Redireccionamiento, infección en Chrome


#1

Hola! Ya realicé todos los pasos de la “Guía de detección y eliminación de Malwares 2018”., las distintas herramientas fueron dando resultados positivos de infecciones, hice las limpiezas pero los problemas persisten. Podrían indicarme por favor que reportes incluir en los próximos mensajes para eliminar las infecciones detectadas? Muchas gracias!


#2

Hola

Pega los informes que tengas de las herramientas que usaste

Saludos


#4

Ok, a continuación los informes q encontré:

Informe InfoSpyware First Steps


*IFS (InfoSpyware First Steps) v 1.3
*www.InfoSpyware.com | www.ForoSpyware.com
*Iniciado: 01/11/2018 a las 16h.49m.25s

[B]~~~~~~~~~~~|  Información del Sistema:[/B]

OS: Microsoft Windows 7 Ultimate  x86 Service Pack 1
Idioma: Spanish (Spain, International Sort) (España|es-ES)
Permisos de Administrador / ON
Windows se Inició en   Modo Normal
Drive: C:\Windows (Install: \Device\HarddiskVolume2)

[B]~~~~~~~~~~~| Arquitectura Fisica:[/B]

CPU: System manufacturer
CPU Modelo: System Product Name
Procesador: AMD Athlon(tm) II X3 450 Processor (x64-BasedPC)
Memoria RAM: 2 Gb. En Uso: 89 %
Video: AMD 760G
Chip: ATI display adapter (0x9616) Capacidad video:256 MB (Internal DAC(400MHz))

[B]~~~~~~~~~~~| Unidades[/B]

C: [FIXED|NTFS|] - [465.6 Gb][343.8 Gb][121.9 Gb]
D: [CDROM]
[B]Se anuló el análisis de Fragmentación del Disco Duro [/B]

[B]~~~~~~~~~~~| Seguridad del SO[/B]

SafeBoot: Inicio en Modo seguro Correcto
Security Center: Correcto (Servicio Activo)
Windows Update: Correcto (Servicio Activo) [LST: 2018-11-01 19:27:03][LD: 2015-06-10 16:21:55][LI: 2015-06-11 04:07:18][NDT: 2018-11-02 13:57:24][LRP: 2018-11-01 19:41:38]
AV: Microsoft Security Essentials *Protección Residente [ON] / Actualizado*
SP: Microsoft Security Essentials *Protección Residente [ON] / Actualizado*
SP: Windows Defender *[COLOR=#FF0000][B]Protección Residente [OFF][/B][/COLOR] / Actualizado*
FW: Windows Firewall *Habilitado*

[B]~~~~~~~~~~~|  Update Check[/B]

Internet Explorer Versión Instalada 11
Adobe Flash Player Versión Instalada 31.0
Microsoft SilverLigth Versión instalada 5.1.40728.0

[B]~~~~~~~~~~~| Process List[/B] 

msseces.exe (Microsoft Security Essentials)
MsMpEng.exe (Windows Defender)
MBAMTray.exe (Malwarebytes Anti-Malware)
MBAMservice.exe (Malwarebytes Anti-Malware)

[B]~~~~~~~~~~~| Install Check[/B] 


CCleaner [5.47]
ESET Online Scanner v3 []

[B]~~~~~~~~~~~| Registry Check[/B]

HKLM\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
HKLM\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
HKCU\Run: [Spotify Web Helper] "C:\Users\Edu\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
HKCU\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe
HKCU\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
HKCU\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
HKCU\Run: [Shell] C:\Program Files\TP-Link\TP-Link TL-WN722N\WPS_TOOL_AUTO.vbs
Winlogon: Shell = explorer.exe
Winlogon: Userinit = explorer.exe

[HKCR\.\.open\command] -> No se pudo obtener la información. 

[B]~~~~~~~~~~~| PUPs Check[/B]


[B]~~~~~~~~~~~| Listado 7 Días (Predeterminado)[/B]

[01/11/2018 16:49] - C:\IFS.log

[B]~~~~~~~~~~~| C:\Windows\Tasks:[/B]

[04/07/2016 23:10] - C:\Windows\Tasks\{1CAFC29C-5156-52AA-AB11-34C3F46291D4}.job
[15/09/2016 00:37] - C:\Windows\Tasks\{2BE2692B-7E04-6371-E73B-2B4FC78186F2}.job

[B]~~~~~~~~~~~| End Report[/B]
*Finalizado 16:59:46
*Se limpiaron los archivos temporales
*[1599815] C:\Users\Edu\Downloads\IFS (1).exe
*Herramienta de Análisis e investigación 

Informe RKILL

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/01/2018 05:11:44 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * HOSTS file entries found: 

  ÿþ1 2 7 . 0 . 0 . 1               l o c a l h o s t 
 
   : : 1               l o c a l h o s t 
 
   
  0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
  0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
  0.0.0.0 media.opencandy.com
  0.0.0.0 cdn.opencandy.com
  0.0.0.0 tracking.opencandy.com
  0.0.0.0 api.opencandy.com
  0.0.0.0 api.recommendedsw.com
  0.0.0.0 rp.yefeneri2.com
  0.0.0.0 os.yefeneri2.com
  0.0.0.0 os2.yefeneri2.com
  0.0.0.0 installer.betterinstaller.com
  0.0.0.0 installer.filebulldog.com
  0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
  0.0.0.0 inno.bisrv.com
  0.0.0.0 nsis.bisrv.com
  0.0.0.0 cdn.file2desktop.com
  0.0.0.0 cdn.goateastcach.us

  20 out of 41 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 11/01/2018 05:14:11 PM
Execution time: 0 hours(s), 2 minute(s), and 26 seconds(s) 

Informe Mbam

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 1/11/18
Hora del análisis: 15:53
Archivo de registro: 69355c6d-de07-11e8-a63d-000000000000.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.463
Versión del paquete de actualización: 1.0.7509
Licencia: Prueba

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: System

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Programador de tareas
Resultado: Completado
Objetos analizados: 225519
Amenazas detectadas: 5
Amenazas en cuarentena: 5
Tiempo transcurrido: 1 hr, 54 min, 23 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Advertencia
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 3
PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{2BE2692B-7E04-6371-E73B-2B4FC78186F2}, En cuarentena, [3751], [589898],1.0.7509
PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CC650C80-2C69-4C80-8803-91A5E83436B8}, En cuarentena, [3751], [589898],1.0.7509
PUP.Optional.WinYahoo.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{CC650C80-2C69-4C80-8803-91A5E83436B8}, En cuarentena, [3751], [589898],1.0.7509

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 2
PUP.Optional.WinYahoo.Generic, C:\WINDOWS\TASKS\{2BE2692B-7E04-6371-E73B-2B4FC78186F2}.job, En cuarentena, [3751], [589898],1.0.7509
PUP.Optional.WinYahoo.Generic, C:\WINDOWS\SYSTEM32\TASKS\{2BE2692B-7E04-6371-E73B-2B4FC78186F2}, En cuarentena, [3751], [589898],1.0.7509

