Software\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Deleted       HKLM\Software\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Deleted       HKLM\Software\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Deleted       HKLM\Software\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C49DC2D-017F-4E8E-96DE-8CC5D7FE5791} 
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4463 octets] - [07/02/2019 07:53:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64 
Ran by williams (Administrator) on jue. 07/02/2019 at  8:06:10,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4 

Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\ProgramData\thunder network (Folder) 
Successfully deleted: C:\Users\Public\thunder network (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (guillermo) (Task)



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on jue. 07/02/2019 at  8:12:20,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#9
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 6.02.2019
Ran by williams (administrator) on DESKTOP-RQ8C1Q6 (07-02-2019 08:15:32)
Running from C:\Users\williams\Desktop
Loaded Profiles: williams (Available Profiles: Usuario por definir & guillermo & williams)
Platform: Windows 10 Pro 10240.17319 (X64) Language: Español (España, internacional)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
() C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
(Microvirt Software Technology Co. Ltd.) C:\Users\guillermo\Desktop\Microvirt\MEmu\MemuService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.25071.0_x64__8wekyb3d8bbwe\Video.UI.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18388928 2018-10-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Incorporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [177928 2018-11-29] (ESET, spol. s r.o. -> ESET)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1876417699-332647224-591295117-1008\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [672384 2018-04-26] (OpenVPN Technologies, Inc. -> )
HKU\S-1-5-21-1876417699-332647224-591295117-1008\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Drivers32-x32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-28] (Google Inc -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{8AF662BF-65A0-4D0A-A540-A338A999D36F}] -> C:\Windows\system32\FaceCredentialProvider.dll [2016-10-25] (Microsoft Windows -> )
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2018-03-29] (McAfee, Inc. -> McAfee, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> C:\Windows\system32\FaceCredentialProvider.dll [2016-10-25] (Microsoft Windows -> )
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Utilidad de configuración inalámbrica de TP-LINK.lnk [2017-10-18]
ShortcutTarget: Utilidad de configuración inalámbrica de TP-LINK.lnk -> C:\Program Files (x86)\TP-LINK\Utilidad de configuración inalámbrica de TP-LINK\TWCU.exe ()
Startup: C:\Users\Paul Joachimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-03-06]
ShortcutTarget: MEGAsync.lnk -> C:\Users\williams\AppData\Local\MEGAsync\MEGAsync.exe (No File)
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\PrxerNsp.dll [92328 2016-11-22] ()
Winsock: Catalog5-x64 01 C:\Windows\system32\PrxerNsp.dll [105128 2016-11-22] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{0a89115e-773d-4bb7-81b0-2c0cb56fa038}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{0a89115e-773d-4bb7-81b0-2c0cb56fa038}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{0c2ef432-8e9f-4f05-b31e-7add8cb8b9b0}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{402cfb3e-30d6-46ae-b79c-fd15086040c5}: [NameServer] 4.2.2.2,4.2.2.3
Tcpip\..\Interfaces\{402cfb3e-30d6-46ae-b79c-fd15086040c5}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{76acd532-0834-4140-b001-12af6f0f2840}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{76acd532-0834-4140-b001-12af6f0f2840}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{a4d2530b-a288-43b9-afd6-8cbeed7574a5}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{a50ab77c-4303-4db3-abe9-dcaa4520cee0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{a50ab77c-4303-4db3-abe9-dcaa4520cee0}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25] (McAfee, Inc. -> Intel Security)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25] (McAfee, Inc. -> Intel Security)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-09-25] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-09-25] (McAfee, Inc. -> Intel Security)

FireFox:
========
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\williams\AppData\Local\Google\Chrome\User Data\Default [2019-02-07]
CHR Extension: (Slides) - C:\Users\williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-01-28]
CHR Extension: (Docs) - C:\Users\williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-28]
CHR Extension: (Google Drive) - C:\Users\williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-28]
CHR Extension: (YouTube) - C:\Users\williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-28]
CHR Extension: (Sheets) - C:\Users\williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-01-28]
CHR Extension: (WebRTC Control) - C:\Users\williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjkmabmdepjfammlpliljpnbhleegehm [2019-01-28]
CHR Extension: (Google Docs Offline) - C:\Users\williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-28]
CHR Extension: (Gmail) - C:\Users\williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-01-28]
CHR Extension: (Chrome Media Router) - C:\Users\williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-28]

