PDA

View Full Version : Requesting help with malware analysis and removal.



Onmur
2022-06-04, 20:54
Hello.

I'm asking for help.

My computer, which is still running Windows 7, has been having problems, lately. First, Office stopped working, so I wanted to upgrade to Windows 10. However, the tool I downloaded from Microsoft to install Windows 10 can't execute, and the same happens with other files. At some point, several applications stopped working, including Microsoft Security Essentials, Malwarebytes, CCleaner, and the Task Manager. I've had to restore system several times to be able to use the PC.

As an aside, I ran both Microsoft Security Essentials and Malwarebytes, and they found no problems. I also ran AdwCleaner, and that one did quarantine some files.

At this point, I'm considering formatting the PC and installing Windows 10 from 0, but I need to keep using the computer for work related purposes for a few days before then, so I'm hoping for help with removing any malware program that might be around.

I've found this forum, read the instructions for using Farbar and aswMBR, and I was hoping you could help me.

I used regedit to make a registry backup, then I ran Farbar and aswMBR, and got these logs I will be posting next. Thank you already for your time.


Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 04-06-2022 01
Ejecutado por Pato (administrador) sobre CASITA (04-06-2022 14:29:14)
Ejecutado desde C:\Users\Pato\Desktop\Farbar
Perfiles cargados: Pato
Plataforma: Microsoft Windows 7 Ultimate Service Pack 1 (X64) Idioma: Español (España, internacional)
Navegador predeterminado: FF
Modo de Inicio: Normal

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ->) (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(explorer.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Users\Pato\Downloads\AdwCleaner.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <12>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe <2>
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1601744 2019-01-27] (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA) [Archivo no firmado]
HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Run: [Discord] => C:\Users\Pato\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Run: [f.lux] => C:\Users\Pato\AppData\Local\FluxSoftware\Flux\flux.exe [1515848 2021-06-17] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36836592 2022-05-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [8537040 2022-02-02] (Comfort Software Group -> Comfort Software Group)
HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\MountPoints2: L - L:\setup.exe
HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\MountPoints2: {48641d4f-c405-11e3-a7aa-50465d09814d} - G:\setup.exe
HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\MountPoints2: {48641d52-c405-11e3-a7aa-50465d09814d} - 0
HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\MountPoints2: {c70770c1-39ec-11ea-a2c2-30b5c2008a06} - G:\ResidentEvil2.exe
HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\MountPoints2: {e7093fe8-719c-11e5-9353-50465d09814d} - L:\LG_PC_Programs.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-12-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\102.0.5005.63\Installer\chrmstp.exe [2022-06-01] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIREFOX.lnk [2022-01-27]
ShortcutTarget: FIREFOX.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
Startup: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OPERA.lnk [2022-01-27]
ShortcutTarget: OPERA.lnk -> C:\Users\Pato\AppData\Local\Programs\Opera GX\launcher.exe (Opera Software AS -> Opera Software)

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {01B79720-3C63-455D-A98E-2A3477386AFD} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1617197801 => C:\Users\Pato\AppData\Local\Programs\Opera GX\launcher.exe [2369792 2022-05-30] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Pato\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {025E13C4-E7AF-4387-913B-E089BC23AB12} - System32\Tasks\stream
Task: {031C6724-0368-4820-BB63-3F70A78AB799} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {050D685F-FE41-4CC0-BA78-11E1A1889D88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {1CD23378-7FEE-4B86-B780-9E9946EEBE8F} - System32\Tasks\Tierra
Task: {219BC370-1C4E-4F4C-9BDF-150E64A30BB8} - System32\Tasks\avastBCLRestartS-1-5-21-482052857-3487469296-3382205014-1000 => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Task: {26E5925B-510A-4988-A059-5E0AC0CCF2EA} - System32\Tasks\{EEFADF95-F858-4CD2-8AA2-0E517C98D228} => C:\Windows\system32\pcalua.exe -a I:\SETUP.EXE -d I:\
Task: {39CD3F67-3DC8-4840-A204-7F046FA12AB4} - System32\Tasks\Alarmas\Alarma
Task: {3B1C4C53-A0ED-427B-B060-9A4D2AAAA20C} - System32\Tasks\pagar deuda
Task: {40434AA4-0F38-4C8B-B8EE-525956FB7D8B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload (Ningún archivo)
Task: {4D1B15FA-5406-4D8C-A1ED-DB8AB4B23EBB} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {52535C7C-E788-42FC-B8E7-963F98EDAF71} - System32\Tasks\curso
Task: {5AB22868-8C5A-4EBC-B38A-C8A5F5178F8C} - System32\Tasks\CCleanerSkipUAC - Pato => C:\Program Files\CCleaner\CCleaner.exe [30924528 2022-05-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {64F06016-74FE-4807-8DD2-557EF4F8D051} - System32\Tasks\plomero
Task: {682399FC-F09E-4613-8059-3F1D5F1C805C} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [71648 2016-12-15] (DivX, LLC -> DivX, LLC)
Task: {6A895425-402F-45DC-B63F-6DBC7C683E08} - System32\Tasks\rezero13
Task: {71725899-9BA9-4633-A199-EAC49901296C} - System32\Tasks\21 twitch
Task: {76E6EA14-7700-4C25-8B04-F4119451A115} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (Ningún archivo)
Task: {785B6124-1862-4A08-908B-F78277A7C3C1} - System32\Tasks\AdobeAAMUpdater-1.0-casita-Pato => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {7ECB9352-A9F6-4A12-9006-2267E586E2BC} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {822BB38F-DBA6-4985-954C-46196F881BAE} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [1174016 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Task: {84114F84-4A4F-4313-A7D6-484A96661F17} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {884EC2A6-F243-4F85-BD2D-C5B5DD1D6947} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {89E50FB9-6494-41E2-B28D-C312667D56CF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /frequentupdate SCHEDULEDTASK displaylevel=False (Ningún archivo)
Task: {8DA63800-4D6C-48A6-BF05-34180D894556} - System32\Tasks\Opera GX scheduled Autoupdate 1616187668 => C:\Users\Pato\AppData\Local\Programs\Opera GX\launcher.exe [2369792 2022-05-30] (Opera Software AS -> Opera Software)
Task: {97F69FCB-4CCF-40E4-8FA4-CB0925D968A0} - System32\Tasks\tp fisica
Task: {99AF7C31-7C44-42A4-9857-A29BC34F9584} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {9C192135-7214-42CD-A895-B58BDA26F7C0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe (Ningún archivo)
Task: {9C6C7B7F-97CF-4BD4-804B-5983D5861165} - System32\Tasks\clase
Task: {A3B223CD-7BAA-4416-84E9-DCBE17B4CC04} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (Ningún archivo)
Task: {A51F1F4C-2C82-425E-BC9B-93D0F9E001EF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-05-11] (Piriform Software Ltd -> Piriform)
Task: {AD68FD0B-2D4C-4327-AADB-0DFB80236EFA} - System32\Tasks\devolucions
Task: {B72E43E9-1975-4A45-94D3-B44E04DDDC4C} - System32\Tasks\mira a otro lado
Task: {C02935F0-25B1-4C9E-BE5D-865531C4BDAA} - System32\Tasks\tele y churros
Task: {C6502971-ACD9-4D5B-B4E7-3C675DC5228E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {D7361B0E-1E1A-4A6E-8B32-6214EDED6B5A} - System32\Tasks\{6DB9007F-3ABB-4C3A-9CD6-0931F6E3952E} => C:\Windows\system32\pcalua.exe -a C:\Users\Pato\Downloads\rafkill-1.2.3.exe -d C:\Users\Pato\Downloads
Task: {DA1C4164-B5A3-442E-A2E8-5EF7F32DD50F} - System32\Tasks\devolucion
Task: {E3B51905-B9D1-4B7A-B562-178B02BDF29B} - System32\Tasks\{B6BA0174-32CA-4339-BBC8-73E6934B9CCD} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Valve\Portal\Portal.exe" -d "C:\Program Files\Valve\Portal"
Task: {E3E35150-972F-4640-A360-BFC4D705F6F0} - System32\Tasks\pok
Task: {E9ED7BC1-7614-46E5-9E9E-8684E8FCD456} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Ningún archivo)
Task: {EA545B29-5DE5-4BCC-BE34-B612FB380823} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe /onlogon (Ningún archivo)
Task: {F921A173-57C3-4A52-91E8-6287B326FCC8} - System32\Tasks\{AE0E3E39-CD0D-478D-AE83-1B711A6F387E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Valve\Half-Life\ESForces.v1.3.OPENBETA.FINAL.exe" -d "C:\Program Files (x86)\Valve\Half-Life"
Task: {FD9AD0D9-34D4-4C4E-BBCC-39BE1C2552F8} - System32\Tasks\bounties

