Virus, internet limitado o nulo


#3

Gracias por responder, aquí están los logs: saludos.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2019-01-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    01-16-2019
# Duration: 00:00:35
# OS:       Windows 7 Home Premium
# Scanned:  32265
# Detected: 6


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
PUP.Optional.Legacy             HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

***** [ Chromium (and derivatives) ] *****

PUP.Optional.FaceMoods          Facemoods
PUP.Optional.Panda              Panda Safe Web

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 16/1/19
Hora del análisis: 22:24
Archivo de registro: bc0c678e-1a0f-11e9-beb7-64315097dedc.json

-Información del software-
Versión: 3.6.1.2711
Versión de los componentes: 1.0.508
Versión del paquete de actualización: 1.0.8808
Licencia: Gratis

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: AVD-HP\Aaron

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 409835
Amenazas detectadas: 3
Amenazas en cuarentena: 2
Tiempo transcurrido: 14 min, 0 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 1
PUP.Optional.MyStart, HKU\S-1-5-21-628076510-392984596-580012936-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|fagakgcelolinfnkfgekcnedpaklfcok, En cuarentena, [232], [492335],1.0.8808

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 2
PUP.Optional.MyStart, C:\USERS\AARON\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Error durante la eliminación, [232], [492335],1.0.8808
PUP.Optional.MyStart, C:\USERS\AARON\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [232], [492335],1.0.8808