Opera: 
=======
OPR Extension: (WebRTC Control) - C:\Users\williams\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjkmabmdepjfammlpliljpnbhleegehm [2019-02-02]
OPR Extension: (Install Chrome Extensions) - C:\Users\williams\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-02-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2302160 2018-11-29] (ESET, spol. s r.o. -> ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MEmusvc; C:\Users\guillermo\Desktop\Microvirt\MEmu\MemuService.exe [269480 2017-05-26] (Microvirt Software Technology Co., Ltd. -> Microvirt Software Technology Co. Ltd.)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2015-09-22] (Huawei Technologies Co.,Ltd. -> )
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24192 2018-03-06] (OpenVPN Technologies, Inc. ->  )
S2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [900840 2017-08-14] (OpenVPN Technologies, Inc. -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2018-04-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [4606976 2015-08-03] (SafeIP) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH -> TeamViewer GmbH)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2018-03-29] (McAfee, Inc. -> McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-03-29] (McAfee, Inc. -> McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-03-29] (McAfee, Inc. -> McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2016-10-25] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-04] (Microsoft Corporation -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2018-09-07] (Windscribe Limited -> Windscribe Limited)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswTap; C:\Windows\System32\drivers\aswTap.sys [44640 2016-10-11] (AVAST Software a.s. -> The OpenVPN Project)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2015-07-10] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
S3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [66440 2018-04-03] (Intel Corporation -> Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [143448 2018-11-29] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15872 2018-10-17] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [188832 2018-10-17] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [109864 2018-10-17] (ESET, spol. s r.o. -> ESET)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [181160 2017-12-30] (ESET, spol. s r.o. -> ESET)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-04-03] (Martin Malik - REALiX -> REALiX(tm))
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [38128 2015-07-10] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [122608 2015-07-10] (Intel Corporation - Client Components Group -> Intel Corporation)
R3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [5382856 2017-03-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [480176 2018-10-23] (Intel Corporation -> Intel(R) Corporation)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-02-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-09-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 memudrv; C:\Users\guillermo\Desktop\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (上海迈微软件科技有限公司 -> Microvirt Corporation)
R3 necbatt; C:\Windows\System32\drivers\necbatt.sys [37240 2018-08-31] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
S3 Neo_VPN; C:\Windows\System32\drivers\Neo6_x64_VPN.sys [38216 2018-02-18] (SoftEther Corporation -> SoftEther Corporation)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [23040 2014-08-15] (Apple Inc.) [File not signed]
S0 nvraid; C:\Windows\System32\drivers\nvraid.sys [150368 2015-07-10] (Microsoft Windows -> NVIDIA Corporation)
S0 nvstor; C:\Windows\System32\drivers\nvstor.sys [166240 2015-07-10] (Microsoft Windows -> NVIDIA Corporation)
S3 PAC7302; C:\Windows\system32\DRIVERS\PAC7302.SYS [527360 2007-10-29] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Inc.)
R3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2016-06-15] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [89096 2018-11-16] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry Limited)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1139424 2018-08-10] (Realtek Semiconductor Corp. -> Realtek )
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [4995856 2016-03-23] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [430016 2018-10-25] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3737304 2018-04-03] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
S3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-07-10] (Microsoft Windows -> Realtek Semiconductor Corporation )
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [50624 2018-06-03] (SoftEther Corporation -> SoftEther Corporation)
S0 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44896 2015-07-10] (Microsoft Windows -> Silicon Integrated Systems Corp.)
S0 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81760 2015-07-10] (Microsoft Windows -> Silicon Integrated Systems)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [54896 2017-05-03] (Windscribe Limited -> The OpenVPN Project)
S3 TTDrv; C:\KOPLAYER\vbox\TTDrv.sys [261104 2015-12-22] (Fuzhou kaopu Network Co.,Ltd -> Oracle Corporation) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [151184 2017-10-19] (NGO -> MBB)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Windows -> Microsoft Corporation)
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 huawei_wwanecm; \SystemRoot\System32\drivers\ew_juwwanecm.sys [X]
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-07 08:15 - 2019-02-07 08:17 - 000019316 _____ C:\Users\williams\Desktop\FRST.txt
2019-02-07 08:14 - 2019-02-07 08:15 - 000000000 ____D C:\FRST
2019-02-07 08:14 - 2019-02-07 08:14 - 000016148 _____ C:\Windows\system32\DESKTOP-RQ8C1Q6_williams_HistoryPrediction.bin
2019-02-07 08:12 - 2019-02-07 08:12 - 000000839 _____ C:\Users\williams\Desktop\JRT.txt
2019-02-07 08:02 - 2019-02-07 08:02 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-07 07:52 - 2019-02-07 07:54 - 000000000 ____D C:\AdwCleaner
2019-02-07 07:27 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-02-07 07:26 - 2019-02-07 07:26 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-07 07:26 - 2019-02-07 07:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-07 07:26 - 2019-02-07 07:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-02-07 07:26 - 2019-02-07 07:26 - 000000000 ____D C:\Program Files\Malwarebytes
2019-02-07 07:26 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-02-07 06:50 - 2019-02-07 08:05 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-02-07 06:50 - 2019-02-07 06:50 - 000002894 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-02-07 06:50 - 2019-02-07 06:50 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-02-07 06:50 - 2019-02-07 06:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-02-07 06:50 - 2019-02-07 06:50 - 000000000 ____D C:\Program Files\CCleaner
2019-02-07 06:46 - 2019-02-07 06:46 - 002433536 _____ (Farbar) C:\Users\williams\Desktop\FRST64.exe
2019-02-07 06:42 - 2019-02-07 06:42 - 007316688 _____ (Malwarebytes) C:\Users\williams\Desktop\adwcleaner_7.2.7.0.exe
2019-02-07 06:42 - 2019-02-07 06:42 - 001790024 _____ (Malwarebytes) C:\Users\williams\Desktop\JRT.exe
2019-02-07 06:41 - 2019-02-07 06:42 - 064420216 _____ (Malwarebytes ) C:\Users\williams\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9140.exe
2019-02-07 06:41 - 2019-02-07 06:41 - 019341880 _____ (Piriform Software Ltd) C:\Users\williams\Desktop\ccsetup552.exe
2019-02-07 06:27 - 2019-02-07 06:33 - 064318016 _____ (Malwarebytes ) C:\Users\williams\Downloads\Unconfirmed 78729.crdownload
2019-02-06 22:46 - 2019-02-06 22:46 - 000000000 ____D C:\Users\williams\AppData\Local\mbam
2019-02-06 22:45 - 2019-02-06 22:45 - 000000000 ____D C:\Users\williams\AppData\Local\mbamtray
2019-02-06 19:48 - 2019-02-06 19:48 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7545610E.sys
2019-02-06 19:47 - 2019-02-06 21:51 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-02-06 19:45 - 2019-02-06 21:51 - 000000000 ____D C:\Users\williams\Desktop\mbar
2019-02-06 19:44 - 2019-02-06 19:51 - 064309056 _____ (Malwarebytes ) C:\Users\williams\Downloads\mb3-setup-35891.35891-3.7.1.2839-1.0.538-1.0.9074.exe
2019-02-06 19:44 - 2019-02-06 19:45 - 014178840 _____ (Malwarebytes Corp.) C:\Users\williams\Downloads\mbar-1.10.3.1001.exe
2019-02-05 21:37 - 2016-09-10 00:25 - 000095798 _____ C:\Users\williams\Downloads\Subtitulos.srt
2019-02-05 21:37 - 2016-09-10 00:25 - 000006877 _____ C:\Users\williams\Downloads\Forzados.srt
2019-02-05 21:37 - 2016-09-05 21:36 - 000000836 _____ C:\Users\williams\Downloads\IMPORTANTE.txt
2019-02-05 21:37 - 2016-09-05 21:36 - 000000058 _____ C:\Users\williams\Downloads\DescargateloCorp.com Todo por MEGA.url
2019-02-05 21:29 - 2016-09-10 00:35 - 3515490403 _____ C:\Users\williams\Downloads\XM3N490C411953-18-DC.mkv
2019-02-05 21:28 - 2019-02-05 21:28 - 000000000 ____D C:\Users\williams\AppData\Roaming\WinRAR
2019-02-05 13:18 - 2019-02-05 19:55 - 3691046119 _____ C:\Users\williams\Downloads\XM3N490C41195391020161111NK-18.rar
2019-02-05 11:56 - 2019-02-05 11:56 - 043651336 _____ (AppWork GmbH) C:\Users\williams\Downloads\JDownloaderSetup.exe
2019-02-04 21:46 - 2019-02-05 12:25 - 000002188 _____ C:\Users\williams\Desktop\JDownloader 2.lnk
2019-02-04 21:46 - 2019-02-05 12:25 - 000000000 ____D C:\Users\williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2019-02-04 20:14 - 2019-02-04 20:14 - 000000000 ____D C:\Users\williams\AppData\Local\ESET
2019-02-04 18:58 - 2019-02-05 20:31 - 000000000 ____D C:\Users\williams\AppData\Local\JDownloader 2.0
2019-02-03 19:56 - 2019-02-03 19:56 - 004246384 _____ (Initex ) C:\Users\williams\Downloads\ProxifierSetup.exe
2019-02-03 18:18 - 2019-02-03 18:57 - 017218257 _____ C:\Users\williams\Downloads\Felipe Peláez - Vivo Pensando En Ti ft. Maluma (1).mp4