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)


==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\..\Interfaces\{7C5BB6DD-585E-44EA-9CA8-C408332FDEDA}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E06A01A6-DF69-4175-8104-554BA46997F8}: [DhcpNameServer] 200.42.4.210 200.49.130.41
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.0.1,-1]
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,26.0.0.1,9256]

FireFox:
========
FF DefaultProfile: qoeltqbd.default-1542229303266
FF ProfilePath: C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266 [2022-06-04]
FF Session Restore: Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266 -> está habilitado.
FF Extension: (Color Changer) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\@colorchanger.xpi [2021-11-30]
FF Extension: (AdBlocker Ultimate) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\adblockultimate@adblockultimate.net.xpi [2022-05-25]
FF Extension: (Tampermonkey) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\firefox@tampermonkey.net.xpi [2022-05-12]
FF Extension: (fanfiction-tools) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\jid1-APQ1424BwMIlpg@jetpack.xpi [2018-12-06]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-05-24]
FF Extension: (Tab Saver) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\{3c764d86-a50a-4f5c-b773-cb84bea924e7}.xpi [2021-12-08]
FF Extension: (NoScript) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2022-05-30]
FF Extension: (Adblock para YouTube™) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\{80e9f0be-bd1e-4b69-b079-5f44b2962921}.xpi [2018-11-15]
FF Extension: (Sin Nombre) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-05-31]
FF Extension: (Toggle Website Colors (Tab)) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\{d9d33933-40dc-4da1-8dc5-5b0449ce7d46}.xpi [2021-09-20]
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-12-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-12-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [Ningún archivo]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-12-23] (DivX, LLC -> DivX, LLC)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [Ningún archivo]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [Ningún archivo]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG -> Nero AG)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2013-03-11] (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FF Plugin HKU\S-1-5-21-482052857-3487469296-3382205014-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Ningún archivo]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default [2022-05-13]
CHR DownloadDir: C:\Users\Pato\Desktop
CHR StartupUrls: Default -> "hxxps://forums.sufficientvelocity.com/forums/quests.29/","hxxps://forums.sufficientvelocity.com/threads/we-have-the-technology-penny-quest.42457/page-17#post-9709782","hxxps://mail.google.com/mail/u/0/h/3hsqg9f6dg6c/?zy=g&f=1","hxxps://www.youtube.com/watch?v=IvK8XG-vSLg","hxxps://chrome.google.com/webstore/search/scroll","hxxps://www.google.com.ar/search?q=chrome+tabs+like+firefox&num=30&safe=off&rlz=1C1PRFC_enAR773AR773&source=lnt&tbs=qdr:y&sa=X&ved=0ahUKEwiv9s3_8ebXAhUIfZAKHddPBLEQpwUIHw&biw=1024&bih=675","hxxps://www.reddit.com/r/chrome/comments/2asqg2/recently_switched_is_there_a_way_to_have_tabs/","hxxps://www.reddit.com/r/chrome/comments/5yr83k/yo_is_there_really_no_way_on_chrome_to_have_tabs/"
CHR Session Restore: Default -> está habilitado.
CHR Extension: (Lazy Tabs) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabgbgciohhaogajcnacpgilhmacdahc [2018-02-15]
CHR Extension: (TooManyTabs para Chrome) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2017-11-30]
CHR Extension: (Documentos) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-30]
CHR Extension: (Google Drive) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-30]
CHR Extension: (Video Styler (brightness and more)) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmgdnjlifbmedglimhnbhgkefanaiep [2018-03-07]
CHR Extension: (YouTube) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-30]
CHR Extension: (Tampermonkey) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-08-28]
CHR Extension: (Session Buddy) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-29]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Bloqueador de anuncios para Youtube ™) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2018-10-29]
CHR Extension: (Selectable - for fanfiction.net and more) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcidlhgdoojamkbpmhbpgldmajnobefd [2018-05-16]
CHR Extension: (The Great Suspender) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-11-30]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (uMatrix) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfcmafjalglgifnmanfmnieipoejdcf [2018-08-28]
CHR Extension: (Gmail) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-30]
CHR Extension: (Chrome Media Router) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-31]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-482052857-3487469296-3382205014-1000) Opera GXStable - "C:\Users\Pato\AppData\Local\Programs\Opera GX\Launcher.exe"

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2018-05-10] (Apple Inc. -> Apple Inc.)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [128584 2018-03-26] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3729512 2018-10-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8524512 2022-05-13] (Malwarebytes Inc. -> Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [31576 2020-04-24] (DEV47 APPS -> Dev47Apps)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-11-29] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-11-29] (Disc Soft Ltd -> Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-14] (Disc Soft Ltd -> Disc Soft Ltd)
S3 h647906; C:\Windows\System32\drivers\h647906.sys [63856 2008-08-08] (Shen Zhen Dragon Rise Macro Technology Limited Company -> Your Corporation)
S3 h648101; C:\Windows\System32\drivers\h648101.sys [65776 2008-08-08] (Shen Zhen Dragon Rise Macro Technology Limited Company -> Your Corporation)
S3 h648103; C:\Windows\System32\drivers\h648103.sys [62960 2008-08-08] (Shen Zhen Dragon Rise Macro Technology Limited Company -> Your Corporation)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41272 2008-08-08] (Shen Zhen Dragon Rise Macro Technology Limited Company -> Your Corporation)
S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [43192 2008-08-08] (Shen Zhen Dragon Rise Macro Technology Limited Company -> Your Corporation)
S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [40856 2008-08-08] (Shen Zhen Dragon Rise Macro Technology Limited Company -> Your Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239560 2022-04-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-01-11] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-01-11] (MiniTool Solution Ltd -> )
S3 RvNetMP60; C:\Windows\System32\DRIVERS\RvNetMP60.sys [69048 2021-09-21] (Famatech Corp. -> Famatech Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-04-14] () [Archivo no firmado] [El archivo está en uso]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tpg64win7; C:\Windows\System32\DRIVERS\tpg64win7.sys [648808 2012-02-22] (Realtek Semiconductor Corp -> TP-LINK TECHNOLOGIES CO., LTD)
S3 vjoy; C:\Windows\System32\DRIVERS\vjoy.sys [56560 2015-08-15] (Shaul Eizikovich -> Shaul Eizikovich)
R3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [35696 2017-11-25] (Beijing Wolicheng Technology Co., Ltd. -> Windows (R) Win 7 DDK provider)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Windows Central Build Account - X -> Microsoft Corporation)
U3 a7b9c01f; no ImagePath
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
U3 aswbdisk; no ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MpKsl1199b774; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4FA05688-FB88-43B2-852A-5121B1F33BA8}\MpKslDrv.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