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

#4

Hola @AaronDev

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2


#5

Buenas tardes, Estos son los reportes:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.01.2019 01
Ran by Aaron (administrator) on AVD-HP (19-01-2019 11:27:53)
Running from C:\Users\Aaron\Downloads
Loaded Profiles: Aaron & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS (Available Profiles: Aaron & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS12.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\fdhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\Aaron\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Dropbox, Inc.) C:\Users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2011-01-13] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-04] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-03-10] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1502776 2011-03-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PSUAMain] => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
HKU\S-1-5-21-628076510-392984596-580012936-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-628076510-392984596-580012936-1000\...\Run: [Spotify Web Helper] => C:\Users\Aaron\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2018-05-05] (Spotify Ltd)
HKU\S-1-5-21-628076510-392984596-580012936-1000\...\Run: [Google Update] => C:\Users\Aaron\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe [605992 2018-12-23] (Google Inc.)
HKU\S-1-5-21-628076510-392984596-580012936-1000\...\Run: [Dropbox Update] => C:\Users\Aaron\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-628076510-392984596-580012936-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.)
HKLM\...\Drivers32-x32: [vidc.yv12] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{ad846bae-d44b-4722-abad-f7420e08bcd9}: [DatabasePath] -> C:\Windows\AppPatch\Custom\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb [2016-05-31]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{10880D85-AAD9-4558-ABDC-2AB1552D831F}] -> C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe [2011-03-04] (Hewlett-Packard Company)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corp.)
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2019-01-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Aaron\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicyScripts-x32: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{3939E15C-C701-43E0-A8C4-47A22D6279BF}: [DhcpNameServer] 10.213.2.12
Tcpip\..\Interfaces\{EC652CB2-17DA-4031-B304-D02E00B79A89}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{EC652CB2-17DA-4031-B304-D02E00B79A89}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-628076510-392984596-580012936-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPALL/17
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-628076510-392984596-580012936-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-628076510-392984596-580012936-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-628076510-392984596-580012936-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-12-16] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-11-30] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-11-30] (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-12] (Oracle Corporation)
BHO-x32: Aplicación auxiliar de inicio de sesión de Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-11-30] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-12] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -  No File
Toolbar: HKU\S-1-5-21-628076510-392984596-580012936-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-30] (Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2006-12-29] (SAP AG, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2006-12-29] (SAP AG, Walldorf)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-04-05] (Skype Technologies)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (<video> de HTML5 de DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-09-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll [2013-02-23] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll [2013-02-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-27] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-628076510-392984596-580012936-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Aaron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-628076510-392984596-580012936-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-628076510-392984596-580012936-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Aaron\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-628076510-392984596-580012936-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Aaron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-10-03] (Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com.mx/
CHR StartupUrls: Default -> "hxxp://www.google.com.mx/"
CHR DefaultSearchURL: Default -> hxxps://pandasecurity.mystart.com/results.php?pr=vmn&id=pandasafeweb&v=1_0_chromeextension_unknown__&searchfeed=web&hsimp=yhs-panda1&ent=ch_ss&q={searchTerms}
CHR DefaultSearchKeyword: Default -> safeWeb
CHR Profile: C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default [2019-01-19]
CHR Extension: (YouTube) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Búsqueda de Google) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Chuck Anderson) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp [2012-10-14]
CHR Extension: (AdBlock) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-01-19]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (video de HTML5 de DivX Plus Web Player) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-09-26]
CHR Extension: (Gmail) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-16]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2011-01-24] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2011-01-24] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [991296 2011-01-24] (Intel Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9646240 2018-12-07] (Microsoft Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2014-02-21] (Microsoft Corporation)
R3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [50880 2014-02-21] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-04] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender)
R2 ReportServer$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSRS12.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2450112 2014-02-21] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2014-02-21] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe" [X]
S2 PSUAService; "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-12-04] (Panda Security, S.L.)
S1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201464 2015-12-04] (Panda Security, S.L.)
S1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-12-04] (Panda Security, S.L.)
S1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48912 2015-04-27] (Panda Security, S.L.)
S1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-12-04] (Panda Security, S.L.)
S1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-12-04] (Panda Security, S.L.)
S1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [177424 2016-02-17] (Panda Security, S.L.)
S1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-12-04] (Panda Security, S.L.)
S1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [264976 2016-02-17] (Panda Security, S.L.)
S1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-12-04] (Panda Security, S.L.)
S2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [171792 2016-08-04] (Panda Security, S.L.)
S2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [127248 2016-08-04] (Panda Security, S.L.)
S1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [206936 2018-03-08] (Panda Security, S.L.)
S2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2016-08-04] (Panda Security, S.L.)
S2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2016-08-04] (Panda Security, S.L.)
S2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2016-08-04] (Panda Security, S.L.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [200832 2017-11-22] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [211704 2017-11-22] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [144632 2017-11-22] (Oracle Corporation)
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-19 11:27 - 2019-01-19 11:28 - 000029974 _____ C:\Users\Aaron\Downloads\FRST.txt
2019-01-19 11:27 - 2019-01-19 11:27 - 000000000 ____D C:\FRST
2019-01-19 11:21 - 2019-01-19 11:21 - 002427904 _____ (Farbar) C:\Users\Aaron\Downloads\FRST64.exe
2019-01-17 20:41 - 2019-01-17 20:41 - 000001792 _____ C:\Users\Aaron\Desktop\AdwCleaner[S00].txt
2019-01-17 20:40 - 2019-01-17 20:40 - 000001963 _____ C:\Users\Aaron\Desktop\informeMalwarebytes.txt
2019-01-16 22:21 - 2019-01-16 22:21 - 000000292 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2019-01-16 22:20 - 2019-01-16 22:21 - 000000000 ____D C:\AdwCleaner
2019-01-16 22:17 - 2019-01-16 22:18 - 007320272 _____ (Malwarebytes) C:\Users\Aaron\Downloads\adwcleaner_7.2.6.0.exe
2019-01-15 23:07 - 2019-01-19 11:26 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2019-01-15 23:05 - 2019-01-15 23:06 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-01-15 23:05 - 2019-01-15 23:05 - 000104876 _____ C:\ProgramData\agent.1547615112.bdinstall.v2.bin
2019-01-15 23:05 - 2019-01-15 23:05 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2019-01-14 22:10 - 2019-01-14 22:11 - 066759392 _____ (Panda Security, S.L.) C:\Users\Aaron\Downloads\IS.exe
2019-01-14 21:35 - 2019-01-14 21:35 - 000004270 _____ C:\Users\Aaron\Desktop\cc_20190114_213519.reg
2019-01-09 21:23 - 2019-01-09 21:23 - 000000000 ____D C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-01-01 06:14 - 2019-01-01 06:14 - 000000000 _____ C:\Windows\SysWOW64\sho3360.tmp

