Ventana regasm.exe


#1

Buenas noches,

Tengo el famoso problema de la ventanita regasm.exe. Aparece y desaparece cada X minutos y ya no sé qué hacer. Podríais ayudarme?

Muchas gracias por adelantado.

Ivan


#2

Hola

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

  • Realiza un Análisis de amenazas, actualizando si te lo pide.
  • Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
  • En el apartado del manual Informes :arrow_forward: Informe de análisis encontrarás el reporte de MBAM, clic en Exportar :arrow_forward: Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

  • Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus.
  • Cierra también todos los programas que tengas abiertos.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
  • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

  • Instala Ccleaner
  • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine :arrow_forward: clic en ejecutar limpiador
  • Clic en la pestaña Registro :arrow_forward: clic en buscar problemas esperas que termine :arrow_forward: clic en Reparar Seleccionadas y haces una copia de seguridad
  • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

Un saludo


#4

Buenas! Gracias por atenderme tan rápido.

Te pego el reporte de MBAM:

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 14/11/18
Hora del análisis: 20:59
Archivo de registro: da07ae78-e847-11e8-9c0c-a41f726c56e8.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.482
Versión del paquete de actualización: 1.0.7847
Licencia: Prueba

-Información del sistema-
SO: Windows 8.1
CPU: x64
Sistema de archivos: NTFS
Usuario: FAMILY\Family

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 301886
Amenazas detectadas: 13
Amenazas en cuarentena: 13
Tiempo transcurrido: 26 min, 32 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 3
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\vhost, En cuarentena, [3704], [524793],1.0.7847
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3C96A794-44C8-4012-A5E2-DA6793705107}, En cuarentena, [3704], [524793],1.0.7847
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{3C96A794-44C8-4012-A5E2-DA6793705107}, En cuarentena, [3704], [524793],1.0.7847

Valor del registro: 2
Trojan.Agent.ai, HKU\S-1-5-21-3297273063-3950669016-3409055866-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|585855e2cce3f8f92edb8105272ecd77, En cuarentena, [3747], [522757],1.0.7847
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3C96A794-44C8-4012-A5E2-DA6793705107}|PATH, En cuarentena, [3704], [524791],1.0.7847

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 1
Trojan.Agent.Generic, C:\PROGRAMDATA\585855e2cce3f8f92edb8105272ecd77, En cuarentena, [3704], [538249],1.0.7847

Archivo: 7
Trojan.Agent.Generic, C:\USERS\FAMILY\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\GOOGLEDRIVE.LNK, En cuarentena, [3704], [522370],1.0.7847
Trojan.Agent.ai, C:\PROGRAMDATA\585855E2CCE3F8F92EDB8105272ECD77\TEST.AU3, En cuarentena, [3747], [522757],1.0.7847
Trojan.Agent.ai, C:\PROGRAMDATA\585855e2cce3f8f92edb8105272ecd77\AutoIt3.exe, En cuarentena, [3747], [522757],1.0.7847
Trojan.Agent.Generic, C:\USERS\FAMILY\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\GOOGLE.LNK, En cuarentena, [3704], [522371],1.0.7847
Trojan.Agent.Generic, C:\WINDOWS\SYSTEM32\TASKS\VHOST, En cuarentena, [3704], [524793],1.0.7847
Trojan.Agent.Generic, C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\PE.bin, En cuarentena, [3704], [538249],1.0.7847
Trojan.Agent.Generic, C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\shell.txt, En cuarentena, [3704], [538249],1.0.7847

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end) 

En unos minutos te pego el otro.


#5

Y el reporte de AdwCleaner es este:


# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build:    09-25-2018
# Database: 2018-11-14.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-14-2018
# Duration: 00:00:03
# OS:       Windows 8.1
# Cleaned:  15
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\IObit\Advanced SystemCare
Deleted       C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted       C:\Users\Family\AppData\LocalLow\IObit\Advanced SystemCare
Deleted       C:\Users\Family\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\Loader|Iminent
Deleted       HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted       HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted       HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted       HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted       HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted       HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Not Deleted   HKLM\System\CurrentControlSet\Services\EventLog\Application\Iminent
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 10

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2778 octets] - [14/11/2018 22:07:49]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#6

Buenas de nuevo:

También he ejecutado CCleaner. No quiero pecar de demasiado optimista, pero llevo 20 minutos y la ventanita no ha aparecido. Es posible?

Muchas gracias!


#7

Hola

Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo


#8

Buenos días,

Adjunto Frst.txt:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.11.2018
Ran by Family (administrator) on FAMILY (15-11-2018 15:07:59)
Running from C:\Users\Family\Desktop
Loaded Profiles: Family &  (Available Profiles: UpdatusUser & Family)
Platform: Windows 8.1 (Update) (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(McAfee, LLC.) C:\Program Files\mcafee\TrueKey\McT9B9A.tmp
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\pcdrwi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(McAfee, LLC.) C:\Program Files\mcafee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(McAfee, LLC.) C:\Program Files\mcafee\TrueKey\McAfee.TrueKey.Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, LLC.) C:\Program Files\mcafee\TrueKey\McAfee.TrueKey.SmartMonitor.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70080 2015-06-16] ()
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [482024 2018-11-01] (Bitdefender)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3297273063-3950669016-3409055866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206751\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-3297273063-3950669016-3409055866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359445\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002\...\Run: [585855e2cce3f8f92edb8105272ecd77] => C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\AutoIt3.exe C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\test.au3
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206829\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206829\...\Run: [585855e2cce3f8f92edb8105272ecd77] => C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\AutoIt3.exe C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\test.au3
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359476\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359476\...\Run: [585855e2cce3f8f92edb8105272ecd77] => C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\AutoIt3.exe C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\test.au3
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [182296 2017-11-09] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar a OneNote.lnk [2015-08-19]
ShortcutTarget: Enviar a OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoogleDrive.lnk [2018-11-14]
ShortcutTarget: GoogleDrive.lnk -> C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\AutoIt3.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.18.1
Tcpip\..\Interfaces\{47BA377D-8455-48C2-91E2-53955BB247B0}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{F77C9233-A1B5-4A06-AC2C-39FF02F68353}: [DhcpNameServer] 192.168.18.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206829\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359476\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-3297273063-3950669016-3409055866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206751] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3297273063-3950669016-3409055866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359445] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-3297273063-3950669016-3409055866-1002 -> DefaultScope {B2E45E59-00E8-4647-97BF-199D06517BB8} URL = 
SearchScopes: HKU\S-1-5-21-3297273063-3950669016-3409055866-1002 -> {B2E45E59-00E8-4647-97BF-199D06517BB8} URL = 
SearchScopes: HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206829 -> DefaultScope {B2E45E59-00E8-4647-97BF-199D06517BB8} URL = 
SearchScopes: HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206829 -> {B2E45E59-00E8-4647-97BF-199D06517BB8} URL = 
SearchScopes: HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359476 -> DefaultScope {B2E45E59-00E8-4647-97BF-199D06517BB8} URL = 
SearchScopes: HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359476 -> {B2E45E59-00E8-4647-97BF-199D06517BB8} URL = 
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (Intel Security)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-10-05] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-02-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-14] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-03-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-14] (Oracle Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (Intel Security)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-10-05] (Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2018-03-13] (Microsoft Corporation)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-10-05] (Bitdefender)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (Intel Security)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-10-05] (Bitdefender)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (Intel Security)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Filter: application/x-mfe-ipt - No CLSID Value