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Informe Eset Online Scanner

17:50:50 # product=EOS
# version=8
# flags=0
# esetonlinescanner_esn.exe=2.0.22.0
# EOSSerial=0e43e31cc5a5774bb3ca9bedbe9a3c5b
# end=init
# utc_time=2018-11-01 20:50:48
# local_time=2018-11-01 17:50:48 (-0300, Hora estándar de Argentina)
# country="Spain"
# osver=6.1.7601 NT Service Pack 1
17:51:13 Call m_esets_charon_setup_create
17:51:13 Call m_esets_charon_create
17:51:13 m_esets_charon_create OK
17:51:13 Call m_esets_charon_start_send_thread
17:51:13 Call m_esets_charon_setup_set
17:51:13 m_esets_charon_setup_set OK
17:51:22 Updating
17:51:22 Update Init
17:51:35 Call m_esets_charon_setup_create
17:51:35 Call m_esets_charon_create
17:51:35 m_esets_charon_setup_set ERROR
17:51:35 Update Download
17:55:00 esets_scanner_reload returned 0
17:55:00 g_uiModuleBuild: 39254
17:55:00 Update Finalize
17:55:00 Call m_esets_charon_send
17:55:00 Call m_esets_charon_destroy
17:55:00 Updated modules version: 39254
17:55:10 Call m_esets_charon_setup_create
17:55:10 Call m_esets_charon_create
17:55:10 m_esets_charon_setup_set ERROR
17:55:10 Scanner engine: 39254
21:08:49 # product=EOS
# version=8
# flags=0
# esetonlinescanner_esn.exe=2.0.22.0
# EOSSerial=0e43e31cc5a5774bb3ca9bedbe9a3c5b
# engine=39254
# end=finished
# bannerClicked=0
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2018-11-02 00:08:47
# local_time=2018-11-01 21:08:47 (-0300, Hora estándar de Argentina)
# country="Spain"
# lang=3082
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 40750324 163996921 0 0
# scanned=351415
# found=44
# cleaned=44
# scan_time=10825
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.G aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeojlpepoljdpaoiplnlhcfkoigijimc\12.41.9.46800_0\common\js\PartnerId.js.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.E aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeojlpepoljdpaoiplnlhcfkoigijimc\12.41.9.46800_0\components\api\background\widget-api-impl.js.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.E aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeojlpepoljdpaoiplnlhcfkoigijimc\12.41.9.46800_0\js\scriptInjector.js.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.G aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikgjglmlehllifdekcggaapkaplbdpje\12.41.9.65219_0\common\js\PartnerId.js.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.E aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikgjglmlehllifdekcggaapkaplbdpje\12.41.9.65219_0\components\api\background\widget-api-impl.js.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.E aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikgjglmlehllifdekcggaapkaplbdpje\12.41.9.65219_0\js\scriptInjector.js.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.G aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.41.9.60863_0\common\js\PartnerId.js.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.E aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.41.9.60863_0\components\api\background\widget-api-impl.js.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.E aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk\12.41.9.60863_0\js\scriptInjector.js.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de MSIL/UwS.AdvancedFileOptimizer.B aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced File Optimizer\AdvancedFileOptimizer.exe.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de MSIL/UwS.AdvancedFileOptimizer.C aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced File Optimizer\AdvancedFileOptimizerManager.exe.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/DealPly.OW aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\{473DAFFE-17BF-7E78-A639-0EFA76BBDD74}\2.0.1.9\fise.txt.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Adware.Agent.X aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\aabkmmkuqqfclndnfenuqoeneukbaoeo\10.1.1.52_0\popupTab2.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.G aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\alafdaicchmjsdsuwmytkldqxtyoqbqv\12.702.11.34341_0\common\js\PartnerId.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.E aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\alafdaicchmjsdsuwmytkldqxtyoqbqv\12.702.11.34341_0\components\api\background\widget-api-impl.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.E aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\alafdaicchmjsdsuwmytkldqxtyoqbqv\12.702.11.34341_0\js\scriptInjector.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Adware.Imali.B aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\bhpfyggnrwnjxaflzcrvcsnecgyocyqs\0.5.661_0\redirect.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.E aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\foqfyhijnrwlqzduddbomefzcvrzpqhx\12.600.11.23027_0\components\api\background\widget-api-impl.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.E aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\foqfyhijnrwlqzduddbomefzcvrzpqhx\12.600.11.23027_0\js\scriptInjector.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.G aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\foqfyhijnrwlqzduddbomefzcvrzpqhx\12.702.11.34246_0\common\js\PartnerId.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.E aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\foqfyhijnrwlqzduddbomefzcvrzpqhx\12.702.11.34246_0\components\api\background\widget-api-impl.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.E aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\foqfyhijnrwlqzduddbomefzcvrzpqhx\12.702.11.34246_0\js\scriptInjector.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Adware.Imali.A aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\pirwwjxgmzziwmqucehgsnsjohxwivpl\0.7_0\background.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Adware.Imali.A aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\pirwwjxgmzziwmqucehgsnsjohxwivpl\0.7_0\redirect.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Adware.Imali.A aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\slgukbhmqpnawyxxodenaolfhjfljdki\0.6_0\background.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Adware.Imali.A aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\slgukbhmqpnawyxxodenaolfhjfljdki\0.6_0\redirect.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.G aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\vmayvnensllrxkpxtolokrpkafqphnie\12.702.11.44211_0\common\js\PartnerId.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.E aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\vmayvnensllrxkpxtolokrpkafqphnie\12.702.11.44211_0\components\api\background\widget-api-impl.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Mindspark.E aplicación potencialmente indeseable (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\vmayvnensllrxkpxtolokrpkafqphnie\12.702.11.44211_0\js\scriptInjector.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Adware.Imali.A aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\ypiartfzjforvazrjxppogbmppldctlj\0.8_0\background.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Adware.Imali.A aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\files\ypiartfzjforvazrjxppogbmppldctlj\0.8_0\redirect.js"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Adware.RK.AM aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\v1\20181023.135230\1\pmls.dll#5152AFCFC82AE3A6"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Adware.RK.AM aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\v1\20181023.135230\29\PremierOpinion\pmls.dll#5152AFCFC82AE3A6"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win64/Adware.RK.A aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\v1\20181023.135230\29\PremierOpinion\pmls64.dll#F5A7A126D62DEE9E"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Adware.RK.AV aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\v1\20181023.135230\29\PremierOpinion\pmropn32.exe#4DC7AA1E75A624E1"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win64/Adware.RK.A aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\v1\20181023.135230\29\PremierOpinion\pmropn64.exe#26F6B9D96E18CFCF"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Adware.RK.AU aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\v1\20181023.135230\29\PremierOpinion\pmservice.exe#3652B8A2E0291CBB"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Adware.RK.AT aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\v1\20181023.135230\29\PremierOpinion\pmxf.dll#D5B1C77BD7F8C85C"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Adware.RK.AM aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\v1\20181023.135230\29\PremierOpinion\components\pmxg.dll#6D3CDC3B632BEF75"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Win32/Adware.RK.AM aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\v1\20181023.135230\29\PremierOpinion\firefox\pmnx.dll#D957F8B3D3E5F9EB"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Adware.RK.A aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\v1\20181023.135230\29\PremierOpinion\firefox\resources\dpjs\data\content.js#5ACC10C838635981"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="JS/Adware.RK.A aplicación (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\AdwCleaner\Quarantine\v1\20181023.135230\29\PremierOpinion\firefox\resources\dpjs\lib\main.js#D80A8417BB4CCA58"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D aplicación potencialmente peligrosa (no se ha podido desinfectar - archivo eliminado)" ac=C fn="C:\Users\Edu\Downloads\ccsetup547.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="una variante de Android/Hiddad.JT Troyano (eliminado)" ac=C fn="C:\Users\Edu\Downloads\HeartRate_com.babiliy.aldinton_1.4.180121.apk"
21:08:56 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Edu\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
21:08:58 Call m_esets_charon_send
21:08:58 Call m_esets_charon_destroy

Quedo a la espera de los pasos a seguir, Muchas Gracias !:hugs:


#5

Realizas un análisis con:

Luego:

  • Desactiva Temporalmente tu antivirus y cualquier programa de seguridad.

  • Descarga a Tu Escritorio >> Esto es muy importante<<.,Fabar Recovery Scan Tool, considerando la versión adecuada para tu equipo. (32 o 64 bits) :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits?

  • Doble clic para ejecutar Frst.exe. En la ventana del Disclaimer, presiona Yes.

  • En la nueva ventana que se abre, presiona el botón Scan y espera a que concluya el análisis.

  • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, que estarán grabados en Tu escritorio.

En Tu próxima respuesta, copias y pegas los dos reportes Frst.txt y Addition.txt de FRST

Nota: Si el/los reportes solicitados no entraran en una sola respuesta porque superan la cantidad de caracteres permitidos, puedes utilizar dos o mas respuestas para pegarlos completamente.