2019-02-03 18:15 - 2019-02-03 18:43 - 012171825 _____ C:\Users\williams\Downloads\Paulo Londra - Adan y Eva (Official Video) (1).mp4
2019-02-03 17:45 - 2019-02-03 18:05 - 013748672 _____ C:\Users\williams\Downloads\Felipe Peláez - Vivo Pensando En Ti ft. Maluma.mp4
2019-02-03 17:45 - 2019-02-03 18:02 - 012171825 _____ C:\Users\williams\Downloads\Paulo Londra - Adan y Eva (Official Video).mp4
2019-02-03 13:23 - 2019-02-03 23:18 - 000000723 _____ C:\Users\williams\Desktop\Nuevos correos de valued.txt
2019-02-01 22:01 - 2019-02-01 21:56 - 000198919 _____ C:\Users\williams\Desktop\1 PENSUM MEDICINA (vigenta).pdf
2019-02-01 21:56 - 2019-02-01 21:56 - 000198919 _____ C:\Users\williams\Downloads\1 PENSUM MEDICINA (vigenta).pdf
2019-02-01 18:01 - 2019-02-01 18:01 - 000000801 _____ C:\Users\williams\Desktop\Windows 10 Update Assistant.lnk
2019-01-30 20:04 - 2019-01-30 20:04 - 000085069 ____T C:\Users\williams\Downloads\pagoo.pdf
2019-01-30 14:48 - 2019-01-30 14:48 - 000083866 ____T C:\Users\williams\Desktop\pago2.pdf
2019-01-30 14:42 - 2019-01-30 14:42 - 000094386 ____T C:\Users\williams\Desktop\pago.pdf
2019-01-30 14:42 - 2019-01-30 14:42 - 000000000 ____D C:\Users\williams\AppData\LocalLow\Temp
2019-01-30 13:09 - 2019-01-30 13:09 - 000004230 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1548868188
2019-01-30 13:09 - 2019-01-30 13:09 - 000001447 _____ C:\Users\williams\Desktop\Opera Browser.lnk
2019-01-30 13:09 - 2019-01-30 13:09 - 000001447 _____ C:\Users\williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-01-30 10:23 - 2019-02-07 06:57 - 000000000 ____D C:\Users\williams\AppData\Roaming\Mozilla
2019-01-29 20:45 - 2019-01-29 20:45 - 002158664 _____ (Opera Software) C:\Users\williams\Downloads\OperaSetup (1).exe
2019-01-29 20:39 - 2019-01-29 20:39 - 000000106 _____ C:\Users\williams\Downloads\ec2-18-191-191-29.us-east-2.compute.amazonaws.com.rdp
2019-01-29 20:37 - 2019-01-29 20:37 - 000001696 _____ C:\Users\williams\Downloads\newkeypair.pem
2019-01-29 20:37 - 2019-01-29 20:37 - 000001696 _____ C:\Users\williams\Desktop\newkeypair.pem
2019-01-28 22:10 - 2019-01-28 22:10 - 000000000 ____D C:\Users\williams\AppData\Local\Microvirt
2019-01-28 20:01 - 2019-01-28 20:01 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-28 20:01 - 2019-01-28 20:01 - 000002330 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-01-28 19:42 - 2019-01-28 19:42 - 001136176 _____ (Google Inc.) C:\Users\williams\Downloads\ChromeSetup.exe
2019-01-28 18:53 - 2019-01-28 18:56 - 002158680 _____ (Opera Software) C:\Users\williams\Downloads\OperaSetup.exe
2019-01-28 18:23 - 2019-01-30 13:10 - 000000000 ____D C:\Users\williams\AppData\Local\Opera Software
2019-01-28 18:23 - 2019-01-30 13:05 - 000000000 ____D C:\Users\williams\AppData\Roaming\Opera Software
2019-01-28 16:24 - 2019-01-28 16:24 - 000000000 ____D C:\Users\williams\AppData\Local\tkdata
2019-01-27 18:33 - 2019-01-27 18:34 - 524145185 _____ C:\Users\williams\Downloads\DBSLT Broly.mp4
2019-01-27 16:00 - 2019-02-03 09:50 - 000000970 _____ C:\Users\williams\Desktop\Valued nuevo.txt
2019-01-27 16:00 - 2019-01-29 20:40 - 000000348 _____ C:\Users\williams\Desktop\Nuevo documento de texto (3).txt
2019-01-27 11:35 - 2019-01-27 11:35 - 005582200 _____ (COMODO) C:\Users\williams\Downloads\cmd_fw_installer_6113_c7.exe
2019-01-27 10:38 - 2019-01-27 10:38 - 000000000 ____D C:\Users\williams\AppData\Local\OneDrive
2019-01-26 17:51 - 2019-01-26 17:51 - 000003380 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1876417699-332647224-591295117-1008
2019-01-26 17:31 - 2019-01-26 17:31 - 000000000 ____D C:\Users\williams\AppData\Local\MicrosoftEdge
2019-01-26 17:17 - 2019-01-26 17:17 - 000000000 ____D C:\Users\williams\AppData\Local\NetworkTiles
2019-01-26 16:06 - 2019-01-26 16:06 - 023894288 _____ (Tuxler.com ) C:\Users\williams\Downloads\TuxlerFreeResidentialVPNSetup.exe
2019-01-26 15:33 - 2019-01-24 08:27 - 000233654 _____ C:\Users\williams\Desktop\instructivo_traslados2019.pdf
2019-01-26 14:53 - 2019-01-26 14:55 - 000000000 ____D C:\Users\williams\Downloads\FirefoxPortable
2019-01-26 14:48 - 2019-01-26 14:48 - 000000000 ____D C:\ProgramData\ESET
2019-01-26 14:48 - 2019-01-26 14:48 - 000000000 ____D C:\Program Files\ESET
2019-01-26 14:45 - 2019-01-26 14:48 - 093309368 _____ (PortableApps.com) C:\Users\williams\Downloads\FirefoxPortable_64.0.2_English.paf.exe
2019-01-26 14:44 - 2019-02-03 08:30 - 000000000 ____D C:\Users\williams\Desktop\Nueva carpeta
2019-01-26 14:35 - 2019-01-26 14:35 - 005455480 _____ (ESET) C:\Users\williams\Downloads\eset_nod32_antivirus_live_installer.exe
2019-01-26 13:58 - 2019-01-26 13:58 - 000000000 ____D C:\Users\williams\AppData\Local\PeerDistRepub
2019-01-26 11:03 - 2019-01-26 17:50 - 000002451 _____ C:\Users\williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-26 11:03 - 2019-01-26 17:50 - 000000000 ___RD C:\Users\williams\OneDrive
2019-01-26 11:00 - 2019-01-26 11:00 - 000000000 ____D C:\Users\williams\OpenVPN
2019-01-26 10:57 - 2019-01-26 10:57 - 000000000 ____D C:\Users\williams\AppData\Local\Publishers
2019-01-26 10:56 - 2019-01-28 20:01 - 000000000 ____D C:\Users\williams\AppData\Local\Google
2019-01-26 10:55 - 2019-01-26 10:55 - 000000000 ____D C:\Users\williams\AppData\Roaming\Adobe
2019-01-26 10:54 - 2019-01-26 11:17 - 000000000 ____D C:\Users\williams\AppData\Local\Packages
2019-01-26 10:54 - 2019-01-26 10:54 - 000000706 __RSH C:\Users\williams\ntuser.pol
2019-01-26 10:54 - 2019-01-26 10:54 - 000000020 ___SH C:\Users\williams\ntuser.ini
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 _SHDL C:\Users\williams\Reciente
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 _SHDL C:\Users\williams\Plantillas
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 _SHDL C:\Users\williams\Mis documentos
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 _SHDL C:\Users\williams\Menú Inicio
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 _SHDL C:\Users\williams\Impresoras
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 _SHDL C:\Users\williams\Entorno de red
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 _SHDL C:\Users\williams\Documents\Mis vídeos
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 _SHDL C:\Users\williams\Documents\Mis imágenes
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 _SHDL C:\Users\williams\Documents\Mi música
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 _SHDL C:\Users\williams\Datos de programa
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 _SHDL C:\Users\williams\Configuración local
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 _SHDL C:\Users\williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 _SHDL C:\Users\williams\AppData\Local\Historial
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 _SHDL C:\Users\williams\AppData\Local\Datos de programa
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 _SHDL C:\Users\williams\AppData\Local\Archivos temporales de Internet
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 ____D C:\Users\williams\AppData\Local\VirtualStore
2019-01-26 10:54 - 2019-01-26 10:54 - 000000000 ____D C:\Users\williams\AppData\Local\TileDataLayer
2019-01-26 10:53 - 2019-02-07 07:55 - 000000000 ____D C:\Users\williams
2019-01-26 10:53 - 2019-01-26 10:53 - 000016148 _____ C:\Windows\system32\DESKTOP-RQ8C1Q6_guillermo7_HistoryPrediction.bin
2019-01-26 10:49 - 2019-01-26 10:49 - 000004190 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7078CD6F-F885-403F-832F-1402C24886C3}
2019-01-26 10:09 - 2019-01-26 10:09 - 000016148 _____ C:\Windows\system32\DESKTOP-RQ8C1Q6_Guillermo77_HistoryPrediction.bin
2019-01-25 18:57 - 2019-01-25 19:05 - 000000000 ___HD C:\$WINDOWS.~BT
2019-01-11 21:55 - 2019-01-11 21:55 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-07 07:56 - 2015-07-10 08:21 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-07 07:55 - 2018-04-03 04:09 - 000000000 ____D C:\Users\guillermo\AppData\Roaming\IObit
2019-02-07 07:55 - 2015-07-10 05:05 - 001310720 ___SH C:\Windows\system32\config\BBI
2019-02-07 07:27 - 2015-07-10 07:04 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-02-05 19:12 - 2016-09-10 22:28 - 000004126 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-05 19:12 - 2015-07-10 12:26 - 015528414 _____ C:\Windows\system32\perfh00A.dat
2019-02-05 19:12 - 2015-07-10 12:26 - 004843380 _____ C:\Windows\system32\perfc00A.dat
2019-02-03 15:45 - 2015-07-10 07:02 - 000000000 ____D C:\Windows\INF
2019-02-01 19:48 - 2017-10-27 16:32 - 000000000 ____D C:\Windows\Minidump
2019-02-01 18:28 - 2018-02-16 11:27 - 000000000 ____D C:\Windows10Upgrade
2019-02-01 18:01 - 2018-02-24 17:45 - 000000813 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2019-01-30 07:38 - 2018-03-11 10:44 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-01-28 20:01 - 2016-09-10 20:04 - 000000000 ____D C:\Program Files (x86)\Google
2019-01-28 19:49 - 2018-05-06 16:07 - 000000000 ____D C:\Program Files\Opera
2019-01-26 12:01 - 2018-12-28 13:41 - 000000000 ____D C:\Program Files\Google
2019-01-26 11:21 - 2015-07-10 07:04 - 000000000 ____D C:\Windows\AppReadiness
2019-01-26 10:55 - 2016-09-10 22:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-01-25 19:08 - 2017-12-10 10:25 - 000001890 _____ C:\Windows\diagwrn.xml
2019-01-25 19:08 - 2017-12-10 10:25 - 000001890 _____ C:\Windows\diagerr.xml
2019-01-25 18:39 - 2016-09-10 16:46 - 000000000 ____D C:\Windows\Panther
2019-01-25 18:36 - 2018-01-18 21:47 - 000000036 _____ C:\Windows\progress.ini
2019-01-25 18:16 - 2016-10-29 13:21 - 000000000 ___HD C:\$GetCurrent
2019-01-25 09:03 - 2018-12-26 21:33 - 000004228 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6A538E88-3358-444F-B068-FC3EBF81F1CE}
2019-01-24 23:51 - 2017-10-31 12:24 - 000000000 ____D C:\Program Files\Recuva
2019-01-24 21:39 - 2018-12-27 11:50 - 000002852 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1876417699-332647224-591295117-1007