FireFox:
========
FF DefaultProfile: mg23dmjb.default-1540414746806
FF ProfilePath: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\mg23dmjb.default-1540414746806 [2018-11-15]
FF Extension: (Adblock Plus (versión de desarrollo)) - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\mg23dmjb.default-1540414746806\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-11-15]
FF Extension: (Firefox Monitor) - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\mg23dmjb.default-1540414746806\features\{592a67eb-8313-478d-81b5-531c876345fd}\[email protected] [2018-11-14]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2018-10-05]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-09-29] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_148.dll [2018-11-14] ()
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-14] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_148.dll [2018-11-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default [2018-11-14]
CHR Extension: (Presentaciones) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-11]
CHR Extension: (Documentos) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-11]
CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-11]
CHR Extension: (MEGA) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2018-11-14]
CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-11]
CHR Extension: (Adobe Acrobat) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-06-11]
CHR Extension: (Hojas de cálculo) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-11]
CHR Extension: (Bitdefender Wallet) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2018-06-11]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-31]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-11]
CHR Extension: (Gmail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0127911542285153mcinstcleanup; C:\WINDOWS\TEMP\0127911542285153mcinst.exe [904360 2018-08-12] (McAfee, Inc.)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [779152 2018-11-01] (Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195320 2018-10-05] (Bitdefender)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-12] (Conexant Systems, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [1002816 2018-11-08] (PC-Doctor, Inc.)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [226240 2015-06-16] ()
R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [6363792 2015-07-31] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1284032 2018-07-31] (Bitdefender)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-10-25] (Dell Inc.)
R2 TrueKey; C:\Program Files\mcafee\TrueKey\McAfee.TrueKey.Service.exe [355280 2018-10-10] (McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\mcafee\TrueKey\McTkSchedulerService.exe [355280 2018-10-10] (McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [193656 2018-10-10] (McAfee, LLC.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [112144 2018-11-01] (Bitdefender)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1156824 2015-10-13] (VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [261776 2015-05-08] (VMware)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [804144 2018-11-01] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [533208 2015-10-14] (VMware, Inc.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1292296 2018-10-17] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1723552 2018-05-23] (BitDefender)
R2 BdDci; C:\WINDOWS\System32\DRIVERS\bddci.sys [156912 2018-11-01] (Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-05-23] (Bitdefender)
S3 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [45728 2018-10-17] (© Bitdefender SRL)
S3 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96448 2018-05-23] (BitDefender)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2018-05-08] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-10-18] (Malwarebytes)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [193184 2018-10-05] (BitDefender LLC)
S3 Ignis; C:\WINDOWS\System32\DRIVERS\ignis.sys [191592 2018-05-23] (Bitdefender)
S3 IntcDAud; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [342528 2012-06-19] (Intel(R) Corporation) [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-11-14] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [119136 2018-11-14] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63768 2018-11-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-14] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [111152 2018-11-15] (Malwarebytes)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [609576 2018-08-05] (Bitdefender)
S3 usbrndis6; C:\WINDOWS\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-15 15:07 - 2018-11-15 15:09 - 000028597 _____ C:\Users\Family\Desktop\FRST.txt
2018-11-15 15:04 - 2018-11-15 15:04 - 002416128 _____ (Farbar) C:\Users\Family\Desktop\FRST64.exe
2018-11-15 13:32 - 2018-11-15 13:32 - 000111152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-11-14 22:13 - 2018-11-14 22:13 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-14 22:13 - 2018-11-14 22:13 - 000119136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-11-14 22:13 - 2018-11-14 22:13 - 000063768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-11-14 21:45 - 2018-11-15 13:35 - 000000000 ____D C:\ProgramData\585855e2cce3f8f92edb8105272ecd77
2018-11-14 21:18 - 2018-11-15 15:07 - 000000000 ____D C:\Users\Family\AppData\Local\CrashDumps
2018-11-14 21:18 - 2018-11-14 21:18 - 000000000 ____D C:\Users\Family\AppData\Local\mbamtray
2018-11-14 20:58 - 2018-11-14 20:58 - 007592144 _____ (Malwarebytes) C:\Users\Family\Desktop\adwcleaner_7.2.4.0.exe
2018-11-14 20:57 - 2018-11-14 20:57 - 000000000 ____D C:\Users\Family\AppData\Local\mbam
2018-11-14 20:56 - 2018-11-14 20:56 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-11-14 20:56 - 2018-11-14 20:56 - 000001893 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-14 20:56 - 2018-11-14 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-14 20:56 - 2018-11-14 20:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-14 20:56 - 2018-11-14 20:56 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-14 20:56 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-14 15:03 - 2018-11-14 20:50 - 000000000 ____D C:\Users\Family\AppData\Local\AVAST Software
2018-11-14 15:02 - 2018-11-14 15:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-11-14 14:59 - 2018-11-14 14:59 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-11-14 14:57 - 2018-11-14 20:50 - 000000000 ____D C:\ProgramData\AVAST Software
2018-11-14 14:57 - 2018-11-14 14:57 - 000003870 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-11-14 13:09 - 2018-11-14 13:09 - 000000000 ____D C:\Users\Family\AppData\Roaming\Sun
2018-11-14 13:09 - 2018-11-14 13:08 - 000110968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-11-14 13:08 - 2018-11-14 13:08 - 000000000 ____D C:\Program Files\Java
2018-11-14 11:26 - 2018-11-02 21:48 - 000835168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-14 11:26 - 2018-11-02 21:48 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-14 11:16 - 2018-10-25 01:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2018-11-14 11:16 - 2018-10-25 01:51 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2018-11-14 11:16 - 2018-10-25 01:46 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-14 11:16 - 2018-10-25 01:45 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-14 11:16 - 2018-10-18 03:48 - 025737728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-14 11:16 - 2018-10-18 03:17 - 020281344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-14 11:16 - 2018-10-16 04:46 - 007371720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-14 11:16 - 2018-10-16 04:39 - 002171800 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-14 11:16 - 2018-10-16 04:39 - 001662504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-14 11:16 - 2018-10-16 04:39 - 001063368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-14 11:16 - 2018-10-16 04:18 - 001137472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-14 11:16 - 2018-10-16 04:02 - 001563584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-14 11:16 - 2018-10-16 04:02 - 001214920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-14 11:16 - 2018-10-12 21:35 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-14 11:16 - 2018-10-12 21:26 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-14 11:16 - 2018-10-12 21:25 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2018-11-14 11:16 - 2018-10-12 21:22 - 002295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-11-14 11:16 - 2018-10-12 21:17 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-11-14 11:16 - 2018-10-12 21:16 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2018-11-14 11:16 - 2018-10-12 21:16 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2018-11-14 11:16 - 2018-10-12 21:03 - 004494848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-14 11:16 - 2018-10-12 21:00 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-11-14 11:16 - 2018-10-12 20:59 - 013680640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-14 11:16 - 2018-10-12 20:57 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-11-14 11:16 - 2018-10-12 20:56 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-11-14 11:16 - 2018-10-12 20:51 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-14 11:16 - 2018-10-12 20:47 - 001049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-11-14 11:16 - 2018-10-12 20:42 - 004386816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-11-14 11:16 - 2018-10-12 20:38 - 001330176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-14 11:16 - 2018-10-12 20:36 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-11-14 11:16 - 2018-10-12 03:16 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dispex.dll