Me pegas ambos logs


#6

Gracias @Miguelgrado :slight_smile: aquí van los Logs requeridos:

LOG FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24.10.2018
Ran by Edu (administrator) on EDU-PC (02-11-2018 14:57:12)
Running from C:\Users\Edu\Desktop
Loaded Profiles: Edu (Available Profiles: Edu & Administrador)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Edu\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(TP-Link Technologies Co., Ltd) C:\Program Files\TP-Link\TP-Link Wireless Adapter WPS Tool\TWCU.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2159216 2014-03-19] (VIA)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\...\Run: [Spotify Web Helper] => C:\Users\Edu\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017848 2015-07-27] (Spotify Ltd)
HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [957976 2016-04-26] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14544792 2018-10-23] (Piriform Ltd)
HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\...\Run: [Shell] => C:\Program Files\TP-Link\TP-Link TL-WN722N\WPS_TOOL_AUTO.vbs [146 2018-10-23] ()
HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\...\MountPoints2: {a25b0580-d6db-11e8-9608-806e6f6e6963} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 186.130.128.53 200.63.155.50
Tcpip\..\Interfaces\{3E187EA8-7232-40AA-94BB-75DF87DCE104}: [DhcpNameServer] 181.47.248.145 200.115.192.90 200.115.192.89
Tcpip\..\Interfaces\{9353DF50-36BE-4A03-97DD-8F06A7E7C3E2}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{9EB463DA-2C94-468C-B0BD-DE954E7B19B7}: [DhcpNameServer] 186.130.128.133 200.63.155.69
Tcpip\..\Interfaces\{BB21AA8B-326D-43B7-A78B-38D0B873F40D}: [DhcpNameServer] 186.130.128.53 200.63.155.50

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://es.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-01] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-01] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3594820560-3659426682-1468905893-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-09-15] [Legacy] [not signed]
FF HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-10] ()
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-10-06] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3594820560-3659426682-1468905893-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Edu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-11] (Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR NewTab: Profile 1 ->  Not-active:"chrome-extension://eablhnhdlibgncddnfdcipphcblbkndd/redirect.html"
CHR Profile: C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default [2018-11-01]
CHR Extension: (Presentaciones) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documentos) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Búsqueda de Google) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-08-30]
CHR Extension: (Hojas de cálculo) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
CHR Extension: (Cuevana Full Downloader) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\joplgpkbfbcdjidogkikhdbddahjclpc [2017-10-10]
CHR Extension: (Skype) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-25]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-23]
CHR Extension: (Gmail) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-24]
CHR Extension: (Chrome Media Router) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-23]
CHR Profile: C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-11-02]
CHR Extension: (Presentaciones) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Documentos) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-14]
CHR Extension: (YouTube) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-14]
CHR Extension: (Hojas de cálculo) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Kids Game Korners Ad) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hcjgbebigkngpbaghfdnobnenkdlffhn [2017-11-21]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-14]
CHR Extension: (Chrome Media Router) - C:\Users\Edu\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-23]
CHR Profile: C:\Users\Edu\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [1288712 2018-02-04] ()
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-26] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files\BlueStacks\HD-Plus-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [921112 2016-04-26] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Program Files\EasyAntiCheat\EasyAntiCheat.exe [526888 2018-02-02] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [509408 2015-07-22] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2014-03-19] (VIA Technologies, Inc.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5315584 2010-02-11] (ATI Technologies Inc.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2014-03-19] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2014-03-19] ()
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [140856 2016-04-26] (BlueStack Systems)
R2 BstkDrv; C:\Program Files\BlueStacks\BstkDrv.sys [220216 2016-04-06] (Bluestack System Inc. )
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [229568 2018-11-02] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [4385360 2016-10-09] (Realtek Semiconductor Corporation )
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1804400 2014-03-19] (VIA Technologies, Inc.)
U1 aswbdisk; no ImagePath
S3 BEDaisy; \??\C:\Program Files\Common Files\BattlEye\BEDaisy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-02 14:56 - 2018-11-02 14:56 - 001774592 _____ (Farbar) C:\Users\Edu\Desktop\FRST.exe
2018-11-02 14:06 - 2018-11-02 14:06 - 000001629 _____ C:\Users\Edu\Desktop\ZHPCleaner.txt
2018-11-02 13:52 - 2018-11-02 13:52 - 000000826 _____ C:\Users\Edu\Desktop\ZHPCleaner.lnk
2018-11-02 13:51 - 2018-11-02 13:51 - 003285376 _____ C:\Users\Edu\Desktop\ZHPCleaner.exe
2018-11-02 11:49 - 2018-11-02 11:49 - 000229568 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-11-02 00:19 - 2018-11-02 00:20 - 000042206 _____ C:\Users\Edu\Desktop\Addition.txt
2018-11-02 00:17 - 2018-11-02 14:57 - 000015551 _____ C:\Users\Edu\Desktop\FRST.txt
2018-11-02 00:17 - 2018-11-02 14:57 - 000000000 ____D C:\FRST
2018-11-02 00:01 - 2018-11-02 00:01 - 000001852 _____ C:\Users\Edu\Desktop\JRT.txt
2018-11-01 23:07 - 2018-11-01 23:07 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-01 23:07 - 2018-11-01 23:07 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-01 22:57 - 2018-11-01 22:57 - 000000000 ____D C:\Program Files\Common Files\Java
2018-11-01 22:56 - 2018-11-01 22:56 - 000000000 ____D C:\Program Files\Common Files\Oracle