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-19 11:26 - 2011-09-25 21:33 - 000000000 ____D C:\Users\Aaron\AppData\Local\CrashDumps
2019-01-19 11:23 - 2012-09-08 11:12 - 000000200 _____ C:\Windows\Tasks\AutoKMS.job
2019-01-19 11:23 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-17 20:38 - 2015-06-13 03:22 - 000000960 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-628076510-392984596-580012936-1000UA.job
2019-01-17 20:37 - 2009-07-13 22:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-17 20:37 - 2009-07-13 22:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-17 20:33 - 2011-09-23 15:13 - 000003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{53C37721-0452-49C6-9B27-F59D70514E3D}
2019-01-17 20:31 - 2014-03-23 23:26 - 000069632 ___SH C:\Users\Aaron\Thumbs.db
2019-01-16 21:38 - 2015-06-13 03:22 - 000000908 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-628076510-392984596-580012936-1000Core.job
2019-01-16 21:23 - 2011-09-24 17:39 - 000000000 ___RD C:\Users\Aaron\Dropbox
2019-01-16 20:50 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2019-01-15 22:54 - 2012-07-22 21:49 - 000000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-628076510-392984596-580012936-1000UA.job
2019-01-15 22:54 - 2012-07-22 21:49 - 000000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-628076510-392984596-580012936-1000Core.job
2019-01-15 22:39 - 2011-09-26 17:50 - 000000000 ____D C:\Users\Aaron\Documents\Programas
2019-01-14 21:55 - 2017-01-28 15:24 - 000000000 ____D C:\Users\Aaron\Documents\4-Optimizando PC
2019-01-09 21:23 - 2011-09-24 17:36 - 000000000 ____D C:\Users\Aaron\AppData\Roaming\Dropbox
2019-01-01 14:20 - 2011-04-14 11:19 - 000857742 _____ C:\Windows\system32\perfh00A.dat
2019-01-01 14:20 - 2011-04-14 11:19 - 000203790 _____ C:\Windows\system32\perfc00A.dat
2019-01-01 14:20 - 2009-07-13 23:13 - 001993812 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-01 01:13 - 2018-11-28 23:04 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-12-26 12:05 - 2015-08-20 20:11 - 000001985 _____ C:\Users\Aaron\Desktop\Series Peliculas por ver.txt
2018-12-23 16:44 - 2017-11-11 22:06 - 000002184 _____ C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-12-23 16:44 - 2017-09-03 10:30 - 000003168 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-628076510-392984596-580012936-1000
2018-12-23 16:44 - 2017-09-02 20:03 - 000000000 ___RD C:\Users\Aaron\OneDrive
2018-12-23 16:34 - 2011-09-23 22:19 - 000003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-628076510-392984596-580012936-1000UA
2018-12-23 16:34 - 2011-09-23 22:19 - 000003370 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-628076510-392984596-580012936-1000Core

==================== Files in the root of some directories =======

2011-11-12 09:47 - 2008-06-12 06:53 - 000040960 _____ (SAP-TECHNOLOGY) C:\Program Files (x86)\Common Files\DigitalSignature.ocx
2011-11-12 09:47 - 2008-06-12 06:53 - 000955904 _____ () C:\Program Files (x86)\Common Files\SAPActiveXL.xlt
2011-11-12 09:47 - 2008-06-12 06:53 - 000949760 _____ () C:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt
2011-11-12 09:47 - 2008-06-12 06:53 - 000626688 _____ (SAP AG) C:\Program Files (x86)\Common Files\sapconsaccess.dll
2011-11-12 09:47 - 2008-06-12 06:53 - 000192512 _____ (SAP Tech Inc.) C:\Program Files (x86)\Common Files\sapconsr3.dll
2011-11-12 09:47 - 2008-06-12 06:53 - 003125248 _____ (SAP Technology,Inc) C:\Program Files (x86)\Common Files\sapxlhelper.dll
2015-09-09 20:36 - 2015-09-09 20:36 - 000000017 _____ () C:\Users\Aaron\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2019-01-16 22:12 - 2019-01-16 22:12 - 000000000 _____ () C:\Users\Aaron\AppData\Local\Temp\GUR6170.exe
2019-01-16 22:41 - 2019-01-16 22:42 - 000000000 _____ () C:\Users\Aaron\AppData\Local\Temp\GUR6862.exe
2019-01-16 22:02 - 2019-01-16 22:02 - 000000000 _____ () C:\Users\Aaron\AppData\Local\Temp\GUR84A9.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-31 16:30

==================== End of FRST.txt ============================

#6

Acá pongo el segundo reporte:

Addition.txt (78,9 KB)


#7

Hola @AaronDev

Sigue estos pasos:

Nota: Ejecutaste Farbar desde una ubicación incorrecta.