==================== Un mes (creado) (Lista blanca) =========

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2022-06-04 14:29 - 2022-06-04 14:30 - 000000000 ____D C:\Users\Pato\Desktop\Farbar
2022-06-04 14:29 - 2022-06-04 14:29 - 000000000 _____ C:\Users\Pato\Downloads\wEkk4S4-.exe.part
2022-06-04 14:29 - 2022-06-04 14:29 - 000000000 _____ C:\Users\Pato\Downloads\aswMBR.exe
2022-06-04 14:23 - 2022-06-04 14:23 - 008551608 _____ (Malwarebytes) C:\Users\Pato\Downloads\AdwCleaner(1).exe
2022-06-04 14:11 - 2022-06-04 14:16 - 000052680 _____ C:\Users\Pato\Downloads\Addition.txt
2022-06-04 14:05 - 2022-06-04 14:16 - 000048665 _____ C:\Users\Pato\Downloads\FRST.txt
2022-06-04 14:05 - 2022-06-04 14:05 - 008551608 _____ (Malwarebytes) C:\Users\Pato\Downloads\AdwCleaner.exe
2022-06-04 13:51 - 2022-06-04 13:51 - 000627600 _____ C:\Users\Pato\Documents\cc_20220604_135150.reg
2022-06-04 13:35 - 2022-06-04 13:35 - 000000000 ___HD C:\Users\Pato\Downloads\.opera
2022-06-04 13:35 - 2022-06-04 13:35 - 000000000 ___HD C:\Users\Pato\.opera
2022-06-04 12:18 - 2022-06-04 12:18 - 000000000 ___HD C:\$Windows.~WS
2022-06-04 11:47 - 2022-06-04 11:47 - 000000000 ____D C:\$WINDOWS.~BT
2022-06-04 11:45 - 2022-06-04 11:45 - 003096328 _____ C:\Users\Pato\Desktop\2ndbackup04062022.rar
2022-06-04 11:44 - 2022-06-04 11:44 - 035405041 _____ C:\Users\Pato\Desktop\bookmarksfirefox04062022.html
2022-06-04 11:44 - 2022-06-04 11:44 - 000093633 _____ C:\Users\Pato\Desktop\bookmarksopera04062022.html
2022-06-03 13:24 - 2022-06-03 13:24 - 000000000 ____D C:\Users\Public\Documents\Catch!
2022-06-03 08:23 - 2022-06-03 08:23 - 000088146 _____ C:\Users\Pato\Desktop\2022.05.01-PRORRATEO PRELIMINAR- FEDERICO LACROZE 2137 - MAYO PRELIMINAR.pdf
2022-06-02 16:29 - 2022-06-02 16:29 - 000109534 _____ C:\Users\Pato\Downloads\2022.05.01-PRORRATEO PRELIMINAR- ACOYTE 673 - MAYO PRELIMINAR.pdf
2022-06-02 16:27 - 2022-06-02 16:28 - 000071747 _____ C:\Users\Pato\Downloads\2022.05.01-PRORRATEO PRELIMINAR- ACOYTE 673 - MAYO PRELIMINAR.xlsx
2022-06-02 16:21 - 2022-06-02 16:21 - 000223440 _____ C:\Users\Pato\Downloads\2022.05.01-PRORRATEO PRELIMINAR- ACOYTE 673 - MAYO PRELIMINAR a.xlsx
2022-06-02 16:21 - 2022-06-02 16:21 - 000223440 _____ C:\Users\Pato\Downloads\2022.05.01-PRORRATEO- ACOYTE 673 - MAYO.xlsx
2022-06-01 17:28 - 2022-06-01 17:44 - 000000000 ____D C:\Windows\system32\appmgmt
2022-05-31 23:11 - 2022-06-01 09:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-05-31 20:54 - 2022-05-31 20:55 - 001232764 _____ C:\Users\Pato\Documents\cc_20220531_205447.reg
2022-05-31 16:07 - 2022-05-31 16:07 - 000027643 _____ C:\Users\Pato\Documents\20363197869-constancia cuit afip.pdf
2022-05-31 14:03 - 2022-05-31 14:03 - 000000520 _____ C:\Users\Pato\Desktop\Asistente de soporte y recuperación de Microsoft.appref-ms
2022-05-31 12:00 - 2022-05-31 12:05 - 000000000 ____D C:\Users\Pato\AppData\Roaming\DFXCT
2022-05-31 11:25 - 2022-05-31 15:33 - 000000000 ____D C:\Users\Pato\AppData\Local\SaraResults
2022-05-31 10:55 - 2022-05-31 14:05 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2022-05-31 10:55 - 2022-05-31 10:55 - 000000000 ____D C:\Users\Pato\AppData\Local\SaRALogs
2022-05-25 17:28 - 2022-05-25 17:28 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-05-12 21:27 - 2022-06-04 13:35 - 000004048 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1616187668
2022-05-08 19:05 - 2022-05-08 19:05 - 000001079 _____ C:\Users\Public\Desktop\Free Alarm Clock.lnk
2022-05-08 19:05 - 2022-05-08 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
2022-05-08 19:05 - 2022-05-08 19:05 - 000000000 ____D C:\Program Files (x86)\FreeAlarmClock
2022-05-08 19:03 - 2022-05-08 19:03 - 004721088 _____ (Comfort Software Group ) C:\Users\Pato\Desktop\FreeAlarmClockSetup.exe