2018-11-01 22:08 - 2018-11-02 14:06 - 000000000 ____D C:\Users\Edu\AppData\Roaming\ZHP
2018-11-01 22:08 - 2018-11-01 22:08 - 000000000 ____D C:\Users\Edu\AppData\Local\ZHP
2018-11-01 17:09 - 2018-11-01 17:08 - 006985848 _____ (ESET spol. s r.o.) C:\Users\Edu\Desktop\esetonlinescanner_esn.exe
2018-11-01 16:46 - 2018-11-01 16:46 - 001599815 _____ C:\Users\Edu\Downloads\IFS (1).exe
2018-11-01 16:00 - 2018-11-01 16:00 - 000001191 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-11-01 16:00 - 2018-11-01 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-11-01 16:00 - 2018-11-01 16:00 - 000000000 ____D C:\Program Files\VS Revo Group
2018-11-01 15:57 - 2018-11-01 15:57 - 007197480 _____ (VS Revo Group ) C:\Users\Edu\Downloads\revosetup.exe
2018-10-23 18:57 - 2018-10-23 18:59 - 000000000 ____D C:\Users\Edu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TP-Link
2018-10-23 18:55 - 2018-10-23 18:58 - 000000000 ____D C:\Program Files\TP-Link
2018-10-23 18:54 - 2016-10-09 02:19 - 004385360 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\rtwlanu.sys
2018-10-23 18:54 - 2016-10-09 02:19 - 004385360 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys
2018-10-23 18:54 - 2016-10-09 02:19 - 001044040 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2018-10-23 18:54 - 2016-10-09 02:19 - 000115792 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\RtlExtUI.dll
2018-10-23 18:54 - 2016-10-09 02:19 - 000054352 _____ (Windows (R) 2000 DDK provider) C:\Windows\system32\rtlCoInst.dll
2018-10-23 18:54 - 2016-10-09 02:19 - 000024058 _____ C:\Windows\system32\netrtwlanu.cat
2018-10-23 18:54 - 2016-10-09 02:11 - 000011794 _____ C:\Windows\system32\rtlCoInst.dat
2018-10-23 18:54 - 2016-10-09 02:11 - 000002101 _____ C:\Windows\system32\TP_TXPWR_LMT_Enc.txt
2018-10-23 18:54 - 2016-10-09 02:11 - 000002101 _____ C:\Windows\system32\Drivers\TP_TXPWR_LMT_Enc.txt
2018-10-23 18:54 - 2016-10-09 02:11 - 000000658 _____ C:\Windows\system32\TP_PHY_REG_PG_Enc.txt
2018-10-23 18:54 - 2016-10-09 02:11 - 000000658 _____ C:\Windows\system32\Drivers\TP_PHY_REG_PG_Enc.txt
2018-10-23 18:47 - 2018-10-23 18:47 - 047957459 _____ C:\Users\Edu\Downloads\TL-WN722N(EU_US_ES)_V2_V3_170726_Wins.zip
2018-10-23 17:59 - 2018-10-23 17:59 - 000000000 ____D C:\Users\Edu\AppData\Local\mbamtray
2018-10-23 17:56 - 2018-10-23 17:56 - 000001181 _____ C:\Users\Edu\Documents\Documentos - Acceso directo.lnk
2018-10-23 17:53 - 2018-11-01 21:41 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-10-23 17:53 - 2018-10-23 17:53 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-23 17:53 - 2018-10-23 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-23 17:41 - 2018-11-01 21:14 - 000000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-10-23 17:41 - 2018-10-23 17:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-10-23 16:48 - 2018-10-23 18:55 - 000000000 ____D C:\Users\Edu\AppData\Local\TP-Link
2018-10-23 14:54 - 2018-10-23 14:54 - 000000000 ____D C:\Users\Edu\AppData\Local\mbam
2018-10-23 14:52 - 2018-10-23 14:52 - 000000000 ____D C:\Program Files\Malwarebytes
2018-10-23 12:25 - 2018-10-23 18:54 - 000000000 ____D C:\temp
2018-10-23 12:24 - 2018-10-23 18:57 - 000000000 ____D C:\ProgramData\TP-LINK
2018-10-08 18:04 - 2015-07-18 10:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-10-08 18:04 - 2015-07-18 10:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-10-08 00:51 - 2018-10-13 18:53 - 000059890 _____ C:\Windows\system32\stub.json
2018-10-05 15:10 - 2018-10-05 15:21 - 000012061 ____H C:\Users\Edu\Desktop\~WRL0003.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-02 14:37 - 2016-07-04 23:10 - 000000250 _____ C:\Windows\Tasks\{1CAFC29C-5156-52AA-AB11-34C3F46291D4}.job
2018-11-02 13:52 - 2014-06-03 19:55 - 000000000 ____D C:\Users\Edu\Desktop\NO TOCAR!
2018-11-02 11:57 - 2009-07-14 01:34 - 000020880 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-02 11:57 - 2009-07-14 01:34 - 000020880 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-02 11:54 - 2016-05-17 13:44 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2018-11-02 11:49 - 2018-02-03 00:33 - 000000000 ____D C:\Program Files\Hi-Rez Studios
2018-11-02 11:49 - 2009-07-14 01:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-01 23:24 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\inf
2018-11-01 23:06 - 2014-03-19 22:17 - 000000000 ____D C:\Program Files\Google
2018-11-01 23:05 - 2015-09-15 23:06 - 000000000 ____D C:\Users\Edu\AppData\Local\Adobe
2018-11-01 23:05 - 2014-03-20 00:52 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-11-01 23:05 - 2014-03-20 00:52 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-11-01 23:05 - 2014-03-20 00:52 - 000000000 ____D C:\Windows\system32\Macromed
2018-11-01 22:57 - 2016-01-17 12:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-11-01 22:57 - 2015-08-29 18:44 - 000000000 ____D C:\Program Files\Java
2018-11-01 22:55 - 2016-01-17 12:55 - 000096632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2018-11-01 21:22 - 2018-02-02 20:21 - 000000000 ____D C:\Program Files\Steam
2018-11-01 21:14 - 2015-09-24 23:21 - 000000000 ____D C:\Program Files\CCleaner
2018-11-01 17:00 - 2015-09-25 12:25 - 000000000 ____D C:\FSTool
2018-10-24 13:02 - 2014-03-19 21:04 - 001685736 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-24 13:02 - 2009-07-14 05:48 - 000750994 _____ C:\Windows\system32\perfh00A.dat
2018-10-24 13:02 - 2009-07-14 05:48 - 000160036 _____ C:\Windows\system32\perfc00A.dat
2018-10-23 18:58 - 2014-03-19 22:26 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-10-23 17:52 - 2018-02-20 17:40 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-10-23 17:52 - 2018-02-20 17:36 - 000000000 ____D C:\ProgramData\AVAST Software
2018-10-23 17:46 - 2015-09-28 17:51 - 000000000 ____D C:\Users\Edu\AppData\Roaming\BitTorrent
2018-10-23 17:45 - 2014-03-24 11:33 - 000000000 ____D C:\Windows\Minidump
2018-10-23 14:52 - 2014-03-19 22:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-23 14:47 - 2017-12-17 23:39 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-23 13:51 - 2014-06-03 20:01 - 000000000 ____D C:\AdwCleaner
2018-10-15 18:48 - 2014-03-19 21:24 - 000479504 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-10-15 15:30 - 2009-07-13 23:37 - 000000000 ____D C:\Windows\system32\NDF
2018-10-15 15:27 - 2018-02-02 20:21 - 000000000 ____D C:\Program Files\Common Files\Steam
2018-10-15 00:20 - 2014-04-24 14:01 - 000000335 _____ C:\Users\Edu\AppData\Roaming\WB.CFG
2018-10-11 00:12 - 2017-08-01 01:49 - 000271360 _____ C:\Users\Edu\Documents\Outlook.pst