Some files in TEMP:
====================
2018-03-13 09:13 - 2018-02-22 05:48 - 000976416 _____ (BlueStack Systems, Inc.) C:\Users\Paul Joachimi\AppData\Local\Temp\BlueStacksClientUninstaller.exe
2018-03-13 09:13 - 2018-02-22 05:48 - 000421368 _____ (CodeTitans) C:\Users\Paul Joachimi\AppData\Local\Temp\JSON.dll
2018-03-13 12:41 - 2018-03-13 12:41 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180313164107214.dll
2018-03-13 12:41 - 2018-03-13 12:41 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180313164108315.dll
2018-03-14 12:38 - 2018-03-14 12:38 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180314163801715.dll
2018-03-14 12:38 - 2018-03-14 12:38 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180314163802201.dll
2018-03-14 23:35 - 2018-03-14 23:35 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315033553808.dll
2018-03-14 23:35 - 2018-03-14 23:35 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315033554006.dll
2018-03-14 23:37 - 2018-03-14 23:37 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315033704093.dll
2018-03-14 23:37 - 2018-03-14 23:37 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315033704165.dll
2018-03-14 23:37 - 2018-03-14 23:37 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315033725158.dll
2018-03-14 23:37 - 2018-03-14 23:37 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315033725245.dll
2018-03-14 23:37 - 2018-03-14 23:38 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315033759586.dll
2018-03-14 23:38 - 2018-03-14 23:38 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315033800706.dll
2018-03-15 16:55 - 2018-03-15 16:55 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315205557730.dll
2018-03-15 16:55 - 2018-03-15 16:55 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315205557824.dll
2018-03-15 16:56 - 2018-03-15 16:56 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315205654597.dll
2018-03-15 16:56 - 2018-03-15 16:56 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315205654686.dll
2018-03-15 16:58 - 2018-03-15 16:58 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315205840443.dll
2018-03-15 16:58 - 2018-03-15 16:58 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315205840504.dll
2018-03-15 16:58 - 2018-03-15 16:58 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315205854534.dll
2018-03-15 16:58 - 2018-03-15 16:58 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315205854625.dll
2018-03-15 18:50 - 2018-03-15 18:50 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315225040315.dll
2018-03-15 18:50 - 2018-03-15 18:50 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315225040462.dll
2018-03-15 18:52 - 2018-03-15 18:52 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315225201549.dll
2018-03-15 18:52 - 2018-03-15 18:52 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315225201668.dll
2018-03-15 19:23 - 2018-03-15 19:23 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315232301371.dll
2018-03-15 19:23 - 2018-03-15 19:23 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315232301453.dll
2018-03-15 19:23 - 2018-03-15 19:23 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315232327304.dll
2018-03-15 19:23 - 2018-03-15 19:23 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180315232327585.dll
2018-03-15 23:26 - 2018-03-15 23:26 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180316032619084.dll
2018-03-15 23:26 - 2018-03-15 23:26 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180316032619227.dll
2018-03-15 23:27 - 2018-03-15 23:27 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180316032749387.dll
2018-03-15 23:27 - 2018-03-15 23:27 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180316032749495.dll
2018-03-16 04:50 - 2018-03-16 04:50 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180316085045677.dll
2018-03-16 04:50 - 2018-03-16 04:50 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180316085045816.dll
2018-03-16 04:51 - 2018-03-16 04:51 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180316085143301.dll
2018-03-16 04:51 - 2018-03-16 04:51 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180316085143404.dll
2018-04-01 17:44 - 2018-04-01 17:44 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180401214406103.dll
2018-04-01 17:44 - 2018-04-01 17:44 - 002153984 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180401214406306.dll
2018-04-01 18:18 - 2018-04-01 18:18 - 002183680 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180401221803035.dll
2018-04-01 18:18 - 2018-04-01 18:18 - 002183680 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180401221803167.dll
2018-04-01 19:04 - 2018-04-01 19:04 - 002183680 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180401230423834.dll
2018-04-01 19:04 - 2018-04-01 19:04 - 002183680 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180401230424115.dll
2018-04-02 05:52 - 2018-04-02 05:52 - 002183680 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180402095200308.dll
2018-04-02 05:52 - 2018-04-02 05:52 - 002183680 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180402095200495.dll
2018-04-02 06:19 - 2018-04-02 06:19 - 002183680 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180402101919061.dll
2018-04-02 06:19 - 2018-04-02 06:19 - 002183680 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180402101919138.dll
2018-04-08 14:40 - 2018-04-08 14:40 - 002183680 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180408184022335.dll
2018-04-08 14:40 - 2018-04-08 14:40 - 002183680 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180408184022678.dll
2018-04-08 14:41 - 2018-04-08 14:41 - 002183680 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180408184140595.dll
2018-04-08 14:41 - 2018-04-08 14:41 - 002183680 _____ (Opera Software) C:\Users\Paul Joachimi\AppData\Local\Temp\Opera_installer_180408184140996.dll
2018-03-13 22:08 - 2018-03-13 22:21 - 000492544 _____ () C:\Users\Paul Joachimi\AppData\Local\Temp\s3.exe
2018-03-15 11:32 - 2018-04-08 22:20 - 006612768 _____ (Microsoft Corporation) C:\Users\Paul Joachimi\AppData\Local\Temp\Windows10Upgrade.exe
2019-02-06 20:05 - 2019-02-06 19:51 - 064309056 _____ (Malwarebytes                                                ) C:\Users\williams\AppData\Local\Temp\mb3-setup-35891.35891-3.7.1.2839-1.0.538-1.0.9074.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-05 10:08