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2022-06-04 14:29 - 2016-02-03 12:19 - 000000000 ____D C:\FRST
2022-06-04 14:23 - 2022-02-09 11:34 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-06-04 14:22 - 2017-02-17 18:11 - 000000000 ____D C:\Users\Pato\AppData\Roaming\discord
2022-06-04 14:22 - 2016-11-18 09:13 - 000000000 ____D C:\Users\Pato\AppData\LocalLow\Mozilla
2022-06-04 14:20 - 2014-03-12 09:33 - 000000000 ____D C:\AdwCleaner
2022-06-04 14:15 - 2013-02-16 16:26 - 000000000 ____D C:\Program Files (x86)\Google
2022-06-04 14:05 - 2009-07-14 01:45 - 000028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-06-04 14:05 - 2009-07-14 01:45 - 000028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-06-04 13:45 - 2013-03-01 12:55 - 000000000 ____D C:\Program Files\CCleaner
2022-06-04 13:44 - 2017-02-17 18:11 - 000000000 ____D C:\Users\Pato\AppData\Local\Discord
2022-06-04 13:37 - 2019-10-03 09:09 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-06-04 13:35 - 2013-02-16 16:09 - 000000000 ____D C:\Users\Pato
2022-06-04 13:28 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-06-04 13:27 - 2021-11-27 18:25 - 000000000 ____D C:\Program Files (x86)\StarCraft II
2022-06-04 13:27 - 2020-05-27 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WarCraft III
2022-06-04 13:27 - 2018-05-10 23:11 - 000000000 ____D C:\Program Files (x86)\StarCroft
2022-06-04 13:27 - 2016-06-27 22:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2016
2022-06-04 13:27 - 2013-12-13 07:10 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-06-04 13:27 - 2013-03-05 11:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2022-06-04 13:27 - 2013-02-18 01:17 - 000000000 ____D C:\Users\Pato\Desktop\EVERYTHING
2022-06-04 13:27 - 2013-02-17 15:44 - 000000000 ____D C:\PCSX2 1.0.0
2022-06-04 13:26 - 2022-04-23 15:44 - 000000000 ____D C:\Program Files (x86)\International GunZ
2022-06-04 13:26 - 2022-02-14 18:42 - 000000000 ____D C:\Users\Pato\Desktop\Formulario para atención de usuarios Argentina.gob.ar_archivos
2022-06-04 13:26 - 2022-02-14 18:42 - 000000000 ____D C:\Users\Pato\Desktop\Formulario para atención de usuarios Argentina.gob.ar 1_archivos
2022-06-04 13:26 - 2021-11-27 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheating-Death
2022-06-04 13:26 - 2021-11-27 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2022-06-04 13:26 - 2021-11-27 18:25 - 000000000 ____D C:\Users\Pato\Documents\StarCraft II
2022-06-04 13:26 - 2021-11-02 21:33 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-06-04 13:26 - 2021-06-02 12:39 - 000000000 ____D C:\Users\Pato\Documents\PCSX2
2022-06-04 13:26 - 2021-05-22 10:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Compressor
2022-06-04 13:26 - 2021-05-22 10:46 - 000000000 ____D C:\Program Files (x86)\Free Video Compressor
2022-06-04 13:26 - 2021-04-27 13:48 - 000000000 ____D C:\SNES9x v1.53-1240
2022-06-04 13:26 - 2021-03-25 16:30 - 000000000 ____D C:\Users\Pato\Documents\My Cheat Tables
2022-06-04 13:26 - 2021-01-25 18:51 - 000000000 ____D C:\Warframe
2022-06-04 13:26 - 2021-01-25 18:50 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
2022-06-04 13:26 - 2020-05-19 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker
2022-06-04 13:26 - 2020-05-19 20:02 - 000000000 ____D C:\Program Files (x86)\Tracker
2022-06-04 13:26 - 2020-04-08 17:57 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Zoom
2022-06-04 13:26 - 2019-07-19 17:03 - 000000000 ____D C:\Program Files (x86)\NirSoft
2022-06-04 13:26 - 2018-08-09 20:39 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2022-06-04 13:26 - 2018-05-10 23:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft
2022-06-04 13:26 - 2018-02-19 16:13 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1
2022-06-04 13:26 - 2016-11-29 16:47 - 000000000 ____D C:\Users\Pato\Desktop\EVERYTHING 2
2022-06-04 13:26 - 2016-10-28 16:53 - 000000000 ____D C:\Program Files (x86)\ePub Reader for Windows
2022-06-04 13:26 - 2016-09-08 14:20 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2022-06-04 13:26 - 2016-08-20 01:19 - 000000000 ____D C:\Program Files (x86)\BANDAI NAMCO Games
2022-06-04 13:26 - 2016-03-19 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2022-06-04 13:26 - 2016-03-19 11:40 - 000000000 ____D C:\Users\Pato\Documents\Heroes of the Storm
2022-06-04 13:26 - 2016-03-19 11:40 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2022-06-04 13:26 - 2016-02-04 23:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-06-04 13:26 - 2015-02-15 19:17 - 000000000 ____D C:\Users\Pato\Documents\Assassin's Creed IV Black Flag
2022-06-04 13:26 - 2014-12-06 18:13 - 000000000 ____D C:\Program Files\Valve
2022-06-04 13:26 - 2014-10-06 17:22 - 000000000 ____D C:\Program Files (x86)\Freemake
2022-06-04 13:26 - 2014-05-08 20:32 - 000000000 ____D C:\Program Files (x86)\Child of Light
2022-06-04 13:26 - 2014-04-14 17:12 - 000000000 ____D C:\Games
2022-06-04 13:26 - 2014-04-14 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2022-06-04 13:26 - 2014-04-14 15:54 - 000000000 ____D C:\Program Files (x86)\Diablo II
2022-06-04 13:26 - 2014-03-25 18:21 - 000000000 ____D C:\th135
2022-06-04 13:26 - 2014-02-03 18:04 - 000000000 ____D C:\Program Files (x86)\Lame For Audacity
2022-06-04 13:26 - 2014-01-09 08:51 - 000000000 ____D C:\Program Files (x86)\Firefall
2022-06-04 13:26 - 2013-12-13 07:11 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Battle.net
2022-06-04 13:26 - 2013-12-13 07:11 - 000000000 ____D C:\Users\Pato\AppData\Local\Battle.net
2022-06-04 13:26 - 2013-12-13 07:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2022-06-04 13:26 - 2013-08-14 18:13 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2022-06-04 13:26 - 2013-07-19 17:44 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magicka
2022-06-04 13:26 - 2013-07-19 17:43 - 000000000 ____D C:\Program Files (x86)\Magicka
2022-06-04 13:26 - 2013-05-14 18:51 - 000000000 ____D C:\Program Files (x86)\JDownloader
2022-06-04 13:26 - 2013-05-11 23:12 - 000000000 ____D C:\Users\Pato\AppData\Roaming\IrfanView
2022-06-04 13:26 - 2013-04-15 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frontier Aja
2022-06-04 13:26 - 2013-04-15 16:59 - 000000000 ____D C:\Program Files (x86)\Frontier Aja
2022-06-04 13:26 - 2013-04-02 20:03 - 000000000 ____D C:\Program Files (x86)\SPlayer
2022-06-04 13:26 - 2013-03-19 01:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
2022-06-04 13:26 - 2013-03-09 23:29 - 000000000 ____D C:\Program Files (x86)\Bethesda Softworks
2022-06-04 13:26 - 2013-03-05 11:16 - 000000000 ____D C:\Program Files (x86)\Nero
2022-06-04 13:26 - 2013-03-01 12:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-06-04 13:26 - 2013-02-28 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2022-06-04 13:26 - 2013-02-28 19:00 - 000000000 ____D C:\Program Files (x86)\MagicISO
2022-06-04 13:26 - 2013-02-18 11:59 - 000000000 ____D C:\Users\Pato\Desktop\ST
2022-06-04 13:26 - 2013-02-17 21:48 - 000000000 ____D C:\Program Files (x86)\NAMCO BANDAI Games
2022-06-04 13:26 - 2013-02-17 21:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2022-06-04 13:26 - 2013-02-16 22:59 - 000000000 ____D C:\Users\Pato\Documents\My Games
2022-06-04 13:26 - 2013-02-16 21:22 - 000000000 ____D C:\Program Files (x86)\KONAMI
2022-06-04 13:26 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2022-06-04 13:25 - 2013-02-16 16:10 - 000000000 ____D C:\Windows\SoftwareDistribution.old
2022-06-04 13:25 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\registration
2022-06-04 12:19 - 2013-02-17 00:02 - 000000000 ____D C:\Windows\Panther
2022-06-01 18:16 - 2021-07-10 13:34 - 000000000 ____D C:\Users\Pato\AppData\Roaming\NCH Software
2022-06-01 18:16 - 2014-12-08 16:42 - 000000000 ____D C:\Program Files (x86)\UltraISO
2022-06-01 18:05 - 2009-07-14 02:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2022-06-01 17:51 - 2014-08-17 07:55 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2022-06-01 17:49 - 2017-07-28 18:11 - 000000000 ____D C:\Users\Pato\AppData\Local\CrashDumps
2022-06-01 17:39 - 2017-04-22 20:29 - 000000000 ____D C:\Program Files\Free PDF to Word Converter
2022-06-01 17:37 - 2021-11-27 22:06 - 000000000 ____D C:\Program Files (x86)\Cheating-Death
2022-06-01 17:30 - 2018-06-29 13:15 - 000000000 ____D C:\Users\Pato\Desktop\Materias
2022-06-01 16:34 - 2016-11-27 19:31 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-06-01 09:23 - 2021-07-20 09:03 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-06-01 00:16 - 2017-11-30 14:52 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-05-31 14:53 - 2016-02-13 19:08 - 000000000 ____D C:\Users\Pato\AppData\Local\Deployment
2022-05-31 14:23 - 2020-04-04 01:46 - 000000000 ____D C:\Program Files\Microsoft Office
2022-05-31 14:23 - 2009-07-14 00:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2022-05-31 12:48 - 2020-08-18 23:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2022-05-31 12:46 - 2020-08-18 23:17 - 000000000 ____D C:\Program Files\AutoHotkey
2022-05-31 12:46 - 2020-04-04 02:00 - 000000000 ____D C:\Program Files (x86)\Teams Installer
2022-05-25 17:30 - 2020-04-04 02:01 - 000000000 ___RD C:\Users\Pato\OneDrive
2022-05-25 11:31 - 2021-06-21 19:23 - 000000000 ____D C:\Users\Pato\AppData\Roaming\flashpoint-launcher
2022-05-13 18:45 - 2022-02-21 12:16 - 000001908 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-05-13 18:45 - 2020-08-02 20:17 - 000001920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-05-13 18:41 - 2017-11-30 14:25 - 000000000 ____D C:\Program Files\Malwarebytes
2022-05-13 18:41 - 2014-05-13 15:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-05-12 21:39 - 2017-11-30 14:52 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-05-12 09:35 - 2015-12-21 01:28 - 000000000 ____D C:\Windows\system32\MRT
2022-05-12 09:24 - 2013-03-16 11:54 - 145501456 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-05-09 08:16 - 2009-07-14 02:08 - 000032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Archivos en la raíz de algunos directorios ========