2018-11-14 11:16 - 2018-10-12 03:12 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-11-14 11:16 - 2018-10-12 03:10 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-14 11:16 - 2018-10-12 03:10 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2018-11-14 11:16 - 2018-10-12 03:01 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-11-14 11:16 - 2018-10-12 02:59 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-14 11:16 - 2018-10-12 02:59 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-11-14 11:16 - 2018-10-12 02:58 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2018-11-14 11:16 - 2018-10-12 02:58 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2018-11-14 11:16 - 2018-10-12 02:35 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-11-14 11:16 - 2018-10-12 02:30 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-11-14 11:16 - 2018-10-12 02:27 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-11-14 11:16 - 2018-10-12 02:27 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-11-14 11:16 - 2018-10-12 02:25 - 015283712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-14 11:16 - 2018-10-12 02:19 - 004859904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-11-14 11:16 - 2018-10-12 02:17 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-14 11:16 - 2018-10-12 02:12 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-11-14 11:16 - 2018-10-12 02:06 - 001555968 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-14 11:16 - 2018-10-12 01:55 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-11-14 11:16 - 2018-10-06 19:14 - 001547192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-14 11:16 - 2018-10-06 19:14 - 000388536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-14 11:16 - 2018-10-06 19:04 - 001308976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-14 11:16 - 2018-10-06 19:03 - 000356288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-14 11:16 - 2018-10-06 17:48 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-11-14 11:16 - 2018-10-06 16:41 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-11-14 11:16 - 2018-10-06 16:34 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-11-14 11:16 - 2018-10-06 16:32 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-14 11:16 - 2018-09-28 14:38 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-14 11:16 - 2018-09-28 14:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-14 11:16 - 2018-09-23 17:47 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-14 11:16 - 2018-09-23 17:45 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-11-14 11:16 - 2018-09-23 17:45 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2018-11-14 11:16 - 2018-09-23 17:37 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-14 11:16 - 2018-09-23 17:24 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-14 11:16 - 2018-09-23 17:23 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2018-11-14 11:16 - 2018-09-23 17:23 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-14 11:16 - 2018-09-23 17:20 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-14 11:16 - 2018-09-23 17:17 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-14 11:16 - 2018-09-23 17:00 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-11-14 11:16 - 2018-09-23 17:00 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-11-14 11:16 - 2018-09-23 16:58 - 000904192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-14 11:16 - 2018-09-23 16:56 - 002551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-14 11:16 - 2018-09-23 16:53 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2018-11-14 11:16 - 2018-09-23 16:51 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-14 11:16 - 2018-09-23 16:50 - 000709632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-14 11:16 - 2018-09-12 19:30 - 000137008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-11-14 11:16 - 2018-09-11 16:30 - 003718144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-14 11:16 - 2018-08-26 04:38 - 001200640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-14 11:16 - 2018-08-26 04:38 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-11-14 11:16 - 2018-08-26 04:21 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-14 11:16 - 2018-08-26 04:21 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-11-14 11:16 - 2018-08-26 02:45 - 000513448 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-14 11:16 - 2018-08-26 02:45 - 000513448 _____ C:\WINDOWS\system32\locale.nls
2018-11-14 11:16 - 2018-08-21 14:39 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-14 11:16 - 2018-08-21 14:35 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-14 11:16 - 2018-08-19 17:22 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-11-14 11:16 - 2018-08-19 16:52 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-14 11:16 - 2018-08-19 16:43 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-11-14 00:24 - 2018-11-14 00:24 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-08 01:10 - 2018-11-08 01:10 - 000002194 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2018-11-01 17:58 - 2018-11-01 17:58 - 000156912 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2018-10-24 21:59 - 2018-10-24 21:59 - 000000000 ____D C:\Users\Family\Desktop\Datos antiguos de Firefox
2018-10-17 13:24 - 2018-10-17 13:24 - 000045728 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
2018-10-17 13:21 - 2018-10-17 13:21 - 001292296 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-15 15:07 - 2018-04-13 13:51 - 000000000 ____D C:\FRST
2018-11-15 15:05 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache
2018-11-15 15:04 - 2013-08-28 14:47 - 000000000 ____D C:\Users\Family\AppData\Roaming\BitTorrent
2018-11-15 15:03 - 2017-04-14 13:30 - 000000000 ____D C:\Users\Family\AppData\LocalLow\Mozilla
2018-11-15 14:53 - 2013-11-21 15:47 - 001825894 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-15 14:53 - 2013-09-30 04:47 - 000805058 _____ C:\WINDOWS\system32\perfh00A.dat
2018-11-15 14:53 - 2013-09-30 04:47 - 000164494 _____ C:\WINDOWS\system32\perfc00A.dat
2018-11-15 14:53 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2018-11-15 14:18 - 2013-08-28 13:53 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3297273063-3950669016-3409055866-1002
2018-11-15 13:41 - 2013-08-21 22:40 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2018-11-15 13:37 - 2017-11-05 11:58 - 000003648 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2018-11-15 13:35 - 2013-11-21 15:54 - 000000000 __RDO C:\Users\Family\SkyDrive
2018-11-15 13:33 - 2016-09-09 16:49 - 000001140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2018-11-15 13:33 - 2016-09-09 16:49 - 000001126 _____ C:\Users\Public\Desktop\True Key.lnk
2018-11-15 13:31 - 2016-09-09 16:47 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-11-15 00:40 - 2013-11-21 15:35 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-14 22:24 - 2013-08-29 13:54 - 000000000 ____D C:\Users\Family\AppData\Roaming\Media Player Classic
2018-11-14 22:13 - 2018-02-11 13:43 - 000000000 ___HD C:\FAMILY
2018-11-14 22:11 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-14 22:08 - 2018-04-16 18:25 - 000000000 ____D C:\Users\Family\AppData\Roaming\IObit
2018-11-14 22:08 - 2018-04-16 18:25 - 000000000 ____D C:\Users\Family\AppData\LocalLow\IObit
2018-11-14 22:08 - 2018-04-16 18:24 - 000000000 ____D C:\ProgramData\IObit
2018-11-14 22:08 - 2014-11-04 13:35 - 000086713 _____ C:\bdlog.txt
2018-11-14 22:07 - 2018-04-10 00:29 - 000000000 ____D C:\AdwCleaner
2018-11-14 20:52 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2018-11-14 20:36 - 2015-08-08 19:22 - 000003974 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F7622AE3-8EAF-419F-B519-EAFFBEC1BAC9}
2018-11-14 15:46 - 2013-08-22 09:04 - 000000000 __SHD C:\System Recovery
2018-11-14 15:09 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-11-14 15:07 - 2014-06-03 12:57 - 000000136 _____ C:\WINDOWS\ODBC.INI
2018-11-14 14:57 - 2018-04-09 23:18 - 000000838 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-14 14:57 - 2014-01-11 14:37 - 000000000 ____D C:\Program Files\CCleaner
2018-11-14 13:12 - 2014-01-03 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-11-14 13:12 - 2014-01-03 13:17 - 000000000 ____D C:\Program Files (x86)\Java
2018-11-14 12:59 - 2013-08-22 15:44 - 000512496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-14 11:31 - 2012-07-26 08:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-14 11:26 - 2013-08-28 18:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-14 11:20 - 2013-08-28 18:22 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-14 00:25 - 2018-03-13 12:21 - 000004490 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-14 00:25 - 2015-03-28 01:37 - 000004296 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-14 00:25 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-14 00:25 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-14 00:16 - 2018-02-11 13:43 - 000000000 ____D C:\Users\Family\AppData\Roaming\9d313207346078739ab9fa2e85973128
2018-11-10 13:37 - 2018-06-11 12:45 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-10 13:37 - 2018-06-11 12:45 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-09 20:15 - 2014-02-26 16:29 - 000007911 _____ C:\WINDOWS\BRRBCOM.INI
2018-11-09 20:13 - 2013-08-28 13:35 - 000000000 ____D C:\Users\Family\AppData\Local\Packages
2018-11-09 17:34 - 2013-08-21 22:35 - 000000000 ____D C:\ProgramData\PCDr
2018-11-08 01:13 - 2018-05-18 21:25 - 000004206 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2018-11-08 01:10 - 2013-08-21 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-11-08 01:08 - 2017-06-27 12:36 - 000000000 ____D C:\ProgramData\SupportAssist
2018-11-07 10:03 - 2017-04-14 13:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-07 10:03 - 2015-01-14 13:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-03 20:28 - 2015-01-14 13:09 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-10-31 15:34 - 2013-08-22 16:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-31 15:32 - 2015-05-23 12:54 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-10-29 13:51 - 2014-11-03 13:57 - 000000000 ____D C:\ProgramData\McAfee
2018-10-29 13:50 - 2013-08-21 22:45 - 000000000 ____D C:\Program Files\mcafee
2018-10-24 13:39 - 2014-11-03 14:31 - 000000000 ____D C:\ProgramData\BDLogging