==================== End of FRST.txt ============================

#10

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 6.02.2019
Ran by williams (07-02-2019 08:18:49)
Running from C:\Users\williams\Desktop
Windows 10 Pro 10240.17319 (X64) (2016-09-11 02:26:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1876417699-332647224-591295117-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1876417699-332647224-591295117-503 - Limited - Disabled)
guillermo (S-1-5-21-1876417699-332647224-591295117-1002 - Administrator - Enabled) => C:\Users\guillermo
Invitado (S-1-5-21-1876417699-332647224-591295117-501 - Limited - Disabled)
Usuario por definir (S-1-5-21-1876417699-332647224-591295117-1001 - Administrator - Enabled) => C:\Users\Paul Joachimi
williams (S-1-5-21-1876417699-332647224-591295117-1008 - Administrator - Enabled) => C:\Users\williams

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Asistente para actualización a Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blur Repack (HKLM-x32\...\Blur Repack) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
Driver Booster 6 (HKLM-x32\...\Driver Booster_is1) (Version: 6.0.2 - IObit)
ESET Security (HKLM\...\{F1544F11-BFCC-43CC-9D0C-169A7E99369E}) (Version: 12.0.31.0 - ESET, spol. s r.o.)
Far Cry 3 version 0.0.0 (HKLM-x32\...\Far Cry 3_is1) (Version: 0.0.0 - Ubisoft)
FoxyProxy VPN Utility (HKLM-x32\...\{ED0AA855-3250-47F9-AF04-251325649D2C}) (Version: 1.0.0 - FoxyProxy)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
iLook 300 (HKLM-x32\...\{B5538179-2EA1-42E3-A760-4892C4C823B4}) (Version: 1.0.0.21 - KYE)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.20.110.1 - Intel Security)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM-x32\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM-x32\...\jdownloader2-2) (Version: 2.0 - AppWork GmbH)
KOPLAYER Pro version: 1.4.1055 (HKLM\...\KOPLAYER_is1) (Version:  - KOPLAYER Team)
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
MEmu (HKLM-x32\...\MEmu) (Version: 5.2.5.0 - Microvirt Software Technology Co. Ltd)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1876417699-332647224-591295117-1008\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.27.01.03 - Huawei Technologies Co.,Ltd)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{74BBCD30-EB17-4909-B59F-65E0DD2B7E95}) (Version: 4.12.9782 - Apache Software Foundation)
OpenVPN 2.4.6-I602  (HKLM\...\OpenVPN) (Version: 2.4.6-I602 - OpenVPN Technologies, Inc.)
Opera Stable 58.0.3135.53 (HKU\S-1-5-21-1876417699-332647224-591295117-1008\...\Opera 58.0.3135.53) (Version: 58.0.3135.53 - Opera Software)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.8.4.0 - OpenVPN Technologies)
Proxifier version 3.31 (HKLM-x32\...\Proxifier_is1) (Version: 3.31 - Initex)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8416 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
SafeIP (HKLM-x32\...\SAFEIP_is1) (Version:  - SafeIP)
Skype versión 8.34 (HKLM-x32\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.)
Sublime Text Build 3126 (HKLM-x32\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
TL-WN725N_WN723N Controlador (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
Tuxler Free Residential VPN (HKLM-x32\...\Tuxler Free Residential VPN_is1) (Version: 2.1.0.6 - Tuxler.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{F35DD4F5-1F85-43CD-AC7A-FE54CA7EABA2}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
USB Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10253 - Bison Electronics INC.)
Utilidad de configuración inalámbrica de TP-LINK (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 18 - Windscribe Limited)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Paul Joachimi\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Paul Joachimi\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Paul Joachimi\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Paul Joachimi\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Paul Joachimi\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Paul Joachimi\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Paul Joachimi\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Paul Joachimi\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Paul Joachimi\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Paul Joachimi\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-11-29] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04C47B0E-D92F-425C-8C08-70092A512313} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-24] (Google Inc -> Google Inc.)
Task: {15D5D4A0-3351-49A0-8F46-3FC909038BE8} - System32\Tasks\Opera scheduled Autoupdate 1540468694 => C:\Users\guillermo\AppData\Local\Programs\Opera\launcher.exe [2018-11-26] (Opera Software AS -> Opera Software)
Task: {231299A4-631F-408E-B347-4DFAB483FEE9} - System32\Tasks\Opera scheduled Autoupdate 1542977655 => C:\Users\guillermo\AppData\Local\Programs\Opera\launcher.exe [2018-11-26] (Opera Software AS -> Opera Software)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW
Task: {565281EF-A08B-4ED4-B419-76F9048F0ACB} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {5BE97455-DD24-43E9-85AD-19C2B2A33542} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {6C525F26-F1E2-42B3-9AD8-88F8B2FF1473} - System32\Tasks\{514343C8-1ACE-445D-8695-5B7A1F15E289} => C:\Windows\system32\pcalua.exe -a "C:\Users\Paul Joachimi\AppData\Local\{DB7EED22-FFD6-819A-924E-A472B62658EA}\uninst.exe" -c -P=/Uninstall /s /noun /DelSelfDir
Task: {6D7B4732-543E-41E6-920C-269000F9BFDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-24] (Google Inc -> Google Inc.)
Task: {7607EC8D-8D60-4C07-935D-E7894C662A35} - System32\Tasks\Opera scheduled Autoupdate 1548868188 => C:\Users\williams\AppData\Local\Programs\Opera\launcher.exe [2019-01-30] (Opera Software AS -> Opera Software)
Task: {761E06ED-D625-4B2A-A42C-0ACF29C442A0} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
Task: {7979E7D1-09A0-4D9B-BE83-B7CE39C55EB6} - System32\Tasks\Opera scheduled Autoupdate 1540422976 => C:\Users\guillermo\AppData\Local\Programs\Opera\launcher.exe [2018-11-26] (Opera Software AS -> Opera Software)
Task: {87390613-0F43-484D-BA39-C873ECE56959} - System32\Tasks\Opera scheduled Autoupdate 1524443049 => C:\Users\guillermo\AppData\Local\Programs\Opera\launcher.exe [2018-11-26] (Opera Software AS -> Opera Software)
Task: {9BED7555-1311-4A83-B119-F696CF8FEFE7} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [2018-06-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {A6D3B24C-57A4-4C8F-82AF-16B09F01154F} - System32\Tasks\Avast SecureLine Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [2018-06-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {EDF35569-CA1E-401E-BEF8-66BAE16A4948} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-01-10] (Piriform Software Ltd -> Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-10-29 16:04 - 2015-07-14 22:04 - 000032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2018-07-27 20:19 - 2016-11-22 21:38 - 000105128 _____ () C:\Windows\system32\PrxerNsp.dll
2017-10-05 20:03 - 2015-09-22 22:24 - 000242264 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2017-08-14 17:43 - 2017-08-14 17:43 - 000900840 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
2017-03-25 22:19 - 2017-03-04 03:50 - 002495768 _____ () C:\Windows\system32\CoreUIComponents.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-10-29 16:07 - 2015-09-17 01:48 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:9C9B6E8F [286]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeIPS => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-06-01 18:52 - 2018-06-01 18:52 - 000003302 _____ C:\Windows\system32\drivers\etc\hosts