2018-05-15 14:07 - 2018-05-22 12:53 - 000000033 _____ () C:\Users\Pato\AppData\Roaming\AdobeWLCMCache.dat
2017-09-17 18:10 - 2018-08-12 20:45 - 000003584 _____ () C:\Users\Pato\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-28 10:13 - 2018-09-28 10:13 - 000000000 _____ () C:\Users\Pato\AppData\Local\oobelibMkey.log
2014-03-29 13:36 - 2014-03-29 13:36 - 000000218 _____ () C:\Users\Pato\AppData\Local\recently-used.xbel
2014-02-23 17:32 - 2018-12-22 16:01 - 000007597 _____ () C:\Users\Pato\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)


LastRegBack: 2022-05-27 00:38
==================== Final de FRST.txt ========================


Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 04-06-2022 01
Ejecutado por Pato (04-06-2022 14:31:15)
Ejecutado desde C:\Users\Pato\Desktop\Farbar
Microsoft Windows 7 Ultimate Service Pack 1 (X64) (2013-02-16 19:09:16)
Modo de Inicio: Normal
==========================================================


==================== Cuentas: =============================


(Si una entrada es incluida en el fixlist, será eliminada.)

Administrador (S-1-5-21-482052857-3487469296-3382205014-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-482052857-3487469296-3382205014-1002 - Limited - Enabled)
Invitado (S-1-5-21-482052857-3487469296-3382205014-501 - Limited - Disabled)
Pato (S-1-5-21-482052857-3487469296-3382205014-1000 - Administrator - Enabled) => C:\Users\Pato

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas instalados ======================

(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Asistente de soporte y recuperación de Microsoft (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\a1a734b8150c1d83) (Version: 17.0.8503.9 - Microsoft Corporation)
AutoHotkey 1.1.33.02 (HKLM\...\AutoHotkey) (Version: 1.1.33.02 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 6.00 - Piriform)
CodeBlocks (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.9.0.0650 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Discord) (Version: 0.0.309 - Discord Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.141 - DivX, LLC)
DroidCam Client (HKLM-x32\...\DroidCam) (Version: 6.3.3 - Dev47apps)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ePub Reader for Windows versión 5.3 (HKLM-x32\...\{BFBA7F3A-1F10-4754-ADEC-A8CFBB4F925B}_is1) (Version: 5.3 - HANSoft, Inc.)
f.lux (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Flux) (Version: - f.lux Software LLC)
ffdshow (remove only) (HKLM-x32\...\ffdshow) (Version: - )
FlexHEX version 2.7 (HKLM-x32\...\FlexHEX_is1) (Version: 2.7 - Inv Softworks LLC)
FormatFactory 3.3.3.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.3.0 - Format Factory)
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 5.2.0.0 - Comfort Software Group)
Free Video Compressor (HKLM-x32\...\{01554C33-4131-4BC7-9E6D-AF85E02BDF4F}_is1) (Version: - freevideocompressor.com)
Freemake Video Converter versión 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.156.0 - International GeoGebra Institute)
GeoGebra Classic (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\GeoGebra_6) (Version: 6.0.489 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 102.0.5005.63 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Half-Life_is1) (Version: Half-Life - No Steam - KingSOFT DVD)
Hero Editor V1.04 (HKLM-x32\...\ST6UNST #1) (Version: - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
International GunZ Installer (HKLM-x32\...\{F5F73DCD-B812-4FD3-B0B9-C1022739864F}) (Version: 1.2.2.0 - International GunZ)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
K-Lite Codec Pack 9.8.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Malwarebytes version 4.5.9.198 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.9.198 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
MiKTeX 2.9 (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MiniTool Partition Wizard Home Edition 7.7 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mnemosyne 2.8 (HKLM-x32\...\Mnemosyne_is1) (Version: - )
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 es-AR) (HKLM\...\Mozilla Firefox 101.0 (x64 es-AR)) (Version: 101.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.1 - Mozilla)
MPC-HC 1.6.6.6957 (3975d54) (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.6.6957 - MPC-HC Team)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multi-Timer Ultimate 2.51 (HKLM-x32\...\Multi-Timer Ultimate_is1) (Version: - Johannes Wallroth)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - )
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 8.1.5 - Notepad++ Team)
OpenShot Video Editor versión 2.5.1 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.5.1 - OpenShot Studios, LLC)
Opera GX Stable 86.0.4363.64 (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Opera GX 86.0.4363.64) (Version: 86.0.4363.64 - Opera Software)
Opera GX Stable 86.0.4363.70 (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Opera GX 86.0.4363.70) (Version: 86.0.4363.70 - Opera Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Stashimi Stub Installer (HKLM-x32\...\{910B539D-F257-46C8-9CB8-6C95EFF9CF22}) (Version: 18.001.1 - Nero AG) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.362 - Microsoft Corporation)
Tracker (HKLM-x32\...\OSP Tracker) (Version: 5.1.5 - Open Source Physics)
USB Network Driver (HKLM-x32\...\{66ED8E01-C915-41F5-B33E-C5C31F27B885}) (Version: V3.70a - )
USB Vibration Joystick (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VIA Administrador de dispositivos de plataforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
vJoy Device Driver 0.2.1.6 (HKLM\...\{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 0.2.1.6 - Shaul Eizikovich)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Warframe (HKLM-x32\...\{61E16878-258F-429D-A1D0-4E3E5D183BB5}) (Version: 1.0.0 - Digital Extremes)
Welcome App (Start-up experience) (HKLM-x32\...\{828175FA-7307-4DBF-95AD-9CEE086B6F45}) (Version: 12.0.14000 - Nero AG) Hidden
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )
WO Mic Client (HKLM-x32\...\WOMic) (Version: - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
X-Mouse Button Control 2.18.2 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.18.2 - Highresolution Enterprises)
YAWLE 0.5b (HKLM-x32\...\Yawle_0.3b) (Version: - )
YoloMouse (HKLM\...\{0BD95EA1-50C1-4841-869E-25B3AC863A26}) (Version: 0.8.1.0 - HaPpY)
Zoom (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\ZoomUMX) (Version: 5.8.3 (1581) - Zoom Video Communications, Inc.)