==================== Files in the root of some directories =======

2018-04-11 00:45 - 2018-04-11 00:45 - 008300544 ____H () C:\Users\Family\AppData\Roaming\chromedriver.exe
2018-04-11 00:45 - 2018-04-11 00:45 - 001590784 ____H () C:\Users\Family\AppData\Roaming\chromeUpdater.exe
2018-03-27 01:10 - 2018-04-05 13:32 - 000000168 _____ () C:\Users\Family\AppData\Roaming\logs.tmp
2018-03-27 01:10 - 2014-05-27 05:39 - 000053248 ____H (Microsoft Corporation) C:\Users\Family\AppData\Roaming\regasm.exe
2018-03-16 15:06 - 2018-03-16 15:06 - 000000000 _____ () C:\Users\Family\AppData\Local\{25047587-B592-469B-B4F8-FF3375111A27}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-15 14:19

==================== End of FRST.txt ============================

#9

Y Addition.txt:


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.11.2018
Ran by Family (15-11-2018 15:10:04)
Running from C:\Users\Family\Desktop
Windows 8.1 (Update) (X64) (2013-11-21 14:51:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3297273063-3950669016-3409055866-500 - Administrator - Disabled)
Family (S-1-5-21-3297273063-3950669016-3409055866-1002 - Administrator - Enabled) => C:\Users\Family
HomeGroupUser$ (S-1-5-21-3297273063-3950669016-3409055866-1004 - Limited - Enabled)
Invitado (S-1-5-21-3297273063-3950669016-3409055866-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3297273063-3950669016-3409055866-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus (Enabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.148 - Adobe Systems Incorporated)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 22.0.12.161 - Bitdefender)
Brother MFL-Pro Suite DCP-J132W (HKLM-x32\...\{B742757A-7658-4E09-A51A-085CF0F7F4D3}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.12.0 - Conexant)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
Galería de fotos (HKLM-x32\...\{8F7FECEC-088F-431D-A5FB-2B59E1E69943}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.102 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
K-Lite Codec Pack 10.0.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - )
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.1.230.7 - McAfee, LLC)
Microsoft Office 365 ProPlus - es-es (HKLM\...\O365ProPlusRetail - es-es) (Version: 15.0.5075.1001 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3297273063-3950669016-3409055866-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206829\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359476\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 63.0.1 (x64 es-ES) (HKLM\...\Mozilla Firefox 63.0.1 (x64 es-ES)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.1.6877 - Mozilla)
NVIDIA Controlador de audio HD 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5075.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5075.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0C0A-0000-0000000FF1CE}) (Version: 15.0.5075.1001 - Microsoft Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{556A5D7B-54F4-4D0D-8114-742A60105CDC}) (Version: 4.10.9764 - Apache Software Foundation)
Panel de control de NVIDIA 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.13 - NVIDIA Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PC Brother Memory Optimization Free v1.1.1.37 (HKLM-x32\...\PC Brother Memory Optimization Free_is1) (Version:  - VeeCan Software Ltd.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TomTom MyDrive Connect 4.1.6.3253 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.6.3253 - TomTom)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Horizon Client (HKLM\...\{C7F8E8FA-0832-427E-B2B1-ABF6F8495C35}) (Version: 3.5.2.30397 - VMware, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3297273063-3950669016-3409055866-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Family\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3297273063-3950669016-3409055866-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Family\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3297273063-3950669016-3409055866-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Family\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3297273063-3950669016-3409055866-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Family\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} =>  -> No File
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} =>  -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-12-10] (Cyberlink)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-12-10] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2013-10-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05FE37DD-D2AB-4C43-B9F5-1AD5C7921218} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {20B098EC-F2C4-456B-A735-3E18D52F4602} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {39E6D22D-191E-4F3A-99B1-5F47B4988F36} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2018-03-13] (Microsoft Corporation)
Task: {44AE8DD3-74C9-4309-ACC3-A32FF671D73D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-14] (Adobe Systems Incorporated)
Task: {493B8344-6C97-422A-AD12-A1E8BE5234FF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {4B88341A-BED2-440B-9621-313AC9EBAF9F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {5819EBCE-1286-418B-8AD2-68D5B8C3BCC2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-14] (AVAST Software) <==== ATTENTION
Task: {653A402C-545A-4661-B478-FD5B4E93A419} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {6D39929B-9677-4265-AF03-A57C3B09BDE6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)
Task: {75ED36F7-C5A0-42AF-BB90-0BA5B736443A} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8d41df08cbbc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {A532A9F0-5F45-4E2E-8972-F77A270012F7} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-10-25] (Dell Inc.)
Task: {A59E5129-7844-4E22-A132-FB1E6C584D7F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_148_Plugin.exe [2018-11-14] (Adobe Systems Incorporated)
Task: {C3D600C6-C357-48A0-AEDC-111DFF986878} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {CC9C95BC-7C25-4A4D-AA96-ABFDCBBB0BF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {DACF96EE-8898-43A6-A004-D66D3B60FF68} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {F21E66B0-694D-47AE-86C6-AA1C48612428} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-07-31] (Bitdefender)
Task: {FD248D77-2A83-4EFA-96A6-608627DB8586} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-11-14 15:22 - 2018-11-14 15:22 - 000994752 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_005\ashttpbr.mdl
2018-11-14 15:22 - 2018-11-14 15:22 - 000544880 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_005\ashttpdsp.mdl
2018-11-14 15:22 - 2018-11-14 15:22 - 003240080 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_005\ashttpph.mdl
2018-11-14 15:22 - 2018-11-14 15:22 - 001530368 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_02951_005\ashttprbl.mdl
2015-05-23 12:54 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-16 11:10 - 2015-06-16 11:10 - 000226240 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
2015-07-31 15:42 - 2015-07-31 15:42 - 006363792 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
2013-08-21 22:39 - 2012-04-25 03:43 - 000254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-02-26 16:29 - 2005-04-22 05:36 - 000143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll
2018-11-14 20:56 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-11-14 20:56 - 2018-10-18 08:44 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-11-08 01:12 - 2018-11-08 01:12 - 002587976 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\libprotobuf.dll
2018-11-06 17:14 - 2018-11-06 17:14 - 000100936 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll
2015-06-16 11:04 - 2015-06-16 11:04 - 000239552 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll
2014-02-26 16:29 - 2009-02-27 16:38 - 000139264 ____N () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-03-16 10:28 - 2015-03-16 10:28 - 000155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2018-11-14 13:36 - 2018-11-14 13:36 - 000016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\dc0da6814e96f6c56ed822ad1534deff\PSIClient.ni.dll
2013-08-21 22:31 - 2012-07-18 20:55 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-08-21 22:38 - 2012-06-08 04:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-01-05 18:17 - 2015-12-19 00:52 - 001607920 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-08-21 22:41 - 2012-11-25 22:19 - 001153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-02-26 17:07 - 2014-02-18 19:12 - 000117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2018-11-15 14:37 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3297273063-3950669016-3409055866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206751\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3297273063-3950669016-3409055866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359445\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\Pictures\Wallpapers\Paisaje de Alaska.jpg
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206829\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\Pictures\Wallpapers\Paisaje de Alaska.jpg
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359476\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\Pictures\Wallpapers\Paisaje de Alaska.jpg
DNS Servers: 192.168.18.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "VMware Netlink 3 HV Install Utility"
HKLM\...\StartupApproved\Run32: => "IMSS"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002\...\StartupApproved\StartupFolder: => "Enviar a OneNote.lnk"
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206829\...\StartupApproved\StartupFolder: => "Enviar a OneNote.lnk"
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206829\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359476\...\StartupApproved\StartupFolder: => "Enviar a OneNote.lnk"
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359476\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3FBE7598-3FB0-4F3F-A3B4-0AF48386CC26}] => (Allow) C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6AEC4771-A402-4569-9395-0D35C327F911}] => (Allow) C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{375D146C-67CC-4A74-86AF-2C62A7FF3BDD}] => (Allow) LPort=1900
FirewallRules: [{818CD5CF-B332-477E-ADB0-560F012AB703}] => (Allow) LPort=2869
FirewallRules: [{DA6E1C5F-9B5E-4EF3-B5CE-746F794DCF69}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{62F2C16F-F859-4535-8282-7476F4D3C093}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{22482DA5-5013-4747-8994-2F20562E4C89}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{794D045B-854B-411D-BC33-C74F1DCE1655}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{AD578537-F799-470E-95FB-691A9288D310}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{684FE34C-A6EB-485D-B828-46CACC91E300}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BAF2A44A-6CB2-4FB4-8DCA-5356BC3CE883}] => (Allow) C:\Users\Family\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{B7EC8F73-544D-4665-AA30-B91BD5366FC6}] => (Allow) LPort=54925
FirewallRules: [{83A4834D-2421-4907-B5DB-F24808576E73}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3EB47970-9F45-4BA9-BFCE-1C04092C8AB3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3FDCAABA-0877-460B-A1AC-B370AAEA65DD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5C8BFFFE-B72C-4094-8322-663BD3C7178E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{569E93CE-571A-4245-AE27-3C8A971D871B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FBD9F6A1-333E-45C6-935D-05487CB70F40}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{85426931-AC2C-407E-9501-4A2EDDC85F56}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{2F284F48-95D9-4E18-8E36-D7F4FFC8328D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [TCP Query User{E512BA63-5409-47EA-B208-0D0B6A4E435D}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [UDP Query User{8C833B33-2888-40E4-88A1-A3484B3F7786}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [{36813AF0-E203-4DD5-AFB2-87C840D36338}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{01851AE1-65BC-4C41-AC63-FC8241649242}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{15AF819A-2B51-4DBE-993C-68F219EFBC7C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B1555887-94D6-4475-BE62-9E3013AB9958}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{E1F3FC2F-08D2-4313-BBC1-4CAFCDA983BB}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{F71C2FDE-5C46-44DB-9A37-1EF5822E457A}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{E22C0687-5FED-48A2-8125-2C92DDF2468A}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{94A9CCFB-F2EB-4B6C-9F5E-6744918C72F6}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{0B711663-B834-4CD7-BC84-1B01C1B20B64}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{8ABE87A3-9240-4200-BA65-2A0D32ABDDFD}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{6AEF9133-97B6-4E95-AA79-F710871EDE7D}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{7A3BCFD2-A0AD-4301-A818-26CCE4BE444A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5B382305-2100-4B40-8875-8B895C4E2C10}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F44665FA-0614-448D-92AA-88194DD2FD82}] => (Allow) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
FirewallRules: [{7C39DAC3-DA0D-4748-A0B1-AD8E0E0C01A3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F1D90587-AECD-4263-8670-5D086373537A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{D9104FCF-29F6-47DC-8F16-37F8F6B14360}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2018 03:07:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: ERUNT.exe, versión: 0.0.0.0, marca de tiempo: 0x2a425e19
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc00000fd
Desplazamiento de errores: 0xaa552600
Identificador del proceso con errores: 0x23ac
Hora de inicio de la aplicación con errores: 0x01d47cec91ba1579
Ruta de acceso de la aplicación con errores: C:\WINDOWS\ERUNT.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: d8b41883-e8df-11e8-bf55-a41f726c56e8
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/15/2018 03:07:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: ERUNT.exe, versión: 0.0.0.0, marca de tiempo: 0x2a425e19
Nombre del módulo con errores: ERUNT.exe, versión: 0.0.0.0, marca de tiempo: 0x2a425e19
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00003a38
Identificador del proceso con errores: 0x23ac
Hora de inicio de la aplicación con errores: 0x01d47cec91ba1579
Ruta de acceso de la aplicación con errores: C:\WINDOWS\ERUNT.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\ERUNT.exe
Identificador del informe: d724505a-e8df-11e8-bf55-a41f726c56e8
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/15/2018 12:40:15 AM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Se produjo una excepción en el destino de la invocación. ---> System.MissingMethodException: Método no encontrado: 'Windows.UI.Notifications.ToastNotificationHistory Windows.UI.Notifications.ToastNotificationManager.get_History()'.
   en Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext()
   en System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine)
   en Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall()
   en Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription)
   --- Fin del seguimiento de la pila de la excepción interna ---
   en System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   en System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
   en System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   en Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription)
   en Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription)