0.0.0.0 vortex.data.microsoft.com 
0.0.0.0 vortex-win.data.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net 
0.0.0.0 oca.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net 
0.0.0.0 watson.telemetry.microsoft.com 
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net 
0.0.0.0 redir.metaservices.microsoft.com 
0.0.0.0 choice.microsoft.com 
0.0.0.0 choice.microsoft.com.nsatc.net 
0.0.0.0 wes.df.telemetry.microsoft.com 
0.0.0.0 services.wes.df.telemetry.microsoft.com 
0.0.0.0 sqm.df.telemetry.microsoft.com 
0.0.0.0 telemetry.microsoft.com 
0.0.0.0 watson.ppe.telemetry.microsoft.com 
0.0.0.0 telemetry.appex.bing.net 
0.0.0.0 telemetry.urs.microsoft.com 
0.0.0.0 telemetry.appex.bing.net:443 
0.0.0.0 settings-sandbox.data.microsoft.com 
0.0.0.0 survey.watson.microsoft.com 
0.0.0.0 watson.live.com 
0.0.0.0 watson.microsoft.com 
0.0.0.0 statsfe2.ws.microsoft.com 
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com 
0.0.0.0 compatexchange.cloudapp.net 
0.0.0.0 a-0001.a-msedge.net 
0.0.0.0 statsfe2.update.microsoft.com.akadns.net 
0.0.0.0 sls.update.microsoft.com.akadns.net 

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-1876417699-332647224-591295117-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\williams\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{a5f2749f-dd4c-4775-8deb-cd08363270b9}.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Utilidad de configuración inalámbrica de TP-LINK.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\StartupFolder: => "avast! SecureLine.lnk"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
HKU\S-1-5-21-1876417699-332647224-591295117-1008\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1876417699-332647224-591295117-1008\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1876417699-332647224-591295117-1008\...\StartupApproved\Run: => "OPENVPN-GUI"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A11F7B57-EC34-4AD8-B650-12F4F9425918}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{A937000A-8638-4C1F-8DFF-584CEE76F8D9}C:\program files (x86)\victorval\blur repack\blur.exe] => (Allow) C:\program files (x86)\victorval\blur repack\blur.exe ()
FirewallRules: [UDP Query User{3CB3167E-CC83-456F-B026-C57D3A24574E}C:\program files (x86)\victorval\blur repack\blur.exe] => (Allow) C:\program files (x86)\victorval\blur repack\blur.exe ()
FirewallRules: [{ED063DE4-CB7A-4920-94B1-003599E633F0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{9A440BE4-57D9-48DE-A3C3-5084BA6BB70C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{04A296C2-FFA5-435C-97E9-6416B9F4F4E8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{F89810AA-EA27-4E07-A571-F2A8AA890542}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{35FE143F-AA23-474C-9764-33A8E3162B57}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\DriverBooster.exe (IObit Information Technology -> IObit)
FirewallRules: [{DE227E89-DFE7-420F-909D-F7E1C9A9AE02}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\DriverBooster.exe (IObit Information Technology -> IObit)
FirewallRules: [{D0BF3774-6CFF-4F01-863D-60521FA961ED}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{60DDCF48-33D6-40AB-B8CC-6B45AE23689D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [TCP Query User{CCD6C256-B7C9-4697-AC9C-565E65A649B6}C:\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) C:\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{5EA81BEE-7838-4CD2-9243-49A3181B2572}C:\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) C:\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [{1D59CAA6-5C46-4752-961D-3D1ED972C110}] => (Allow) C:\Program Files (x86)\Tuxler Free Residential VPN\TuxlerFreeResidentialVPN.exe (Tuxler Privacy Technologies, Inc.)
FirewallRules: [{AB17946A-FDDF-4542-A489-7D80A5F5E093}] => (Allow) C:\Program Files (x86)\Tuxler Free Residential VPN\TuxlerAppWatcher.exe (Tuxler Privacy Technologies, Inc.)
FirewallRules: [TCP Query User{86206058-58B2-4318-A471-C14B769EC4F6}C:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) C:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{0130F762-2AA8-40A6-ABB4-D2D1BEBC9212}C:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) C:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [{95529AA2-85D2-41B2-A1A9-9085FDF50FA4}] => (Block) C:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [{6DFB8CE1-CB5B-494C-95E6-FE7DE05126A5}] => (Block) C:\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe (Riot Games, Inc. -> )
FirewallRules: [{3AAFAA0D-6904-4B99-9E82-BC66EBED55C3}] => (Allow) C:\KOPLAYER\KOPLAYER.exe (福州市鼓楼区天奇矩阵软件有限公司 -> Kaopu Co., Ltd.)
FirewallRules: [{26E1E7C3-EF3C-4042-8B6F-14FB1A07250E}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe (Fuzhou kaopu Network Co.,Ltd -> Oracle Corporation)
FirewallRules: [{B493DEA8-4CDA-49A4-95EE-8A49AEEE9C6D}] => (Allow) C:\KOPLAYER\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{9AF261B8-8B7C-4C79-8F05-6B305D4E7E2A}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe (Fuzhou kaopu Network Co.,Ltd -> Oracle Corporation)
FirewallRules: [{21B8FE8D-0560-4BFB-9832-9BDA55C79EEA}] => (Allow) C:\KOPLAYER\KOPLAYER.exe (福州市鼓楼区天奇矩阵软件有限公司 -> Kaopu Co., Ltd.)
FirewallRules: [{78538927-9CB6-4129-BD17-2BB0B18B04FD}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe (Fuzhou kaopu Network Co.,Ltd -> Oracle Corporation)
FirewallRules: [{D6A06F2E-A32D-4A4B-9C02-8A0891027A44}] => (Allow) C:\KOPLAYER\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{926F5D06-2BD1-4FF3-A641-D8FB717088B0}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe (Fuzhou kaopu Network Co.,Ltd -> Oracle Corporation)
FirewallRules: [{23F6A314-D6AE-4B77-ACB7-655959AA9F85}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe (Fuzhou kaopu Network Co.,Ltd -> Oracle Corporation)
FirewallRules: [{BE49ACD4-1FB1-49E5-9A59-08B359CDB735}] => (Allow) C:\KOPLAYER\KOPLAYER.exe (福州市鼓楼区天奇矩阵软件有限公司 -> Kaopu Co., Ltd.)
FirewallRules: [{546B0772-B590-42F1-9BB6-268ED169B6CD}] => (Allow) C:\KOPLAYER\vbox\VBoxManage.exe (Fuzhou kaopu Network Co.,Ltd -> Oracle Corporation)
FirewallRules: [{B9976EB3-74B0-47ED-ABD5-7D0D6DA43257}] => (Allow) C:\KOPLAYER\KOPLAYER.exe (福州市鼓楼区天奇矩阵软件有限公司 -> Kaopu Co., Ltd.)
FirewallRules: [{68BCEC31-B0D4-456F-8498-2B6C53817356}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe (Fuzhou kaopu Network Co.,Ltd -> Oracle Corporation)
FirewallRules: [{F58FC0C7-8974-41DC-8F41-CD635F2EE2A9}] => (Allow) C:\KOPLAYER\vbox\VBoxHeadless.exe (Fuzhou kaopu Network Co.,Ltd -> Oracle Corporation)
FirewallRules: [{54432A8B-47E9-414E-AB15-39BDB41E49F1}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2C78387E-4A05-4928-8988-FA3C0D291BC5}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{6454FA70-A7D3-45B6-B1BA-E9812E7F6953}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Block) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{B25E1651-4CD4-4C32-B462-A01987F49A11}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Block) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{44918AB0-F50C-4933-A868-6C9FA45A0ABC}] => (Allow) C:\Program Files (x86)\Tuxler Free Residential VPN\TuxlerFreeResidentialVPN.exe (Tuxler Privacy Technologies, Inc.)
FirewallRules: [{424FAB1E-6D1D-4DCE-825B-77855E08B16D}] => (Allow) C:\Program Files (x86)\Tuxler Free Residential VPN\TuxlerAppWatcher.exe (Tuxler Privacy Technologies, Inc.)
FirewallRules: [{4C92D81A-6F05-4A87-A43D-217E9E8995E9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{D2266A5A-9BD1-4BAC-B930-A99B06D1D25B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Ltd)
FirewallRules: [{165AA063-84F2-4DCA-81CE-D8023B7BBCD7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Ltd)