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

CustomCLSID: HKU\S-1-5-21-482052857-3487469296-3382205014-1000_Classes\CLSID\{6514CF27-CAB1-4577-81A9-EC81618C5003}\InprocServer32 -> C:\Program Files (x86)\FlexHEX\FlexCtx64.dll (Inv Softworks LLC -> Inv Softworks LLC)
CustomCLSID: HKU\S-1-5-21-482052857-3487469296-3382205014-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Ningún archivo
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Ningún archivo
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Ningún archivo
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Ningún archivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Ningún archivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Ningún archivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Ningún archivo
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2021-02-13] (Notepad++ -> )
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [Archivo no firmado]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Ningún archivo
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2011-03-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-10-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-10-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Ningún archivo
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Archivo no firmado]
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [Archivo no firmado]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Ningún archivo
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2011-03-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [Archivo no firmado]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2011-03-15] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers1_S-1-5-21-482052857-3487469296-3382205014-1000: [FlexHEX Menu] -> {6514CF27-CAB1-4577-81A9-EC81618C5003} => C:\Program Files (x86)\FlexHEX\FlexCtx64.dll [2018-06-30] (Inv Softworks LLC -> Inv Softworks LLC)

==================== Codecs (Lista blanca) ====================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Drivers32-x32: [vidc.iv50] => C:\PROGRA~2\SPlayer\ir50_32.dll
HKLM\...\Drivers32: [vidc.ffds] => C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax [1761280 2004-10-12] () [Archivo no firmado]

==================== Accesos directos & WMI ========================

(Las entradas pueden ser listadas para ser restauradas o eliminadas.)

Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\Configure default LISP for Maxima.lnk -> C:\maxima-5.38.1\bin\lispselector.bat (Ningún archivo)
Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\Maxima (command line).lnk -> C:\maxima-5.38.1\bin\maxima.bat (Ningún archivo)
Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\XMaxima (simple GUI).lnk -> C:\maxima-5.38.1\bin\xmaxima.bat (Ningún archivo)

==================== Módulos cargados (Lista blanca) =============

2010-11-18 20:08 - 2010-11-18 20:08 - 000086016 _____ (Igor Pavlov) [Archivo no firmado] D:\Program Files\7-Zip\7-zip.dll
2013-02-28 19:00 - 2008-05-22 22:25 - 000043520 _____ (MagicISO, Inc.) [Archivo no firmado] C:\Program Files (x86)\MagicISO\misosh64.dll

==================== Alternate Data Streams (Lista blanca) ========

==================== Modo Seguro (Lista blanca) ==================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Asociación (Lista blanca) =================

==================== Internet Explorer (Versión 11) (Lista blanca) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-482052857-3487469296-3382205014-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-12-15] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-12-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - Ningún archivo
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - Ningún archivo
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - Ningún archivo
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - Ningún archivo
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - Ningún archivo

(Si una entrada es incluida en el fixlist, será eliminada del registro.)

IE trusted site: HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\sharepoint.com -> hxxps://insptutneduar-files.sharepoint.com

==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2009-07-13 23:34 - 2009-06-10 18:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64
HKU\S-1-5-21-482052857-3487469296-3382205014-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall de Windows está habilitado.