Error: (11/14/2018 10:08:43 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Se produjo una excepción en el destino de la invocación. ---> System.MissingMethodException: Método no encontrado: 'Windows.UI.Notifications.ToastNotificationHistory Windows.UI.Notifications.ToastNotificationManager.get_History()'.
   en Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext()
   en System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine)
   en Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall()
   en Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription)
   --- Fin del seguimiento de la pila de la excepción interna ---
   en System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   en System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
   en System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   en Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription)
   en Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription)

Error: (11/14/2018 08:56:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbamtray.exe, versión: 3.1.0.1644, marca de tiempo: 0x5bc8b2d1
Nombre del módulo con errores: Qt5Core.dll, versión: 5.11.1.0, marca de tiempo: 0x5b9bc256
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0019d749
Identificador del proceso con errores: 0x3fc
Hora de inicio de la aplicación con errores: 0x01d47c5427babf47
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Identificador del informe: 6a56fa1b-e847-11e8-bf53-a41f726c56e8
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/14/2018 08:48:25 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Se produjo una excepción en el destino de la invocación. ---> System.MissingMethodException: Método no encontrado: 'Windows.UI.Notifications.ToastNotificationHistory Windows.UI.Notifications.ToastNotificationManager.get_History()'.
   en Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext()
   en System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine)
   en Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall()
   en Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription)
   --- Fin del seguimiento de la pila de la excepción interna ---
   en System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   en System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
   en System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   en Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription)
   en Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription)

Error: (11/14/2018 08:17:00 PM) (Source: SupportAssistAgent) (EventID: 0) (User: )
Description: An exception occurred in session change of service start: System.Reflection.TargetInvocationException: Se produjo una excepción en el destino de la invocación. ---> System.MissingMethodException: Método no encontrado: 'Windows.UI.Notifications.ToastNotificationHistory Windows.UI.Notifications.ToastNotificationManager.get_History()'.
   en Dell.Services.SupportAssist.Notification.Command.NotificationCommand.<DeleteNotificationWhileUninstall>d__23.MoveNext()
   en System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[TStateMachine](TStateMachine& stateMachine)
   en Dell.Services.SupportAssist.Notification.Command.NotificationCommand.DeleteNotificationWhileUninstall()
   en Dell.Services.SupportAssist.Notification.Command.NotificationCommand.ShowNotificationsOnSessionUnlock(SessionChangeDescription changeDescription)
   --- Fin del seguimiento de la pila de la excepción interna ---
   en System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   en System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
   en System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   en Dell.Services.SupportAssist.SupportAssistAgent.BootStrapperMinimized.SessionChangeAction(SessionChangeDescription changeDescription)
   en Dell.Services.SupportAssist.SupportAssistAgent.SupportAssistAgent.OnSessionChange(SessionChangeDescription changeDescription)

Error: (11/14/2018 03:45:04 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: FAMILY)
Description: No se pudo cerrar la aplicación o el servicio 'Explorador de Windows'.


System errors:
=============
Error: (11/14/2018 10:15:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio NVIDIA Update Service Daemon no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio debido a un error en el inicio de sesión.

Error: (11/14/2018 10:15:50 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: El servicio nvUpdatusService no se pudo iniciarse como .\UpdatusUser con la contraseña configurada actualmente debido al siguiente error: 
El nombre de usuario o la contraseña no son correctos.


Para asegurarse de que el servicio esté correctamente configurado, use el complemento Servicios en Microsoft Management Console (MMC).