==================== Restore Points =========================

17-01-2019 15:06:51 Punto de control programado
26-01-2019 08:22:30 Punto de control programado
04-02-2019 12:58:57 Punto de control programado
07-02-2019 08:06:16 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: VPN Client Adapter - VPN
Description: VPN Client Adapter - VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SoftEther Corporation
Service: Neo_VPN
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GbE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Wi-Fi Direct Virtual Adapter
Description: Adaptador virtual directo Wi-Fi de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2019 08:06:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

System Error:
Acceso denegado.
.

Error: (02/07/2019 08:04:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: VpnUpdate.exe, versión: 2.0.388.0, marca de tiempo: 0x5b2782ed
Nombre del módulo con errores: VpnUpdate.exe, versión: 2.0.388.0, marca de tiempo: 0x5b2782ed
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x000ce801
Identificador del proceso con errores: 0x106c
Hora de inicio de la aplicación con errores: 0x01d4bedd4145e4a6
Ruta de acceso de la aplicación con errores: C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe
Ruta de acceso del módulo con errores: C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe
Identificador del informe: 24e33bf0-4b1f-4c72-ae64-c2d088dcac14
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (02/07/2019 08:02:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-RQ8C1Q6)
Description: No se pudo activar la aplicación Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI debido al error: -2147023170. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (02/07/2019 08:02:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa SearchUI.exe, versión 10.0.10240.17202, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 25c

Hora de inicio: 01d4bedcfc738262

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Identificador de informe: 458bd94c-2ad0-11e9-a3bf-02009c9d99fa

Nombre completo de paquete con errores: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy

Identificador de aplicación relativa del paquete con errores: CortanaUI

Error: (02/07/2019 08:02:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: DESKTOP-RQ8C1Q6)
Description: La aplicación Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI no se inició dentro del tiempo asignado.

Error: (02/07/2019 07:59:36 AM) (Source: openvpnserv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/07/2019 07:37:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-RQ8C1Q6)
Description: No se pudo activar la aplicación Microsoft.Windows.Photos_8wekyb3d8bbwe!App debido al error: -2144927142. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (02/07/2019 07:37:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa Microsoft.Photos.exe, versión 1.0.1611.18000, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 120c

Hora de inicio: 01d4bed8ea689fed

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Identificador de informe: c8044908-2acc-11e9-a3be-02009c9d99fa

Nombre completo de paquete con errores: Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe

Identificador de aplicación relativa del paquete con errores: App


System errors:
=============
Error: (02/07/2019 08:02:33 AM) (Source: disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.

Error: (02/07/2019 08:01:53 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: El servidor {A1A7A4F2-47B9-4A1E-82B2-07CCD5323C3F} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (02/07/2019 07:59:45 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: El servicio OpenVPN Agent no respondió después de iniciar.

Error: (02/07/2019 07:59:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio OpenVPN Interactive Service se cerró con el siguiente error: 
El sistema no puede encontrar el archivo especificado.

Error: (02/07/2019 07:59:36 AM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: El servicio de inicio de sesión del evento detectó un error (res=23) al inicializar recursos de registro para el canal Microsoft-Windows-SmbClient/Connectivity.

Error: (02/07/2019 07:59:36 AM) (Source: disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.

Error: (02/07/2019 07:59:31 AM) (Source: disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.

Error: (02/07/2019 07:59:27 AM) (Source: disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.


Windows Defender:
===================================
Date: 2017-12-10 06:21:00.659
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {D6D1FFE5-168B-4A86-B12D-EFA4FBC6FAAE}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2017-12-09 18:01:16.463
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {910E06FE-E69A-49C6-9D72-8DEEADD598E1}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2017-12-09 17:53:49.284
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {254687C5-3054-460E-96AC-9FE73A9784FE}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2017-12-08 22:40:35.107
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {C148ABA1-A0DB-4F99-8949-3EBEBD4F2D76}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2017-12-08 17:42:14.640
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {851C003D-1F2C-49E1-87AD-11420926222D}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2017-12-10 05:02:25.689
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.259.104.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.14405.2
Código de error: 0x80070422
Descripción del error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él. 

Date: 2017-12-09 00:49:15.703
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.257.1469.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.14306.0
Código de error: 0x80240025
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2017-12-08 22:04:44.964
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 118.2.0.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: Sistema de inspección de red
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 2.1.14202.0
Código de error: 0x80072efd
Descripción del error: No se pudo establecer conexión con el servidor 

Date: 2017-12-08 22:04:42.859
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.257.1469.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiSpyware
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.14306.0
Código de error: 0x80072efe
Descripción del error: La conexión con el servidor finalizó anormalmente 

Date: 2017-12-08 22:04:42.858
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.257.1469.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.14306.0
Código de error: 0x80072efe
Descripción del error: La conexión con el servidor finalizó anormalmente 

CodeIntegrity:
===================================

Date: 2019-02-07 08:18:23.225
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\PrxerNsp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-07 08:18:23.167
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\PrxerNsp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-07 08:16:30.344
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\PrxerNsp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-07 08:16:30.260
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\PrxerNsp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-07 08:16:30.184
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\PrxerNsp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-07 08:16:30.120
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\PrxerNsp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-07 08:16:12.876
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\PrxerNsp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-02-07 08:16:12.833
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\PrxerNsp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 71%
Total physical RAM: 1888.5 MB
Available physical RAM: 533.08 MB
Total Virtual: 2848.5 MB
Available Virtual: 1653.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:295.75 GB) (Free:100.52 GB) NTFS

\\?\Volume{000edce7-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 000EDCE7)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=295.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1.8 GB) - (Type=05)