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: Update webget => 2
MSCONFIG\Services: Util webget => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\Windows\pss\HandyAndy.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Pato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OUTLOOK.EXE => C:\Windows\pss\OUTLOOK.EXE.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Chromium => "c:\users\pato\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
MSCONFIG\startupreg: com.squirrel.Teams.Teams => C:\Users\Pato\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EpicGamesLauncher => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
MSCONFIG\startupreg: f.lux => "C:\Users\Pato\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: RadminVPN => "C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe" /minimized
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UPlayLoader => C:\Users\Pato\AppData\Roaming\UPlayLoader.exe
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [{B317C595-ADAA-419E-AA04-C5B57AC90C66}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG)
FirewallRules: [{AF8EAB99-5E97-4CB7-A988-ADD5D729FC2F}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG)
FirewallRules: [TCP Query User{B9DFAC50-376A-4E7E-BD17-D0DB1AA1362F}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe (Valve) [Archivo no firmado]
FirewallRules: [UDP Query User{BFCBC9F9-2E91-4EF8-9CCD-209F039EEB2B}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe (Valve) [Archivo no firmado]
FirewallRules: [TCP Query User{1D3EC1D8-4141-4B0F-86CB-D7FFDFB592A1}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Allow) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe (Nero AG -> Nero AG)
FirewallRules: [UDP Query User{9F3BCE5B-6762-4950-AB2F-239DF175D882}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Allow) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe (Nero AG -> Nero AG)
FirewallRules: [{4BD44338-7818-47E9-8EBA-9B68C5A1661F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{4F5EBF28-717A-4EF1-A54D-1069CC3F7986}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{41C6D3D7-6500-4F51-9509-BC99C90DB18B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{CA0AAE92-79A6-4510-9275-1000A0AFC3CF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{26963E97-41CE-4E65-95A0-4561ECC31E01}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{B71FFAEA-F658-4B95-A613-7AC31099E2E0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{F07C1F5D-42AC-46FB-9362-128D019B2E96}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\pes2013_100.exe (Konami Digital Entertainment Co., Ltd.) [Archivo no firmado]
FirewallRules: [{E04F6326-6204-49C3-AC3B-E45BF210CD26}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\pes2013_100.exe (Konami Digital Entertainment Co., Ltd.) [Archivo no firmado]
FirewallRules: [{3FCD27C9-F2D5-4F31-8128-CB9389311090}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E31F97C9-2053-450E-BF0A-51B62EEC1487}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{17AF8ED0-3F81-43EE-BF2C-C290D40F750B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A5499914-2D45-4C8A-97FE-153072172605}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG)
FirewallRules: [{E6248984-39DC-40E1-B5EB-3972E9AEE64D}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe (Nero AG -> Nero AG)
FirewallRules: [{6F3CA005-ED53-4A22-8AAF-5CDE1107D0E9}] => (Allow) C:\Program Files (x86)\Nero\KM\MediaHome.exe (Nero AG -> Nero AG)
FirewallRules: [{D7D8263C-87BF-4739-8CCE-FD7E7444CCB0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FBA8C345-F400-4D50-9E8D-B83E571EDFFF}] => (Allow) LPort=2869
FirewallRules: [{93651A7F-4113-4308-8CA4-0C43B2584A19}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{656C255F-E817-40E0-AD7E-8B373FB5A158}C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{947D8881-C737-41CF-B4A9-25073C374889}C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{7D292005-9E2E-49E0-8479-2DDD3765A49C}] => (Block) C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{F937DC6B-D489-4A75-92BA-09028D86CB38}] => (Block) C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{3015F648-9558-4FEF-9BDB-C51C6A57E5AE}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe () [Archivo no firmado]
FirewallRules: [{3FB7E181-724A-447A-8016-8107E6309198}] => (Allow) LPort=4950
FirewallRules: [{ED2813FF-5FED-4589-8255-10908AF27E13}] => (Allow) LPort=443
FirewallRules: [{025748E8-9C6B-4375-B83C-E434911EEBF1}] => (Allow) LPort=443
FirewallRules: [{7946578E-FD20-476E-9F9F-DA3D4B9F5AE6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{42E40672-C902-4528-9980-15444846114D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{448B31E4-B7A4-433B-96D1-6782DE3CFB43}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [TCP Query User{2A091CBF-B51A-4630-B2DD-F5BC1C0D1A3F}C:\program files (x86)\heroes of the storm\versions\base72649\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base72649\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{96C037B8-76EC-41A1-B353-71075F9697AC}C:\program files (x86)\heroes of the storm\versions\base72649\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base72649\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{1696B94A-31A6-4A05-BA42-8DDC6DE14E65}] => (Allow) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{AD58927D-30F6-4CE1-9780-CC9520AD1223}] => (Allow) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{5F174A67-D0B8-4115-8EDA-C3980E9A6104}] => (Allow) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{96096FDE-2C04-43BE-9B2A-2D9DE3DE3F4C}] => (Allow) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{89BB6CA8-11F4-42A6-B82D-A0DC89241737}] => (Allow) C:\Users\Pato\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1DAAAB6D-A97F-44C5-8D7C-4655CB69A0A8}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe () [Archivo no firmado]
FirewallRules: [TCP Query User{BE0B00AA-3D93-435C-BB6D-6646EF1259A6}C:\program files (x86)\tracker\jre\bin\java.exe] => (Allow) C:\program files (x86)\tracker\jre\bin\java.exe
FirewallRules: [UDP Query User{D08D7310-48F2-4E2E-9373-608673947ECE}C:\program files (x86)\tracker\jre\bin\java.exe] => (Allow) C:\program files (x86)\tracker\jre\bin\java.exe
FirewallRules: [{9E1BF09A-0193-4BCE-B77A-FB665F233ECF}] => (Allow) LPort=6112
FirewallRules: [{8D846872-1FDB-4641-9A75-2D6B161E8C27}] => (Allow) LPort=6112
FirewallRules: [{95FDBEFF-82FB-4229-9E5A-A501D9123936}] => (Allow) LPort=4000
FirewallRules: [{29F4B8F2-557E-4CCE-A932-880518D54DAA}] => (Allow) LPort=4000
FirewallRules: [{37B76B7C-CCFE-4F90-AEC3-149E76C15DC6}] => (Allow) C:\Program Files\OpenShot Video Editor\openshot-qt.exe (OpenShot Studios, LLC) [Archivo no firmado]
FirewallRules: [{CC07EDB1-6294-47AB-BFE8-7EA7432ABE86}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe (Nero AG -> Nero AG)
FirewallRules: [{26C077A0-345D-4837-8109-A9CB52C35050}] => (Allow) C:\Users\Pato\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{538A8C99-BFE8-4027-8B57-366E5A1E00BD}] => (Allow) C:\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{2BB2D4D9-BFD2-4DAC-B2BE-AD95870AD9CE}] => (Allow) C:\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{9585137B-F7BB-4DCC-B662-72B4FC5C7802}] => (Allow) C:\Users\Pato\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{30695D5E-CAE9-4B86-AF6D-A34A25BE6378}] => (Allow) C:\Users\Pato\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{E0403F6C-0E20-4929-9002-14E60D20E856}] => (Allow) C:\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{C651ADA3-C0C3-4A08-8662-FFF710904169}] => (Allow) C:\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{7E48D0CF-0174-47E1-B6B9-4106A4CDD908}] => (Allow) C:\Users\Pato\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
FirewallRules: [{6B62DCC2-E666-4E2B-9E16-314C70F84941}] => (Allow) C:\Program Files\OpenShot Video Editor\openshot-qt.exe (OpenShot Studios, LLC) [Archivo no firmado]
FirewallRules: [TCP Query User{267B9261-B594-4BFB-BAC7-7EB4D98DC2CE}C:\program files (x86)\mnemosyne\mnemosyne.exe] => (Allow) C:\program files (x86)\mnemosyne\mnemosyne.exe () [Archivo no firmado]
FirewallRules: [UDP Query User{FFBE34C7-E4C8-4B29-A4DD-929620EE843B}C:\program files (x86)\mnemosyne\mnemosyne.exe] => (Allow) C:\program files (x86)\mnemosyne\mnemosyne.exe () [Archivo no firmado]
FirewallRules: [{AEF9E817-2F07-4806-8837-C94ED9D66667}] => (Block) C:\program files (x86)\mnemosyne\mnemosyne.exe () [Archivo no firmado]
FirewallRules: [{96D0072B-A110-411F-8326-4F9A9FE9D7E7}] => (Block) C:\program files (x86)\mnemosyne\mnemosyne.exe () [Archivo no firmado]
FirewallRules: [{80E878EA-F650-4795-BB2B-426C4650A728}] => (Allow) C:\Users\Pato\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B8ADCFA3-76A0-458B-8B08-464BDB2766BD}] => (Allow) LPort=27015
FirewallRules: [TCP Query User{D73A08FC-8A14-4A8C-82A3-DA814D20B22C}C:\users\pato\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\pato\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{1B152A2F-4B64-4353-A89B-219DBAF9ED44}C:\users\pato\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\pato\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B315C64C-5418-45B4-B9EC-B42BC61B75F1}] => (Block) C:\users\pato\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{DA0759FA-F04D-4862-956C-F872161750DA}] => (Block) C:\users\pato\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{92870FF9-7F06-4223-95E6-A3DEB638175A}C:\program files (x86)\starcraft ii\versions\base87702\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base87702\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{ADBAED1C-346E-4BCC-A2B2-F833AAD042AC}C:\program files (x86)\starcraft ii\versions\base87702\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base87702\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{C4B3E3A2-6674-461C-8D4C-8348352618C3}] => (Block) C:\program files (x86)\starcraft ii\versions\base87702\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{AE4A419F-1DAE-410D-8BB0-ACF298861AC7}] => (Block) C:\program files (x86)\starcraft ii\versions\base87702\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [TCP Query User{6FE9EB81-8D27-4409-A2B8-1749B801851B}C:\program files (x86)\international gunz\client\gunz.exe] => (Allow) C:\program files (x86)\international gunz\client\gunz.exe (International GunZ) [Archivo no firmado]
FirewallRules: [UDP Query User{379A1025-2B53-4366-A758-97207D5E65CB}C:\program files (x86)\international gunz\client\gunz.exe] => (Allow) C:\program files (x86)\international gunz\client\gunz.exe (International GunZ) [Archivo no firmado]
FirewallRules: [{F44ADF2D-3FFC-484B-813B-05EC0552F604}] => (Block) C:\program files (x86)\international gunz\client\gunz.exe (International GunZ) [Archivo no firmado]
FirewallRules: [{E79B0282-AD6B-403F-AACD-7F25C8ED212F}] => (Block) C:\program files (x86)\international gunz\client\gunz.exe (International GunZ) [Archivo no firmado]
FirewallRules: [{2EC600A3-790E-4C63-9429-F0AC8DEFC4F9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Puntos de Restauración =========================

01-06-2022 18:16:56 Removed Warframe
03-06-2022 13:43:32 Windows Update
04-06-2022 13:11:09 Operación de restauración
04-06-2022 14:04:11 Windows Update

==================== Dispositivos defectuosos en el Administrador de dispositivos ============

Name: AQ436N82 IDE Controller
Description: AQ436N82 IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: a7b9c01f
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Errores del registro de eventos: ========================

Errores de aplicación:
==================
Error: (06/04/2022 02:29:45 PM) (Source: VSS) (EventID: 12297) (User: )
Description: Error del Servicio de instantáneas de volumen: no se pueden vaciar las escrituras de E/S durante el período de creación de la instantánea en el volumen \\?\Volume{b12a5a45-78c7-11e2-9264-806e6f6e6963}\.
El índice del volumen en el conjunto de instantánea es 0. Detalles del error: Open[0x00000000, La operación se completó correctamente.
], Flush[0x80042302, Un componente del Servicio de instantáneas de volumen detectó un error inesperado.
Consulte el registro de eventos de la aplicación para obtener más información.
], Release[0x00000000, La operación se completó correctamente.
], OnRun[0x00000000, La operación se completó correctamente.
].