Error: (11/14/2018 10:11:13 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: La DLL de notificación de contraseña "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter" no se pudo cargar y dio el error 126. Compruebe que la ruta de acceso de la DLL de notificación definida en el registro, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, haga referencia a una ruta de acceso correcta y absoluta (<unidad>:\<ruta de acceso>\<nombre de archivo>.<ext>) y no a una ruta de acceso relativa o no válida. Si la ruta de acceso de la DLL es correcta, valide que los archivos auxiliares se encuentren en el mismo directorio, y que la cuenta del sistema tenga acceso de lectura tanto en la ruta de acceso de la DLL, como en los archivos auxiliares. Póngase en contacto con el proveedor de la DLL de notificación para obtener soporte adicional. Si desea obtener más detalles visite http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (11/14/2018 10:11:13 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: La DLL de notificación de contraseña "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" no se pudo cargar y dio el error 126. Compruebe que la ruta de acceso de la DLL de notificación definida en el registro, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, haga referencia a una ruta de acceso correcta y absoluta (<unidad>:\<ruta de acceso>\<nombre de archivo>.<ext>) y no a una ruta de acceso relativa o no válida. Si la ruta de acceso de la DLL es correcta, valide que los archivos auxiliares se encuentren en el mismo directorio, y que la cuenta del sistema tenga acceso de lectura tanto en la ruta de acceso de la DLL, como en los archivos auxiliares. Póngase en contacto con el proveedor de la DLL de notificación para obtener soporte adicional. Si desea obtener más detalles visite http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (11/14/2018 10:11:13 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: La DLL de notificación de contraseña C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter no se pudo cargar y dio el error 126. Compruebe que la ruta de acceso de la DLL de notificación definida en el registro, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, haga referencia a una ruta de acceso correcta y absoluta (<unidad>:\<ruta de acceso>\<nombre de archivo>.<ext>) y no a una ruta de acceso relativa o no válida. Si la ruta de acceso de la DLL es correcta, valide que los archivos auxiliares se encuentren en el mismo directorio, y que la cuenta del sistema tenga acceso de lectura tanto en la ruta de acceso de la DLL, como en los archivos auxiliares. Póngase en contacto con el proveedor de la DLL de notificación para obtener soporte adicional. Si desea obtener más detalles visite http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (11/14/2018 10:09:44 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: El administrador de recursos de transacción en el volumen \\?\Volume{0bb5ec5e-f5ac-416d-b3d3-87cc2c3a94b3} detectó un error irreproducible y no se pudo iniciar. Los datos contienen el código de error.

Error: (11/14/2018 10:09:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (60000 ms) para la respuesta de transacción del servicio VSSERV.

Error: (11/14/2018 10:08:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Dell Data Vault Collector se terminó de manera inesperada. Esto ha sucedido 1 veces.


Windows Defender:
===================================
Date: 2014-11-03 14:22:41.889
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {B64692DE-176B-47A7-BBB8-1E34893A5BCE}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2014-11-03 13:53:22.565
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {A6AA984A-B0B8-4E92-9BD2-BAF57FF13C0E}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2013-10-11 22:04:57.038
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {BBAD60E0-952F-4692-88D4-C027CCE5E3C6}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2013-10-08 21:45:37.413
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {D2F1E822-0B94-41A3-B0B5-DCF5D63C208D}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2013-10-08 21:34:04.222
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {86B3BCA8-AA90-4B2F-B3EA-F54FC80C55B6}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2017-11-05 12:13:36.131
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará revertirlas a un conjunto de firmas conocidas.
Firmas intentadas: Copia de seguridad
Código de error: 0x80073aba
Descripción del error: El recurso es demasiado antiguo para ser compatible. 
Versión de firma: 1.159.1912.0;1.159.1912.0
Versión de motor: 1.1.9901.0

Date: 2017-11-05 12:08:14.279
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará revertirlas a un conjunto de firmas conocidas.
Firmas intentadas: Copia de seguridad
Código de error: 0x80073aba
Descripción del error: El recurso es demasiado antiguo para ser compatible. 
Versión de firma: 1.159.1912.0;1.159.1912.0
Versión de motor: 1.1.9901.0

Date: 2017-11-05 12:08:14.014
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará revertirlas a un conjunto de firmas conocidas.
Firmas intentadas: Actual
Código de error: 0x80073aba
Descripción del error: El recurso es demasiado antiguo para ser compatible. 
Versión de firma: 1.187.1179.0;1.187.1179.0
Versión de motor: 1.1.11104.0

Date: 2014-11-03 13:51:40.110
Description: 
La característica Protección en tiempo real de Windows Defender encontró un error:
Característica: Sistema de inspección de red
Código de error: 0x80004005
Descripción del error: Error no especificado 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2014-11-03 13:47:20.480
Description: 
La característica Protección en tiempo real de Windows Defender encontró un error:
Característica: Sistema de inspección de red
Código de error: 0x80070002
Descripción del error: El sistema no puede encontrar el archivo especificado. 
Motivo: El sistema no tiene las actualizaciones necesarias para ejecutar el Sistema de inspección de red. Instale las actualizaciones requeridas y reinicie el equipo.

CodeIntegrity:
===================================

Date: 2018-11-14 22:11:08.852
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-14 21:49:25.048
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-14 20:51:19.070
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-14 16:09:11.332
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-14 15:11:25.478
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-14 12:59:34.198
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-07 10:04:54.793
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-10-23 14:44:44.208
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 69%
Total physical RAM: 3970.02 MB
Available physical RAM: 1193.29 MB
Total Virtual: 6402.02 MB
Available Virtual: 1539.9 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.67 GB) (Free:108.66 GB) NTFS
Drive d: (ESP) (Fixed) (Total:0.48 GB) (Free:0.44 GB) FAT32
Drive x: (Winretools) (Fixed) (Total:0.88 GB) (Free:0.6 GB) NTFS

\\?\Volume{6b05421a-c329-4ce4-bf84-fb2dd12cbc01}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.2 GB) NTFS
\\?\Volume{0bb5ec5e-f5ac-416d-b3d3-87cc2c3a94b3}\ () (Fixed) (Total:0.34 GB) (Free:0 GB) NTFS
\\?\Volume{8fdcf826-63c1-4b1b-8389-6212257330e7}\ (PBR Image) (Fixed) (Total:14.49 GB) (Free:0.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B83EF577)

Partition: GPT.

==================== End of Addition.txt ============================

#10

Y añadir otra cosa: de momento la ventanita no ha vuelto a aparecer.


#11

Hola

Aunque ya no aparezca la ventana, todavía queda rastro, aparte de alguna otra infección.