==================== End of Addition.txt ============================

#11

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW
Task: {6C525F26-F1E2-42B3-9AD8-88F8B2FF1473} - System32\Tasks\{514343C8-1ACE-445D-8695-5B7A1F15E289} => C:\Windows\system32\pcalua.exe -a "C:\Users\Paul Joachimi\AppData\Local\{DB7EED22-FFD6-819A-924E-A472B62658EA}\uninst.exe" -c -P=/Uninstall /s /noun /DelSelfDir
Task: {9BED7555-1311-4A83-B119-F696CF8FEFE7} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [2018-06-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {A6D3B24C-57A4-4C8F-82AF-16B09F01154F} - System32\Tasks\Avast SecureLine Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [2018-06-25] (AVAST Software s.r.o. -> AVAST Software)
AlternateDataStreams: C:\ProgramData\TEMP:9C9B6E8F [286]
ShortcutTarget: MEGAsync.lnk -> C:\Users\williams\AppData\Local\MEGAsync\MEGAsync.exe (No File)
GroupPolicy\User: Restriction ? <==== ATTENTION
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 huawei_wwanecm; \SystemRoot\System32\drivers\ew_juwwanecm.sys [X]
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
ShortcutTarget: MEGAsync.lnk -> C:\Users\williams\AppData\Local\MEGAsync\MEGAsync.exe (No File)
GroupPolicy\User: Restriction ? <==== ATTENTION
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 huawei_wwanecm; \SystemRoot\System32\drivers\ew_juwwanecm.sys [X]
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2019-02-06 20:05 - 2019-02-06 19:51 - 064309056 _____ (Malwarebytes ) C:\Users\williams\AppData\Local\Temp\mb3-setup-35891.35891-3.7.1.2839-1.0.538-1.0.9074.exe
C:\Users\Paul Joachimi\AppData\Local\Temp\*.*
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) :arrow_forward: ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.


#12

Buenos dias disculpe la demora me costo entrar al modo seguro

Fix result of Farbar Recovery Scan Tool (x64) Version: 6.02.2019
Ran by williams (08-02-2019 07:09:55) Run:5
Running from C:\Users\williams\Desktop
Loaded Profiles: williams (Available Profiles: Usuario por definir & guillermo & williams)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW
Task: {6C525F26-F1E2-42B3-9AD8-88F8B2FF1473} - System32\Tasks\{514343C8-1ACE-445D-8695-5B7A1F15E289} => C:\Windows\system32\pcalua.exe -a "C:\Users\Paul Joachimi\AppData\Local\{DB7EED22-FFD6-819A-924E-A472B62658EA}\uninst.exe" -c -P=/Uninstall /s /noun /DelSelfDir
Task: {9BED7555-1311-4A83-B119-F696CF8FEFE7} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [2018-06-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {A6D3B24C-57A4-4C8F-82AF-16B09F01154F} - System32\Tasks\Avast SecureLine Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [2018-06-25] (AVAST Software s.r.o. -> AVAST Software)
AlternateDataStreams: C:\ProgramData\TEMP:9C9B6E8F [286]
ShortcutTarget: MEGAsync.lnk -> C:\Users\williams\AppData\Local\MEGAsync\MEGAsync.exe (No File)
GroupPolicy\User: Restriction ? <==== ATTENTION
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 huawei_wwanecm; \SystemRoot\System32\drivers\ew_juwwanecm.sys [X]
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
ShortcutTarget: MEGAsync.lnk -> C:\Users\williams\AppData\Local\MEGAsync\MEGAsync.exe (No File)
GroupPolicy\User: Restriction ? <==== ATTENTION
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 huawei_wwanecm; \SystemRoot\System32\drivers\ew_juwwanecm.sys [X]
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2019-02-06 20:05 - 2019-02-06 19:51 - 064309056 _____ (Malwarebytes ) C:\Users\williams\AppData\Local\Temp\mb3-setup-35891.35891-3.7.1.2839-1.0.538-1.0.9074.exe
C:\Users\Paul Joachimi\AppData\Local\Temp\*.*
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F6E048D-6404-433B-8F5F-CFF4D89BF89E}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C525F26-F1E2-42B3-9AD8-88F8B2FF1473}" => not found
"C:\Windows\System32\Tasks\{514343C8-1ACE-445D-8695-5B7A1F15E289}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{514343C8-1ACE-445D-8695-5B7A1F15E289}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BED7555-1311-4A83-B119-F696CF8FEFE7}" => not found
"C:\Windows\System32\Tasks\avast! SL Update" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! SL Update" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6D3B24C-57A4-4C8F-82AF-16B09F01154F}" => not found
"C:\Windows\System32\Tasks\Avast SecureLine Update" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast SecureLine Update" => not found
"C:\ProgramData\TEMP" => ":9C9B6E8F" ADS not found.
"C:\Users\williams\AppData\Local\MEGAsync\MEGAsync.exe" => not found
"C:\Windows\system32\GroupPolicy\User" => not found
ew_hwusbdev => service not found.
ew_usbenumfilter => service not found.
huawei_cdcacm => service not found.
huawei_enumerator => service not found.
huawei_ext_ctrl => service not found.
huawei_wwanecm => service not found.
rtsuvc => service not found.
wfpcapture => service not found.
"C:\Users\williams\AppData\Local\MEGAsync\MEGAsync.exe" => not found
"C:\Windows\system32\GroupPolicy\User" => not found
ew_hwusbdev => service not found.
ew_usbenumfilter => service not found.
huawei_cdcacm => service not found.
huawei_enumerator => service not found.
huawei_ext_ctrl => service not found.
huawei_wwanecm => service not found.
rtsuvc => service not found.
wfpcapture => service not found.
"C:\Users\williams\AppData\Local\Temp\mb3-setup-35891.35891-3.7.1.2839-1.0.538-1.0.9074.exe" => not found

=========== "C:\Users\Paul Joachimi\AppData\Local\Temp\*.*" ==========

not found

========= End -> "C:\Users\Paul Joachimi\AppData\Local\Temp\*.*" ========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1876417699-332647224-591295117-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1876417699-332647224-591295117-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007043c

========= End of CMD: =========


========= netsh advfirewall reset =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========


Error al intentar ponerse en contacto con el servicio Firewall de Windows. Aseg£rese de que el servicio se est  ejecutando e intente la solicitud de nuevo.


========= End of CMD: =========


========= netsh int ipv4 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11644229 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 99056 B
Edge => 0 B
Chrome => 19637118 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7504 B
NetworkService => 0 B
Paul Joachimi => 0 B
guillermo => 0 B
williams => 163966 B

RecycleBin => 0 B
EmptyTemp: => 30.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:10:48 ====

#13

Hola.

Faltaría que comentes como sigue tu equipo en relación al problema inicialmente planteando.??


#14

El proceso sigue activo, no se puede detener , usted cree que sea un proceso normal de windows u otra cosa ?


#15

Dinos que versión de windows 10 estas exactamente usando y que compilacion tienes.??


#16

Hola tengo esta version mira51730788_2004330753013605_5191228083348176896_n


#17

Hola.

Esa versión que tienes es la del primer lanzamiento de Windows 10, en el año 2015. :roll_eyes:

A que se debe :thinking: que sigas con esa versión tan antigua, tu equipo tenia una licencia de Windows 10 preinstalada.??


#18

Si tiene una licencia de las que vienen pegadas en la computadora


#19

Hola.

Te refieres a que tiene una pegatina o a que lleva licencia “embebida” en la BIOS. :thinking:

La licencia que según TU viene “pegada” era de windows 10 originalmente, esa .??

Y desde que ese equipo tiene W10 NO se han realizado las distintas actualizaciones :face_with_raised_eyebrow: de versiones semestrales de W10.??