==================== Files in the root of some directories =======

2014-12-02 11:20 - 2014-12-02 11:20 - 000005558 _____ () C:\Program Files\Right Backupignorerules.xml14xuxusr.wcx.xml_
2014-12-02 11:20 - 2014-12-02 11:20 - 000001880 _____ () C:\Program Files\Right Backupsmartbackuprules.xmlqujshdas.p02.xml_
2016-10-18 10:01 - 2016-10-18 10:01 - 003187734 _____ () C:\Users\Edu\AppData\Roaming\sb310.dat
2014-04-24 14:01 - 2018-10-15 00:20 - 000000335 _____ () C:\Users\Edu\AppData\Roaming\WB.CFG
2016-05-15 00:03 - 2016-05-15 00:04 - 000004608 _____ () C:\Users\Edu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Windows\Tasks\{1CAFC29C-5156-52AA-AB11-34C3F46291D4}.job


Some files in TEMP:
====================
2018-11-01 22:54 - 2018-11-01 22:54 - 001892728 _____ (Oracle Corporation) C:\Users\Edu\AppData\Local\Temp\jre-8u191-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-02 01:08

==================== End of FRST.txt ============================

#7

LOG FRST ADDITION:


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24.10.2018
Ran by Edu (02-11-2018 14:58:02)
Running from C:\Users\Edu\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-03-19 23:57:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3594820560-3659426682-1468905893-500 - Administrator - Disabled) => C:\Users\Administrador
Edu (S-1-5-21-3594820560-3659426682-1468905893-1001 - Administrator - Enabled) => C:\Users\Edu
HomeGroupUser$ (S-1-5-21-3594820560-3659426682-1468905893-1002 - Limited - Enabled)
Invitado (S-1-5-21-3594820560-3659426682-1468905893-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{A80FA752-C491-4ED9-ABF0-4278563160B2}) (Version: 7.1.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{2333AFB1-D26D-8C62-A253-89C91DAA993A}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
BlueStacks App Player (HKLM\...\{AA655366-D323-404D-AA9B-AD562CAE1DD0}) (Version: 2.2.21.6212 - BlueStack Systems, Inc.)
BufferChm (HKLM\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
ccc-core-static (HKLM\...\{8ADE5280-35CA-CF98-A456-F66B98C77244}) (Version: 2010.0210.2206.39615 - Nombre de su organización) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.48 - Piriform)
Copy (HKLM\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CPUID CPU-Z 1.79.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
Cube World version 0.0.1 (HKLM\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
Destinations (HKLM\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_05_F4400_Software_Min (HKLM\...\{A835C187-691C-4827-BCEA-1611179C96B9}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Epic Games Launcher (HKLM\...\{0ACCA8BE-C376-428E-894E-D660A07B4C69}) (Version: 1.1.139.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x86) (HKLM\...\{B633DAAD-9294-4C7D-A625-D5B741A8C2B6}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
F4400 (HKLM\...\{08067AFD-4ECE-4454-80B4-31C859D4EDC1}) (Version: 140.0.696.000 - Hewlett-Packard) Hidden
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{A800FCC9-8E1E-4D84-9CED-47870701FDE1}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (HKLM\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Java 8 Update 191 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Launcher Prerequisites (x86) (HKLM\...\{ec50c375-be9a-4642-9b8c-86dcc42e39c3}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM\...\{11B6CA74-0359-4E8B-9729-1902B9ADD29C}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MarketResearch (HKLM\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Metric Collection SDK 35 (HKLM\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM\...\{90120000-0016-0C0A-0000-0000000FF1CE}_PROPLUS_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM\...\{90120000-001A-0C0A-0000-0000000FF1CE}_PROPLUS_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM\...\{90120000-0018-0C0A-0000-0000000FF1CE}_PROPLUS_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM\...\{90120000-001B-0C0A-0000-0000000FF1CE}_PROPLUS_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft1.7.2 (HKLM\...\Minecraft1.7.2) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Plantas contra Zombis (HKLM\...\Plantas contra Zombis) (Version:  - PopCap Games)
Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
ROBLOX Player (HKLM\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Roblox Player for Edu (HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
ROBLOX Studio for Edu (HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Scan (HKLM\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SHAREit (HKLM\...\SHAREit_is1) (Version: 2.5.1.5 - Lenovo Group Limited)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
SmartWebPrinting (HKLM\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM\...\{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\...\Spotify) (Version: 1.0.10.107.gd0dfca3a - Spotify AB)
Status (HKLM\...\{2FB9EA69-51D4-4913-9AD5-762C034DE811}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Toolbox (HKLM\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TP-Link TL-WN722N (HKLM\...\{F9C15685-38A9-46A1-9826-97204015C19C}) (Version: 1.0.0 - TP-Link)
TP-Link Wireless Adapter WPS Tool (HKLM\...\{685EFF87-B126-49E4-8213-70C56625C5B5}) (Version: 1.0.0.1 - TP-Link)
TrayApp (HKLM\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\...\UnityWebPlayer) (Version: 4.6.3f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIA Administrador de dispositivos de plataforma (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
War Thunder Launcher 1.0.3.10 (HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
WebReg (HKLM\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3594820560-3659426682-1468905893-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Edu\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [Advanced System Protector] -> {00212D92-C5D8-4ff4-AE50-B20F0F85C40A} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files\Lenovo\SHAREit\ShellEx\ShellExt32.dll [2015-09-17] (Lenovo)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files\Lenovo\SHAREit\ShellEx\ShellExt32.dll [2015-09-17] (Lenovo)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2010-02-10] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04B8FA5B-F394-4624-9AB4-BCBB25F2924E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-10-23] (Piriform Ltd)
Task: {0A3E4B86-BC0A-42BE-B9EF-63FC667BCB82} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {1FD8091A-1758-401E-84BE-3AB0C92607E1} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-10-08] (ASUSTeK Computer Inc.)
Task: {33C7355C-F217-4FBE-99ED-04EC6B039CE0} - System32\Tasks\{129D3AF6-5F36-485A-A3A0-03A9EF710678} => C:\Program Files\Google\Chrome\Application\chrome.exe 
Task: {4620C1CD-398B-4289-B087-E4F6157D4452} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)
Task: {4B33234E-1EBA-4611-84DE-0CB45AAD34CB} - System32\Tasks\{0C905BD3-FFF1-4FF3-A8A2-13ED86846500} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\bestadblocker\CBGrxvBB7h45h1.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {4FC5358A-BB5A-413C-9D3A-6C64C11C9C30} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy
Task: {4FC5358A-BB5A-413C-9D3A-6C64C11C9C30} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(3): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun
Task: {52820009-8C40-493D-A2D1-8D694776B5AC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {5AF15481-D770-4CAB-98B6-B646ABDD3878} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {65239B4B-12AA-4A97-BFB1-BA9B3D5221BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-25] (Google Inc.)
Task: {66FACDA5-4898-4E6C-966D-F8586AF867EB} - System32\Tasks\QIIz0RB => C:\Users\Edu\AppData\Roaming\QIIz0RB.exe <==== ATTENTION
Task: {69B7A02B-84F7-4D2B-A9F5-95ABFBDFB67C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-10] (Adobe Systems Incorporated)
Task: {86F276D6-41D0-4CDD-AA42-5176EF49B052} - System32\Tasks\{1DC27AFF-0F53-4562-8304-325815A68B9E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\eMule\Uninstall.exe" -d "C:\Program Files\eMule\config"
Task: {8D5EFDF9-04D6-471B-826B-6B907E962517} - System32\Tasks\{3C1D31D7-AD04-4C6C-8B9F-E6E9A0F6FF20} => C:\Windows\system32\pcalua.exe -a C:\Users\Edu\Downloads\JavaSetup8u60.exe -d C:\Users\Edu\Desktop
Task: {94007278-8BE6-4781-B57C-274B25F98E29} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-25] (Google Inc.)
Task: {A295BBA5-553B-4DD7-BC06-49F2A65FA196} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate
Task: {A295BBA5-553B-4DD7-BC06-49F2A65FA196} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate -noappraiser
Task: {AB21847C-2247-4B58-BBE5-23E5ABF4A743} - System32\Tasks\9zEevHWbwdl0JlRk8VzkQ5Wvs => C:\Users\Edu\AppData\Roaming\9zEevHWbwdl0JlRk8VzkQ5Wvs.exe <==== ATTENTION
Task: {BE239171-237E-4287-96F5-673FAA5D9F6B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-10-23] (Piriform Ltd)
Task: {BE9526FD-8C8F-4C5C-9AE9-31D369865201} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_31_0_0_122_pepper.exe [2018-10-10] (Adobe Systems Incorporated)
Task: {CA185A02-14B2-4B00-A4C3-6B67C5ADC98B} - \Only-search -> No File <==== ATTENTION
Task: {CB338ADA-0412-47E1-A3F2-39A2A2952C04} - System32\Tasks\{1CAFC29C-5156-52AA-AB11-34C3F46291D4} => C:\PROGRA~1\COMMON~1\Cufelole\UPDATE~1.EXE
Task: {D4D4A903-29C1-4DEC-891F-7FECCD483AB7} - System32\Tasks\{7BFBD220-FDF8-4B26-ACC0-E346E9B59FD0} => C:\Windows\system32\pcalua.exe -a "E:\DRIVER TP LINK USB WIFI\TL-WN721N_V1_131113\Setup.exe" -d "E:\DRIVER TP LINK USB WIFI\TL-WN721N_V1_131113"
Task: {DB866469-71C6-4886-941C-EA41C6521794} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {E2E742FF-FA8B-4311-939B-9DA4C1C2DEA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-01] (Adobe Systems Incorporated)
Task: {F2D0A315-C9C0-4656-83B8-F994492D2EA1} - \Only-search Updater -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\{1CAFC29C-5156-52AA-AB11-34C3F46291D4}.job => C:\PROGRA~1\COMMON~1\Cufelole\UPDATE~1.EXE