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002\...\Run: [585855e2cce3f8f92edb8105272ecd77] => C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\AutoIt3.exe C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\test.au3
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206829\...\Run: [585855e2cce3f8f92edb8105272ecd77] => C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\AutoIt3.exe C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\test.au3
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359476\...\Run: [585855e2cce3f8f92edb8105272ecd77] => C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\AutoIt3.exe C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\test.au3
ShortcutTarget: GoogleDrive.lnk -> C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\AutoIt3.exe (No File)
URLSearchHook: [S-1-5-21-3297273063-3950669016-3409055866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206751] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3297273063-3950669016-3409055866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359445] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-3297273063-3950669016-3409055866-1002 -> DefaultScope {B2E45E59-00E8-4647-97BF-199D06517BB8} URL = 
SearchScopes: HKU\S-1-5-21-3297273063-3950669016-3409055866-1002 -> {B2E45E59-00E8-4647-97BF-199D06517BB8} URL = 
Filter: application/x-mfe-ipt - No CLSID Value
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff => not found
CHR Extension: (Chrome Media Router) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-11]
U3 aswbdisk; no ImagePath
2018-11-14 21:45 - 2018-11-15 13:35 - 000000000 ____D C:\ProgramData\585855e2cce3f8f92edb8105272ecd77
2018-11-14 00:16 - 2018-02-11 13:43 - 000000000 ____D C:\Users\Family\AppData\Roaming\9d313207346078739ab9fa2e85973128
2018-03-27 01:10 - 2014-05-27 05:39 - 000053248 ____H (Microsoft Corporation) C:\Users\Family\AppData\Roaming\regasm.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} =>  -> No File
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} =>  -> No File
Task: {5819EBCE-1286-418B-8AD2-68D5B8C3BCC2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-14] (AVAST Software) <==== ATTENTION

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo


#12

Buenas,

Copio fixlog.txt.


Fix result of Farbar Recovery Scan Tool (x64) Version: 15.11.2018
Ran by Family (18-11-2018 16:08:12) Run:1
Running from C:\Users\Family\Desktop
Loaded Profiles: Family &  (Available Profiles: UpdatusUser & Family)
Boot Mode: Normal
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002\...\Run: [585855e2cce3f8f92edb8105272ecd77] => C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\AutoIt3.exe C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\test.au3
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206829\...\Run: [585855e2cce3f8f92edb8105272ecd77] => C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\AutoIt3.exe C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\test.au3
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359476\...\Run: [585855e2cce3f8f92edb8105272ecd77] => C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\AutoIt3.exe C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\test.au3
ShortcutTarget: GoogleDrive.lnk -> C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\AutoIt3.exe (No File)
URLSearchHook: [S-1-5-21-3297273063-3950669016-3409055866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206751] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3297273063-3950669016-3409055866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359445] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-3297273063-3950669016-3409055866-1002 -> DefaultScope {B2E45E59-00E8-4647-97BF-199D06517BB8} URL = 
SearchScopes: HKU\S-1-5-21-3297273063-3950669016-3409055866-1002 -> {B2E45E59-00E8-4647-97BF-199D06517BB8} URL = 
Filter: application/x-mfe-ipt - No CLSID Value
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff => not found
CHR Extension: (Chrome Media Router) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-11]
U3 aswbdisk; no ImagePath
2018-11-14 21:45 - 2018-11-15 13:35 - 000000000 ____D C:\ProgramData\585855e2cce3f8f92edb8105272ecd77
2018-11-14 00:16 - 2018-02-11 13:43 - 000000000 ____D C:\Users\Family\AppData\Roaming\9d313207346078739ab9fa2e85973128
2018-03-27 01:10 - 2014-05-27 05:39 - 000053248 ____H (Microsoft Corporation) C:\Users\Family\AppData\Roaming\regasm.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} =>  -> No File
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} =>  -> No File
Task: {5819EBCE-1286-418B-8AD2-68D5B8C3BCC2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-11-14] (AVAST Software) <==== ATTENTION

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3297273063-3950669016-3409055866-1002\Software\Microsoft\Windows\CurrentVersion\Run\\585855e2cce3f8f92edb8105272ecd77" => removed successfully
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206829\...\Run: [585855e2cce3f8f92edb8105272ecd77] => C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\AutoIt3.exe C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\test.au3 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359476\...\Run: [585855e2cce3f8f92edb8105272ecd77] => C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\AutoIt3.exe C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\test.au3 => Error: No automatic fix found for this entry.
"C:\ProgramData\585855e2cce3f8f92edb8105272ecd77\AutoIt3.exe" => not found
URLSearchHook: [S-1-5-21-3297273063-3950669016-3409055866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206751] ATTENTION => Default URLSearchHook is missing => Error: No automatic fix found for this entry.
URLSearchHook: [S-1-5-21-3297273063-3950669016-3409055866-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359445] ATTENTION => Default URLSearchHook is missing => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-3297273063-3950669016-3409055866-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3297273063-3950669016-3409055866-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B2E45E59-00E8-4647-97BF-199D06517BB8} => removed successfully
HKLM\Software\Classes\CLSID\{B2E45E59-00E8-4647-97BF-199D06517BB8} => not found
HKLM\Software\Classes\PROTOCOLS\Filter\Filter: application/x-mfe-ipt - No CLSID Value => not found
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected]" => removed successfully
CHR Extension: (Chrome Media Router) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-11] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
C:\ProgramData\585855e2cce3f8f92edb8105272ecd77 => moved successfully
C:\Users\Family\AppData\Roaming\9d313207346078739ab9fa2e85973128 => moved successfully
C:\Users\Family\AppData\Roaming\regasm.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DBARFileBackuped => removed successfully
HKLM\Software\Classes\CLSID\{831cebdd-6baf-4432-be76-9e0989c14aef} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DBARFileNotBackuped => removed successfully
HKLM\Software\Classes\CLSID\{275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5819EBCE-1286-418B-8AD2-68D5B8C3BCC2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5819EBCE-1286-418B-8AD2-68D5B8C3BCC2}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3297273063-3950669016-3409055866-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3297273063-3950669016-3409055866-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206829\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133206829\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359476\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11152018133359476\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11162018170849683\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11162018170849683\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11162018170944374\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3297273063-3950669016-3409055866-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11162018170944374\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 3 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 3:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de Ethernet Ethernet:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Wi-Fi:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::800a:3b2c:16c7:62ef%3
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.18.55
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.18.1

Adaptador de t£nel isatap.{F77C9233-A1B5-4A06-AC2C-39FF02F68353}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30349871 B
Java, Flash, Steam htmlcache => 43448400 B
Windows/system/drivers => 20375330 B
Edge => 0 B
Chrome => 409739754 B
Firefox => 24097058 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 3522672 B
LocalService => 0 B
NetworkService => 0 B
UpdatusUser => 0 B
Family => 15444755 B

RecycleBin => 3234320 B
EmptyTemp: => 532.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:13:18 ====

#13

Hola

Cómo sigue el problema.

Un saludo


#14

Buenos días Daniela,

De momento todo bien. La ventana ya no ha vuelto a aparecer más :slight_smile:

Muchas gracias, de verdad.


#15

Hola @Ivan_McNulty

Sigue estos pasos, para eliminar las herramientas utilizadas:

Para hacerlo utiliza de nuevo/descarga >> DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador -).

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.


Gracias a ti por confiar en ForoSpyware. Ha sido un placer ayudarte :manos:

Nos alegramos que se te haya resuelto :Bien: Damos el tema por solucionado.

Solucionado

Un saludo


#16