C:\Users\Aaron\Downloads

Corta el ejecutable y lo pegas en el escritorio de Windows o no funcionara.

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-628076510-392984596-580012936-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
GroupPolicyScripts-x32: Restriction <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{3939E15C-C701-43E0-A8C4-47A22D6279BF}: [DhcpNameServer] 10.213.2.12
Tcpip\..\Interfaces\{EC652CB2-17DA-4031-B304-D02E00B79A89}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{EC652CB2-17DA-4031-B304-D02E00B79A89}: [DhcpNameServer] 192.168.1.254 192.168.1.254
HKU\S-1-5-21-628076510-392984596-580012936-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPALL/17
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-628076510-392984596-580012936-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-628076510-392984596-580012936-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-628076510-392984596-580012936-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM-x32 - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -  No File
Toolbar: HKU\S-1-5-21-628076510-392984596-580012936-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR DefaultSearchURL: Default -> hxxps://pandasecurity.mystart.com/results.php?pr=vmn&id=pandasafeweb&v=1_0_chromeextension_unknown__&searchfeed=web&hsimp=yhs-panda1&ent=ch_ss&q={searchTerms}
CHR DefaultSearchKeyword: Default -> safeWeb
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
2019-01-01 06:14 - 2019-01-01 06:14 - 000000000 _____ C:\Windows\SysWOW64\sho3360.tmp
2019-01-16 22:12 - 2019-01-16 22:12 - 000000000 _____ () C:\Users\Aaron\AppData\Local\Temp\GUR6170.exe
2019-01-16 22:41 - 2019-01-16 22:42 - 000000000 _____ () C:\Users\Aaron\AppData\Local\Temp\GUR6862.exe
2019-01-16 22:02 - 2019-01-16 22:02 - 000000000 _____ () C:\Users\Aaron\AppData\Local\Temp\GUR84A9.exe
GroupPolicyScripts-x32: Restriction <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{3939E15C-C701-43E0-A8C4-47A22D6279BF}: [DhcpNameServer] 10.213.2.12
Tcpip\..\Interfaces\{EC652CB2-17DA-4031-B304-D02E00B79A89}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{EC652CB2-17DA-4031-B304-D02E00B79A89}: [DhcpNameServer] 192.168.1.254 192.168.1.254
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
Task: {0440BE3C-5216-45CF-8315-C1A179DCDD62} - System32\Tasks\{EC66A4AA-0A0B-4E8A-BC9C-F3817DB2DA6D} => "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.3.0.105/en/abandoninstall?page=tsProgressBar
Task: {3C2A5FF4-1E6E-459F-8869-E5B4322A9205} - System32\Tasks\{9DF987C9-0D91-48DD-8D37-80FF95541A0D} => C:\Windows\system32\pcalua.exe -a C:\Users\Aaron\Documents\Programas\unetbootin\unetbootin-win-549.exe -d C:\Users\Aaron\Documents\Programas\unetbootin
Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Aaron\Downloads\adwcleaner_7.2.6.0.exe


CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.


#8

Aquí pongo el log obtenido:

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by Aaron (20-01-2019 14:49:22) Run:1
Running from C:\Users\Aaron\Desktop
Loaded Profiles: Aaron & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS (Available Profiles: Aaron & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-628076510-392984596-580012936-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
GroupPolicyScripts-x32: Restriction <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{3939E15C-C701-43E0-A8C4-47A22D6279BF}: [DhcpNameServer] 10.213.2.12
Tcpip\..\Interfaces\{EC652CB2-17DA-4031-B304-D02E00B79A89}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{EC652CB2-17DA-4031-B304-D02E00B79A89}: [DhcpNameServer] 192.168.1.254 192.168.1.254
HKU\S-1-5-21-628076510-392984596-580012936-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPALL/17
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPALL/17
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-628076510-392984596-580012936-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-628076510-392984596-580012936-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-628076510-392984596-580012936-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://mx.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM-x32 - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -  No File
Toolbar: HKU\S-1-5-21-628076510-392984596-580012936-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR DefaultSearchURL: Default -> hxxps://pandasecurity.mystart.com/results.php?pr=vmn&id=pandasafeweb&v=1_0_chromeextension_unknown__&searchfeed=web&hsimp=yhs-panda1&ent=ch_ss&q={searchTerms}
CHR DefaultSearchKeyword: Default -> safeWeb
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
2019-01-01 06:14 - 2019-01-01 06:14 - 000000000 _____ C:\Windows\SysWOW64\sho3360.tmp
2019-01-16 22:12 - 2019-01-16 22:12 - 000000000 _____ () C:\Users\Aaron\AppData\Local\Temp\GUR6170.exe
2019-01-16 22:41 - 2019-01-16 22:42 - 000000000 _____ () C:\Users\Aaron\AppData\Local\Temp\GUR6862.exe
2019-01-16 22:02 - 2019-01-16 22:02 - 000000000 _____ () C:\Users\Aaron\AppData\Local\Temp\GUR84A9.exe
GroupPolicyScripts-x32: Restriction <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{3939E15C-C701-43E0-A8C4-47A22D6279BF}: [DhcpNameServer] 10.213.2.12
Tcpip\..\Interfaces\{EC652CB2-17DA-4031-B304-D02E00B79A89}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{EC652CB2-17DA-4031-B304-D02E00B79A89}: [DhcpNameServer] 192.168.1.254 192.168.1.254
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
Task: {0440BE3C-5216-45CF-8315-C1A179DCDD62} - System32\Tasks\{EC66A4AA-0A0B-4E8A-BC9C-F3817DB2DA6D} => "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.3.0.105/en/abandoninstall?page=tsProgressBar
Task: {3C2A5FF4-1E6E-459F-8869-E5B4322A9205} - System32\Tasks\{9DF987C9-0D91-48DD-8D37-80FF95541A0D} => C:\Windows\system32\pcalua.exe -a C:\Users\Aaron\Documents\Programas\unetbootin\unetbootin-win-549.exe -d C:\Users\Aaron\Documents\Programas\unetbootin
Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Aaron\Downloads\adwcleaner_7.2.6.0.exe


CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-628076510-392984596-580012936-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring" => removed successfully
C:\Windows\SysWOW64\GroupPolicy\Machine => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3939E15C-C701-43E0-A8C4-47A22D6279BF}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC652CB2-17DA-4031-B304-D02E00B79A89}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC652CB2-17DA-4031-B304-D02E00B79A89}\\DhcpNameServer" => removed successfully
HKU\S-1-5-21-628076510-392984596-580012936-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Error setting value.
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Error setting value.
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Error setting value.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKU\S-1-5-21-628076510-392984596-580012936-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-628076510-392984596-580012936-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-628076510-392984596-580012936-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
"HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => not found
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => not found
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => not found
HKLM\Software\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => not found
"HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
"HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => not found
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => not found
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => not found
HKLM\Software\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => not found
"HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
"HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => not found
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => not found
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => not found
HKLM\Software\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => not found
"HKU\S-1-5-21-628076510-392984596-580012936-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nneajnkjbffgblleaoojgaacokifdkhm => removed successfully
C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx => moved successfully
HKLM\System\CurrentControlSet\Services\Prot6Flt => removed successfully
Prot6Flt => service removed successfully
C:\Windows\SysWOW64\sho3360.tmp => moved successfully
C:\Users\Aaron\AppData\Local\Temp\GUR6170.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\GUR6862.exe => moved successfully
C:\Users\Aaron\AppData\Local\Temp\GUR84A9.exe => moved successfully
"C:\Windows\SysWOW64\GroupPolicy\Machine" => not found
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => not found
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3939E15C-C701-43E0-A8C4-47A22D6279BF}\\DhcpNameServer" => not found
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC652CB2-17DA-4031-B304-D02E00B79A89}\\NameServer" => not found
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC652CB2-17DA-4031-B304-D02E00B79A89}\\DhcpNameServer" => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UAContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0440BE3C-5216-45CF-8315-C1A179DCDD62}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0440BE3C-5216-45CF-8315-C1A179DCDD62}" => removed successfully
C:\Windows\System32\Tasks\{EC66A4AA-0A0B-4E8A-BC9C-F3817DB2DA6D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EC66A4AA-0A0B-4E8A-BC9C-F3817DB2DA6D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C2A5FF4-1E6E-459F-8869-E5B4322A9205}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C2A5FF4-1E6E-459F-8869-E5B4322A9205}" => removed successfully
C:\Windows\System32\Tasks\{9DF987C9-0D91-48DD-8D37-80FF95541A0D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9DF987C9-0D91-48DD-8D37-80FF95541A0D}" => removed successfully
C:\Windows\Tasks\AdwCleaner_onReboot.job => moved successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de red inal mbrica 3 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de red inal mbrica 2 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de red inal mbrica mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local mientras los medios
est‚n desconectados.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {6217546F-250B-49EB-8262-659ECC84F14F}.
{B1B62727-7E08-4972-A6E6-CE63C7411AAA} canceled.
{922BBBAF-56A9-4267-946A-888C8C7D6622} canceled.
{560781E6-BBF8-4EC7-8087-2EC229915E3C} canceled.
{111F5B15-FDD6-4649-B0F3-8E9ABAF0F3D8} canceled.
Unable to cancel {065D5AE1-820B-4F29-BF97-14FB01D1826D}.
4 out of 6 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-628076510-392984596-580012936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-628076510-392984596-580012936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15754568 B
Java, Flash, Steam htmlcache => 548 B
Windows/system/drivers => 633373 B
Edge => 0 B
Chrome => 67365400 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42337350 B
systemprofile32 => 8468367 B
LocalService => 0 B
NetworkService => 0 B
Aaron => 18174362 B
MSSQL$SQLEXPRESS => 0 B
ReportServer$SQLEXPRESS => 0 B
MSSQLFDLauncher$SQLEXPRESS => 0 B

RecycleBin => 124024 B
EmptyTemp: => 153.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:51:22 ====

#9

Hola @AaronDev

Olvidaste comentar como sigue el problema?, Como esta funcionando el equipo?.

Salu2


#10

Buen día, Pues sigo sin poder acceder a Internet, me sigue diciendo conectividad limitada… Y en modo seguro con red sí puedo acceder a internet. saludos.


#11

Hay algo más que pueda hacer al respecto?


#12

Hola @AaronDev

Disculpa la demora en responderte estoy con serios problemas de conectividad.

Descarga FSS.exe a tu escritorio.

Ejecuta FSS.exe (Presiona clic derecho y seleccionas Ejecutar como administrador)

Marca todas las opciones:

  • Internet Services.
  • Windows Firewall
  • System Restore.
  • Security Center/Action Center.
  • Windows Update.
  • Windows Defender.

Presiona el botón Scan y esperá a que termine su trabajo.

Se abrirá un Bloc de notas. Copia y pega el contenido en tu próxima respuesta.

Salu2.


#13

Qué tal, ntp agradezco el tiempo que me brindas. Bueno acá te paso el reporte:

Farbar Service Scanner Version: 27-01-2016
Ran by Aaron (administrator) on 26-01-2019 at 19:47:58
Running from "C:\Users\Aaron\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

#14

Hola:

Analizando el reporte puede verse:

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Lo que significa que no tienes errores relacionados a los servicios de Internet pero no tienes conexión a la red, los distintos intentos de conexión dan error.

Así que a buscar.

Unas preguntas:

1.- Te conectaste con tu proveedor de Internet??

2.- Tu equipo es un pc de escritorio o un portátil?

3.- Revisa el Administrador de Dispositivos:

  • Haga clic en Inicio
  • Haga clic en Panel de control
  • Haga clic en Hardware y sonido
  • Haga clic en Administrador de dispositivos

Despliega los Adaptadores de Red, toma una imagen y la subes en tu próxima respuesta.

Como subir imágenes al Foro?

Nos comentas.

Salu2.