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Edu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\francisco 2008 - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2014-03-19 22:42 - 2014-03-19 22:39 - 000080496 _____ () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2014-03-19 22:42 - 2014-03-19 22:39 - 000113264 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2014-03-19 22:42 - 2014-03-19 22:39 - 000623216 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2018-10-23 17:53 - 2018-11-01 21:41 - 002225368 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-10-23 08:22 - 2018-10-23 08:22 - 000098376 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
2018-10-23 18:58 - 2017-03-20 14:32 - 000195072 _____ () C:\Program Files\TP-Link\TP-Link Wireless Adapter WPS Tool\DC_WFF.dll
2018-10-23 18:58 - 2017-03-20 14:32 - 002095616 _____ () C:\Program Files\TP-Link\TP-Link Wireless Adapter WPS Tool\WJRtl.dll
2014-03-19 22:53 - 2014-03-19 22:53 - 000270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:04 - 2018-11-01 22:25 - 000001380 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Edu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 186.130.128.53 - 200.63.155.50
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: BitTorrent => "C:\Users\Edu\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Spotify => "C:\Users\Edu\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Edu\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1FA0669F-C3F7-4753-B3EE-7722AEF87560}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4C4EB3F8-C041-407E-BC15-9E4F44796CDA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{40FC9285-F690-40B7-9954-9B319FBE9504}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B261662C-F2B3-476A-BBED-4795A4CCAA95}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{3313F6DD-6C13-44DC-86CF-DAD3642D1D65}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{C8B7B28F-8548-40E7-B885-737A0F57FCBA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{0308745B-8A02-4FB0-BC2F-1500A4DB73FE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{AB7BBD30-F775-4062-B2CE-F8DCEF5ABEF1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{83863797-F145-4E69-AB52-1A8B1F30A8AB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D19D5B14-0B46-4A79-A44C-9573E4F38D9F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{17CEE7DC-4C70-470C-98A1-07B3E6ED0555}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{66C91AB0-BBA1-4038-AF96-66DF326D9B73}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{5B55F107-7AF2-40EB-984E-C847CFE9E0EE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{1EDCBD4C-C8F4-4D32-B72F-A0A5086771DC}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{5D23DA55-9615-45D8-9E02-DD7642A497F9}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{FF015F26-2D14-42B3-B91F-C0E638F44F73}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{50F680D2-B03B-4108-9EDA-F06B4F8716E3}] => (Allow) C:\Program Files\eMule\emule.exe
FirewallRules: [{CF796515-4019-4F5B-9174-6B1DA0C128DC}] => (Allow) C:\Program Files\eMule\emule.exe
FirewallRules: [{BBB34C18-2557-499D-BF64-162D0BD846AE}] => (Allow) C:\Program Files\eMule\emule.exe
FirewallRules: [{F8D53BD4-2737-4DE3-B694-9BB1A0E74723}] => (Allow) C:\Program Files\eMule\emule.exe
FirewallRules: [TCP Query User{C85E256A-B04C-435C-9A62-3BB78594DEA3}C:\program files\emule\emule.exe] => (Allow) C:\program files\emule\emule.exe
FirewallRules: [UDP Query User{CAE56CC5-9E1C-4E67-A333-433C0662C2EE}C:\program files\emule\emule.exe] => (Allow) C:\program files\emule\emule.exe
FirewallRules: [{202B6F72-0EDB-4496-9D47-717EC3AEBBF3}] => (Allow) C:\Users\Edu\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{97ADF108-2150-47D8-AA62-6718771AD31C}] => (Allow) C:\Users\Edu\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [TCP Query User{5B942D14-5633-4ACC-9307-95833A5B98F2}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{CD9AD0CD-EE5F-476B-B99E-D5E209403F56}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{44769906-5F6D-495E-8BC0-CDB27C43FCD8}C:\users\edu\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\edu\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D08C1848-709E-4547-8677-145AFC587EC7}C:\users\edu\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\edu\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8EA06A32-E9BC-4E9B-80C9-18F5BDC10748}] => (Allow) C:\Users\Edu\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{36387CF6-5CF9-4C72-B74E-67285EEBB06A}] => (Allow) C:\Users\Edu\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E5E2168F-3432-4052-B0CB-921A7A1D78E8}] => (Allow) C:\Users\Edu\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A7003866-F03C-429D-A84E-6A7383535AFD}] => (Allow) C:\Users\Edu\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FE12BCA2-5C1A-4929-9A77-4B8FFC0456E6}] => (Allow) C:\Users\Edu\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C19ED40A-4DD6-457F-804F-A775B50DB04D}] => (Allow) C:\Users\Edu\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{D38CA46B-CC42-454C-A323-9C7CA78D5154}C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Block) C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{81C3B537-D877-48F1-8DB9-4932EEA546C0}C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Block) C:\program files\minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [{FE9CE7F1-F0AC-4E4E-BCC3-1D8801CFBEC5}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{DA1A3284-44D5-4FCC-A702-261FBB0D7ED3}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [TCP Query User{D344BAC4-A3B1-4E9E-A887-19495C507445}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{A86AEFC8-A49E-4A8D-9651-5ED5B9E7EFF1}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{8FD9405D-7F41-4F9E-9EC3-D48BF418A978}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{A13A1118-18B3-45B0-ADB8-8D5C1D572B72}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [TCP Query User{8CFC43F2-FF98-4E40-AFB5-C7029316BF5F}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [UDP Query User{52928135-C2DD-430C-A352-0AAE491A9406}C:\games\counter-strike\hl.exe] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [{302B6FD1-FB7F-453A-B241-0862A4C42733}] => (Allow) C:\Users\Edu\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{FFD285EE-9AC8-4D3F-A4C9-31DDA366C42D}C:\users\edu\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\edu\appdata\local\warthunder\launcher.exe
FirewallRules: [UDP Query User{931B99C6-507D-40BA-A661-CC6CB9E263EA}C:\users\edu\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\edu\appdata\local\warthunder\launcher.exe
FirewallRules: [TCP Query User{428AEBF6-A02F-41A8-A12E-E3BCDEB91F61}C:\users\edu\appdata\local\warthunder\win32\aces.exe] => (Block) C:\users\edu\appdata\local\warthunder\win32\aces.exe
FirewallRules: [UDP Query User{648F687D-45C5-4265-A9A8-0B979D613A18}C:\users\edu\appdata\local\warthunder\win32\aces.exe] => (Block) C:\users\edu\appdata\local\warthunder\win32\aces.exe
FirewallRules: [{EC73DEB4-52E3-43F7-A4C7-F5AC6C01BBF4}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{FE2450C2-2EE5-4838-ADAF-D58DE20A61F8}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{17AE406F-57AE-4E1B-8502-BD1050B92C95}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B22901EB-00F6-4138-8A11-BC4F80D80843}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E02CA95A-E71A-4809-88D5-B53E38AEAB7F}] => (Allow) C:\Program Files\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{18739765-FD9E-4B54-AA1D-FA2673B892ED}] => (Allow) C:\Program Files\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{B01F6B5D-8EB3-4D78-BD10-5CF74186192A}] => (Allow) C:\Program Files\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{2B6A1B1E-8F80-45FD-A3E0-BC2C4C83704B}] => (Allow) C:\Program Files\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{3F9F062E-B362-4A78-B829-F560AEA6FC3C}C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{6D5EFAB5-146A-44F0-88F2-0E86AC4EE293}C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{7172CA34-7114-4312-842F-C749A8E81D2B}C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{38BC1323-95B2-4A34-83F6-A20178C6D999}C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{31A14BEE-CCD5-40BB-95B5-043A4E570538}] => (Allow) C:\Program Files\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{914AFB65-2171-4831-82CC-8C64AB16A6E5}] => (Allow) C:\Program Files\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{C8B130B5-98AB-4FCE-9149-9AF869DC9D14}] => (Allow) C:\Program Files\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{2E0DFF8D-0C00-46E1-972C-DFD8B0320203}] => (Allow) C:\Program Files\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [TCP Query User{F120519C-91A6-4D6D-869C-4EC16771ECCD}C:\program files\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{E8BEC342-9C24-45A3-9FEC-474B826711F4}C:\program files\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{7CA3D29F-47AE-461B-9CE7-DCE70A4EE52D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe
FirewallRules: [UDP Query User{361CB623-5B10-4984-8A4A-84C1F06C1FF1}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.144\deploy\leagueclient.exe
FirewallRules: [TCP Query User{8222C94B-8D82-4CBD-8086-ED138608E2E4}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [UDP Query User{C2C144D8-6BA8-4870-BEAC-276C4978705C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.155\deploy\leagueclient.exe
FirewallRules: [TCP Query User{9A7B538B-E483-4AFB-9B07-61479A5BD274}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [UDP Query User{3B797942-B840-4D81-8403-368D6A3AC0A2}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [TCP Query User{CC0C9B44-88D6-4220-95B1-63DD5AC5E868}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [UDP Query User{F97CB4AE-4275-4710-979F-8F3E469A2286}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.158\deploy\leagueclient.exe
FirewallRules: [{E478B110-8409-45DC-8404-9448963694F9}] => (Allow) C:\Program Files\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe
FirewallRules: [{68E50C22-2A56-41C4-9297-5BCB344D63BF}] => (Allow) C:\Program Files\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe
FirewallRules: [{D356C07A-0992-403F-9809-590F634351B3}] => (Allow) C:\Program Files\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe
FirewallRules: [{08A09C01-B197-4D30-BFA6-31856544C3C3}] => (Allow) C:\Program Files\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe
FirewallRules: [{7DE5919A-29AF-4DAA-83F1-119726B89B4B}] => (Allow) C:\Program Files\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe
FirewallRules: [{79433E16-5D4D-44D7-A484-F0963E60DB50}] => (Allow) C:\Program Files\TP-Link\TP-Link Wireless Adapter WPS Tool\RTLDHCP.exe
FirewallRules: [{35C5DF7B-E493-480B-9E5E-C9A5E0C57DC8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{41F985E6-987E-4B7B-88D7-53020D8E77FF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{BE6EDE07-EF54-4819-A999-3BB76D468227}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-10-2018 22:36:11 Windows Update
15-10-2018 15:54:03 Windows Update
23-10-2018 13:34:55 Windows Update
23-10-2018 18:53:37 Installed TP-Link Wireless Adapter WPS Tool and Driver
23-10-2018 18:58:06 Instalado Utilidad de configuración inalámbrica de TP-LINK
01-11-2018 16:31:00 Revo Uninstaller's restore point - Google Chrome
01-11-2018 16:36:35 Windows Update
01-11-2018 16:46:41 Revo Uninstaller's restore point - cecilia - Chrome
01-11-2018 16:59:17 Revo Uninstaller's restore point - SnapMyScreen
01-11-2018 23:55:12 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2018 11:48:35 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: No se puede inicializar el índice.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/01/2018 11:48:35 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: No se puede inicializar la aplicación.