#15

Buen día, Aquí te respondo:

  1. sí estoy usando la wifi de mi casa
  2. mi pc es un portátil
  3. te paso la imagen, te hago mención de que en modo a prueba de errores con red, me da acceso a internet sin problemas, pero en modo normal No.

adaptadoresRed


#16

Hola:

Prueba lo siguiente:

Descarga Complete Internet Repair.

Luego inicia en Modo Normal y la ejecutas como Administrador.

Marcas las casillas:

  • Reset Internet Protocol (TCP/IP)
  • Repair Winsock
  • Renew Internet conection
  • Flush DNS Resolver Cache
  • Reset Windows Firewall Cofigurations
  • Restore the default Hosts File
  • Flush ARP Cache
  • Reset Proxy Server Configuration
  • Repair SSL/HTTPS/Criptography

Reinicia el sistema al terminar con la reparación.

Nos comentas si puedes conectar a Internet.

Salu2.


#17

Hola, Pues ya hice eso último que me comentaste, pero sigo sin poder acceder a internet en modo normal… habrá otra cosa que poder hacer? saludos.


#18

Hola @AaronDev:

Prueba lo siguiente:

Descarga en tu escritorio :arrow_right: Windows Repair all in one, hazlo con la versión portable suele estar la última de todas donde veas que pone Captura

  • Es un fichero ZIP con este nombre :white_check_mark: tweaking.com_windows_repair_aio.zip, lo descomprimes y ejecutas desde la carpeta que se habrá generado en tu escritorio.

  • Haces doble clic sobre el archivo Repair_Windows.exe.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona Ejecutar como Administrador.- )

  • Aceptas en la primera pantalla la licencia de uso pulsando en I Agree y a continuación veras la pantalla inicial del programa, donde debes seguir estos pasos :

:one: Repairs - Main.

:two: Open Repairs.



  1. Inmediatamente aparecerá una nueva ventana,

  2. Presiona en "Start Repair"


El proceso ira realizando todos los pasos establecidos y cuando termine Reinicias el equipo.

Nos comentas.

Saludos.


#19

Qué tal, Pues ya hice eso último pero sigue la conectividad limitada o nula. No me da internet :grimacing:, qué podrá ser? TT_TT


#20

Hola:

En la imagen se ve con Simbolo Amarillo el Driver Teredo Tunneling Pseudo-Interface

adaptadoresRed

Prueba los pasos de la siguiente guía, esta en Ingles pero es bastante clara, si no entiendes algo puedes usar Google Traductor, si aun así tienes algún problema, vienes y lo comentas.

Nota: Sobre el Método Dos, la utilización de Driver Easy, solo actualizaras los Adaptadores de Red (Network Adapter)

Salu2.


#21

Buen día, sorry por tardar… pues te comento que sobre la guía realice el método 1 y el 3 y sigue sin darme internet :grimacing: ya no sé que hacer, alguna otra idea? Saludos cordiales!


#22

Hola @AaronDev

Al tardar mucho en volver, se complica por que no podemos darle un correcto seguimiento a ese equipo.

Volvamos a empezar:

Realiza los siguientes pasos, sin cambiar el orden, en tu caso los vuelves a descargar desde Modo Seguro con Red, para que los tengas actualizados, luego inicias en Modo Normal y los ejecutas.

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad. (esto solo cuando estés en Modo Normal)

2.- Descarga a tu escritorio las siguientes herramientas:

3.- Luego respetando el orden:

Malwarebytes

Instalalo y actualizalo. Realiza un Análisis Completo de acuerdo a su Manual.

AdwCleaner

Ejecutalo.(Clic derecho y selecciona Ejecutar como Administrador). Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar. Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas. Guardas el reporte que te aparecerá para copiarlo y pegarlo en tu próxima respuesta. El informe también se puede encontrar en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

Siguiendo su manual, lo instalas y ejecutas. Cuando termine, eliminas todo lo que encuentre.

Nota Importante:

En tu próxima respuesta debes pegar los reportes de Malwarebytes, AdwCleaner y ZHPCleaner.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte y no olvides comentar como va el problema.

4.- Al finalizar vuelves a ejecutar FSS y nos traes nuevo reporte.

Salu2