Contexto: aplicación Windows

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/01/2018 11:48:35 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: No se puede inicializar el objeto Recopilador.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/01/2018 11:48:35 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.TripoliIndexer>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	No se ha encontrado el elemento.  (HRESULT : 0x80070490) (0x80070490)

Error: (11/01/2018 11:48:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: No se puede inicializar el complemento <Search.JetPropStore>.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/01/2018 11:48:34 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: El servicio Windows Search no puede cargar la información del almacén de propiedades.

Contexto: aplicación Windows, catálogo SystemIndex

Detalles:
	La base de datos del índice de contenido está dañada.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/01/2018 11:48:34 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: El servicio Windows Search se está deteniendo porque hay un problema con el indizador: The catalog is corrupt.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/01/2018 11:48:34 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: El servicio de búsqueda detectó archivos de datos dañados en el índice {id=4700}. Este servicio intentará corregir este problema automáticamente mediante la nueva generación del índice.

Detalles:
	El catálogo del índice de contenido está dañado.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (11/02/2018 02:56:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.

Error: (11/02/2018 02:56:22 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.

Error: (11/02/2018 02:56:21 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.

Error: (11/02/2018 02:56:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.

Error: (11/02/2018 02:56:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 70.

Error: (11/02/2018 02:56:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.

Error: (11/02/2018 02:56:15 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.

Error: (11/02/2018 02:56:15 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 40.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X3 450 Processor
Percentage of memory in use: 48%
Total physical RAM: 1790.18 MB
Available physical RAM: 925.24 MB
Total Virtual: 3580.36 MB
Available Virtual: 2348.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:342 GB) NTFS

\\?\Volume{9e92eafa-af9f-11e3-9184-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 70CFBD59)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

LOG ZHPCleaner

~ ZHPCleaner v2018.11.1.189 by Nicolas Coolman (2018/11/01)
~ Run by Edu (Administrator)  (02/11/2018 13:56:13)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Certificate ZHPCleaner: Legal
~ Type : Scanner
~ Report : C:\Users\Edu\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Edu\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (3)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Registro ( Claves, Valores, Datos) (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\ Resultado de la reparación.
~ ninguna reparación hecha
~ falta este navegador! (Mozilla Firefox)
~ falta este navegador! (Opera Software)


---\\ STATISTIQUES
~ Items escaneado : 62827
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 0/7
~ Ahorro de espacio (bytes) : 0


~ End of search in 00h10mn06s
ZHPCleaner-[S]-02112018-14_06_19.txt

#8

Bien… y ahora sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

  • Para hacerlo descarga Delfix en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En el equipo con los demas programas cerrados:

Inicio >>> Ejecutar >>>Escribes notepad.exe.

Ahora copia y pega estos archivos dentro del Notepad:


Start
CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\...\MountPoints2: {a25b0580-d6db-11e8-9608-806e6f6e6963} - F:\HiSuiteDownLoader.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-3594820560-3659426682-1468905893-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
U1 aswbdisk; no ImagePath
S3 BEDaisy; \??\C:\Program Files\Common Files\BattlEye\BEDaisy.sys [X]
2018-10-05 15:10 - 2018-10-05 15:21 - 000012061 ____H C:\Users\Edu\Desktop\~WRL0003.tmp
2018-11-02 14:37 - 2016-07-04 23:10 - 000000250 _____ C:\Windows\Tasks\{1CAFC29C-5156-52AA-AB11-34C3F46291D4}.job
2016-05-15 00:03 - 2016-05-15 00:04 - 000004608 _____ () C:\Users\Edu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-11-01 22:54 - 2018-11-01 22:54 - 001892728 _____ (Oracle Corporation) C:\Users\Edu\AppData\Local\Temp\jre-8u191-windows-au.exe
Task: {66FACDA5-4898-4E6C-966D-F8586AF867EB} - System32\Tasks\QIIz0RB => C:\Users\Edu\AppData\Roaming\QIIz0RB.exe <==== ATTENTION
C:\Users\Edu\AppData\Roaming\QIIz0RB.exe
Task: {AB21847C-2247-4B58-BBE5-23E5ABF4A743} - System32\Tasks\9zEevHWbwdl0JlRk8VzkQ5Wvs => C:\Users\Edu\AppData\Roaming\9zEevHWbwdl0JlRk8VzkQ5Wvs.exe <==== ATTENTION
C:\Users\Edu\AppData\Roaming\9zEevHWbwdl0JlRk8VzkQ5Wvs.exe
Task: {CA185A02-14B2-4B00-A4C3-6B67C5ADC98B} - \Only-search -> No File <==== ATTENTION
Task: {CB338ADA-0412-47E1-A3F2-39A2A2952C04} - System32\Tasks\{1CAFC29C-5156-52AA-AB11-34C3F46291D4} => C:\PROGRA~1\COMMON~1\Cufelole\UPDATE~1.EXE
C:\PROGRA~1\COMMON~1\Cufelole
Task: {F2D0A315-C9C0-4656-83B8-F994492D2EA1} - \Only-search Updater -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Edu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\francisco 2008 - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.<<

Nota: Es importante que la Hta Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no no trabajara.

  • Y ahora usa esta Faq de Windows ¿Cómo iniciar Windows en Modo Seguro?, para trabajar desde ese modo de windows.

  • Ejecutas Frst.exe.

  • Presionas el botón Fix y aguardas a que termine.

  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).

Lo pegas en tu próxima respuesta, comentado como va el problema


#9

@Miguelgrado , aquí el FIXLOG de FRST

Fix result of Farbar Recovery Scan Tool (x86) Version: 24.10.2018
Ran by Edu (02-11-2018 15:59:47) Run:1
Running from C:\Users\Edu\Desktop
Loaded Profiles: Edu (Available Profiles: Edu & Administrador)
Boot Mode: Safe Mode (minimal)

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\...\MountPoints2: {a25b0580-d6db-11e8-9608-806e6f6e6963} - F:\HiSuiteDownLoader.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-3594820560-3659426682-1468905893-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
U1 aswbdisk; no ImagePath
S3 BEDaisy; \??\C:\Program Files\Common Files\BattlEye\BEDaisy.sys [X]
2018-10-05 15:10 - 2018-10-05 15:21 - 000012061 ____H C:\Users\Edu\Desktop\~WRL0003.tmp
2018-11-02 14:37 - 2016-07-04 23:10 - 000000250 _____ C:\Windows\Tasks\{1CAFC29C-5156-52AA-AB11-34C3F46291D4}.job
2016-05-15 00:03 - 2016-05-15 00:04 - 000004608 _____ () C:\Users\Edu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-11-01 22:54 - 2018-11-01 22:54 - 001892728 _____ (Oracle Corporation) C:\Users\Edu\AppData\Local\Temp\jre-8u191-windows-au.exe
Task: {66FACDA5-4898-4E6C-966D-F8586AF867EB} - System32\Tasks\QIIz0RB => C:\Users\Edu\AppData\Roaming\QIIz0RB.exe <==== ATTENTION
C:\Users\Edu\AppData\Roaming\QIIz0RB.exe
Task: {AB21847C-2247-4B58-BBE5-23E5ABF4A743} - System32\Tasks\9zEevHWbwdl0JlRk8VzkQ5Wvs => C:\Users\Edu\AppData\Roaming\9zEevHWbwdl0JlRk8VzkQ5Wvs.exe <==== ATTENTION
C:\Users\Edu\AppData\Roaming\9zEevHWbwdl0JlRk8VzkQ5Wvs.exe
Task: {CA185A02-14B2-4B00-A4C3-6B67C5ADC98B} - \Only-search -> No File <==== ATTENTION
Task: {CB338ADA-0412-47E1-A3F2-39A2A2952C04} - System32\Tasks\{1CAFC29C-5156-52AA-AB11-34C3F46291D4} => C:\PROGRA~1\COMMON~1\Cufelole\UPDATE~1.EXE
C:\PROGRA~1\COMMON~1\Cufelole
Task: {F2D0A315-C9C0-4656-83B8-F994492D2EA1} - \Only-search Updater -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Edu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\francisco 2008 - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
END

*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully.
HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => removed successfully.
HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a25b0580-d6db-11e8-9608-806e6f6e6963} => removed successfully.
HKLM\Software\Classes\CLSID\{a25b0580-d6db-11e8-9608-806e6f6e6963} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully.
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully.
aswbdisk => service removed successfully.
HKLM\System\CurrentControlSet\Services\BEDaisy => removed successfully.
BEDaisy => service removed successfully.
C:\Users\Edu\Desktop\~WRL0003.tmp => moved successfully
C:\Windows\Tasks\{1CAFC29C-5156-52AA-AB11-34C3F46291D4}.job => moved successfully
C:\Users\Edu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Edu\AppData\Local\Temp\jre-8u191-windows-au.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66FACDA5-4898-4E6C-966D-F8586AF867EB} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66FACDA5-4898-4E6C-966D-F8586AF867EB} => could not remove. Access Denied.
C:\Windows\System32\Tasks\QIIz0RB => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QIIz0RB => could not remove. Access Denied.
"C:\Users\Edu\AppData\Roaming\QIIz0RB.exe" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB21847C-2247-4B58-BBE5-23E5ABF4A743} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB21847C-2247-4B58-BBE5-23E5ABF4A743} => could not remove. Access Denied.
C:\Windows\System32\Tasks\9zEevHWbwdl0JlRk8VzkQ5Wvs => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9zEevHWbwdl0JlRk8VzkQ5Wvs => could not remove. Access Denied.
"C:\Users\Edu\AppData\Roaming\9zEevHWbwdl0JlRk8VzkQ5Wvs.exe" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA185A02-14B2-4B00-A4C3-6B67C5ADC98B} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA185A02-14B2-4B00-A4C3-6B67C5ADC98B} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Only-search => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB338ADA-0412-47E1-A3F2-39A2A2952C04} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB338ADA-0412-47E1-A3F2-39A2A2952C04} => could not remove. Access Denied.
C:\Windows\System32\Tasks\{1CAFC29C-5156-52AA-AB11-34C3F46291D4} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1CAFC29C-5156-52AA-AB11-34C3F46291D4} => could not remove. Access Denied.
C:\PROGRA~1\COMMON~1\Cufelole => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2D0A315-C9C0-4656-83B8-F994492D2EA1} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2D0A315-C9C0-4656-83B8-F994492D2EA1} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Only-search Updater => not found
C:\Users\Edu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\francisco 2008 - Chrome.lnk => Shortcut argument removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-3594820560-3659426682-1468905893-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

No se puede vaciar la cach‚ de resoluci¢n de DNS: Error de una funci¢n durante la ejecuci¢n.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
No se puede iniciar el servicio o grupo de dependencia.



========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17753379 B
Java, Flash, Steam htmlcache => 21979693 B
Windows/system/drivers => 107976 B
Edge => 0 B
Chrome => 15702358 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 118094 B
LocalService => 132244 B
NetworkService => 551504263 B
Edu => 62528340 B
Administrador => 39903 B

RecycleBin => 0 B
EmptyTemp: => 638.9 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-11-2018 16:02:49)


Result of scheduled keys to remove after reboot:

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66FACDA5-4898-4E6C-966D-F8586AF867EB}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66FACDA5-4898-4E6C-966D-F8586AF867EB}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QIIz0RB" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB21847C-2247-4B58-BBE5-23E5ABF4A743}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB21847C-2247-4B58-BBE5-23E5ABF4A743}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9zEevHWbwdl0JlRk8VzkQ5Wvs" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA185A02-14B2-4B00-A4C3-6B67C5ADC98B}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA185A02-14B2-4B00-A4C3-6B67C5ADC98B}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB338ADA-0412-47E1-A3F2-39A2A2952C04}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB338ADA-0412-47E1-A3F2-39A2A2952C04}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1CAFC29C-5156-52AA-AB11-34C3F46291D4}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2D0A315-C9C0-4656-83B8-F994492D2EA1}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2D0A315-C9C0-4656-83B8-F994492D2EA1}" => removed successfully.

==== End of Fixlog 16:02:49 ====

#10

Debes comentar como va el problema


#11

Algo no anda bien… tarda mucho en abrir el Chrome, tarda mucho en iniciar y apagarse la PC, es como si todo reaccionara mas lento… :frowning:


#12

Reinicia el PC dos o tres veces y coméntame cómo va


#13

Está mejor después de varios reinicios, habría que utilizar alguna herramienta más para chequear que esté todo ok?


#14

El pc esta libre de infecciones, pero es normal que hasta que no se use y se reinicie algunas veces, se estabilice

  • Descarga e instala Ccleaner , si no lo tienes instalado /actualizado,

  • Durante la instalación cuando aparezcan opciones solo deja marcadas la de mostrar icono en el escritorio y uso inteligente de cookies.

  • Abres Ccleaner (En el menú Opciones/Avanzadas: Desmarca la casilla Solo borrar de las carpetas Temp de Windows los archivos de mas de 24 hrs.).

:1:Abres en Pestaña Limpiador:

En apartado >> Windows >> seleccionas:

  • Archivos temporales de Internet Explorer
  • Archivos temporales del sistema
  • Cache Dns
  • Datos antiguos de prefetch

En apartado >> Programas >> seleccionas:

  • Caches de otros navegadores que uses
  • Java

1::Ejecutas la limpieza

:2:En la pestaña registro >> Buscar Problemas >> Reparar seleccionadas

::Ejecutamos la limpieza (guardamos copia del registro cuando nos lo pida en la misma carpeta de Ccleaner ubicada en C-Archivos de programa-Ccleaner).

Pásalo varias veces que no queden errores

Descargas e instalas >> Glary Utilities

Abres en Mantenimiento un click >> buscar problemas >>Reparar

Y en Herramientas avanzadas >> Reparador de registro >> Ejecutas la reparación

Ademas usa desde Herramientas- Optimizar- Desfragmentar Discos

Comentas como va todo


#15

Muchas gracias por tu orientación @Miguelgrado creo que mejoró bastante con los últimos procesos usados con el GU, saludos, creo que ya podemos cerrar este hilo, voy a abrir otro para otra Pc que tengo pero primero quiero hacer en esa Pc los pasos de la guía de detección. Nuevamente Gracias y felicitaciones por vuestra tarea ayudandonos. :+1::clap::clap::clap:


#16

Para eliminar las herramientas usadas en la desinfección, realizas:

  • Descargas y Ejecutas >> Delfix, en tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >>;Ejecutar como Administrador.)

  • Marca solamente la casilla Remove disinfection tools

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Si queda alguna herramienta, la desinstalas desde panel de Windows y aquellas que no estén listadas, se eliminan directamente.


Me alegro de haberte podido ayudar! :+1:


TEMA SOLUCIONADO


#17

Este tema se cerró automáticamente 2 días después del último post. No se permiten nuevas respuestas.