Operación:
Ejecutando operación asincrónica

Contexto:
Estado actual: DoSnapshotSet

Error: (06/04/2022 02:29:45 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado DeviceIoControl(\\?\Volume{b12a5a45-78c7-11e2-9264-806e6f6e6963} - 0000000000000244,0x0053c000,0000000000463240,0,0000000000464250,4096,[0]). HR = 0x80070005, Acceso denegado.
.


Operación:
Ejecutando operación asincrónica

Contexto:
Estado actual: calling flush-and-hold IOCTL
Estado actual: flush-and-hold writes
Nombre del volumen: \\?\Volume{b12a5a45-78c7-11e2-9264-806e6f6e6963}\

Error: (06/04/2022 02:24:22 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: No se pudo iniciar el servicio de protección de software. 0xD000010A
6.1.7601.17514

Error: (06/04/2022 01:09:22 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: El punto de restauración seleccionado se dañó o eliminó durante la restauración (Removed International GunZ Installer).

Error: (06/04/2022 12:46:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Los Servicios de cifrado no pudieron inicializar la base de datos del catálogo. El error ESENT era: -543.

Error: (06/04/2022 12:46:02 PM) (Source: ESENT) (EventID: 454) (User: )
Description: Catalog Database (960) Catalog Database: Error inesperado al recuperar o restaurar la base de datos -543.

Error: (06/04/2022 12:46:02 PM) (Source: ESENT) (EventID: 452) (User: )
Description: Catalog Database (960) Catalog Database: La base de datos C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb requiere los archivos de registro 1155-1166, para recuperarse correctamente. El proceso de recuperación sólo encontró los archivos de registro a partir del 1160.

Error: (06/01/2022 05:49:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: firefox.exe, versión: 101.0.0.8181, marca de tiempo: 0x628ff7f7
Nombre del módulo con errores: xul.dll, versión: 101.0.0.8181, marca de tiempo: 0x628ff95e
Código de excepción: 0x80000003
Desplazamiento de errores: 0x00000000044f3bb8
Id. del proceso con errores: 0x1518
Hora de inicio de la aplicación con errores: 0x01d875b265b98ea6
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Id. del informe: 5a174660-e1ec-11ec-b67e-30b5c2008a06


Errores del sistema:
=============
Error: (06/04/2022 02:24:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Protección de software se cerró con el siguiente error:
Acceso denegado.

Error: (06/04/2022 02:22:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Adobe Acrobat Update Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (06/04/2022 02:22:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio AdobeUpdateService se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (06/04/2022 02:22:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Adobe Genuine Monitor Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (06/04/2022 02:22:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Adobe Genuine Software Integrity Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (06/04/2022 02:22:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Bonjour Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 500 milisegundos: Reiniciar el servicio.

Error: (06/04/2022 02:22:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio VIA Karaoke digital mixer Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (06/04/2022 02:22:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Live ID Sign-in Assistant terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.


==================== Información de la memoria ===========================

BIOS: American Megatrends Inc. 0608 08/10/2012
Placa base: ASUSTeK COMPUTER INC. P8H61-M LX3 R2.0
Procesador: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Porcentaje de memoria en uso: 69%
RAM física total: 7113.84 MB
RAM física disponible: 2153.52 MB
Virtual total: 14225.83 MB
Virtual disponible: 8412.16 MB

==================== Unidades ================================

Drive c: () (Fixed) (Total:361.12 GB) (Free:246.02 GB) (Model: WDC WD5000AAKX-00ERMA0 ATA Device) NTFS
Drive d: (Datos) (Fixed) (Total:52.09 GB) (Free:20.44 GB) (Model: WDC WD5000AAKX-00ERMA0 ATA Device) NTFS

\\?\Volume{b12a5a44-78c7-11e2-9264-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 106BA9D7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=361.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=52.1 GB) - (Type=0F Extended)

==================== Final de Addition.txt =======================

Onmur
2022-06-04, 22:24
I realize after posting that the second log I had was also from Farbar. AswMBR is still running, and I will post its log once it's done.

And here is the aswMBR log. Hope anyone helps me with all these.



aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2022-06-04 14:37:01
-----------------------------
14:37:01.733 OS Version: Windows x64 6.1.7601 Service Pack 1
14:37:01.733 Number of processors: 4 586 0x2A07
14:37:01.733 ComputerName: CASITA UserName: Pato
14:37:04.283 Initialize success
14:37:04.463 VM: initialized successfully
14:37:04.463 VM: Intel CPU BiosDisabled
14:38:14.033 AVAST engine defs: 17030301
14:39:22.883 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
14:39:22.883 Disk 0 Vendor: WDC_WD5000AAKX-00ERMA0 15.01H15 Size: 476940MB BusType: 3
14:39:22.913 Disk 0 MBR read successfully
14:39:22.913 Disk 0 MBR scan
14:39:22.983 Disk 0 Windows 7 default MBR code
14:39:22.983 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:39:22.993 Disk 0 default boot code
14:39:23.073 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 369784 MB offset 206848
14:39:23.103 Disk 0 Partition - 00 0F Extended LBA 53339 MB offset 867528641
14:39:23.133 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 53339 MB offset 867528704
14:39:23.183 Disk 0 scanning C:\Windows\system32\drivers
14:39:47.503 Service scanning
14:40:08.493 Service MpKsl985c5d71 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31DC730B-326D-47B9-B564-B631B8115E4D}\MpKslDrv.sys **LOCKED** 32
14:40:29.753 Modules scanning
14:40:29.753 Disk 0 trace - called modules:
14:40:29.763 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800749b2c0]<<spwh.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:40:29.773 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078e6060]
14:40:29.773 3 CLASSPNP.SYS[fffff88001ad943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa80075ea060]
14:40:29.783 \Driver\atapi[0xfffffa800755d630] -> IRP_MJ_CREATE -> 0xfffffa800749b2c0
14:40:31.073 AVAST engine scan C:\Windows
14:40:40.713 AVAST engine scan C:\Windows\system32
14:47:01.203 AVAST engine scan C:\Windows\system32\drivers
14:47:28.853 AVAST engine scan C:\Users\Pato
14:49:41.424 File: C:\Users\Pato\AppData\Local\Chromium\Application\58.0.3014.0\Installer\setup.exe **INFECTED** Win32:MalOb-CA [Cryp]
14:49:45.354 File: C:\Users\Pato\AppData\Local\Chromium\Application\chrome.exe **INFECTED** Win32:MalOb-CA [Cryp]
15:53:55.137 AVAST engine scan C:\ProgramData
16:22:26.894 Disk 0 statistics 5963612/0/0 @ 0,71 MB/s
16:22:26.899 Scan finished successfully
16:23:15.555 Disk 0 MBR has been saved successfully to "C:\Users\Pato\Desktop\Farbar\MBR.dat"
16:23:15.675 The log file has been saved successfully to "C:\Users\Pato\Desktop\Farbar\aswMBR log.txt"

Juliet
2022-06-05, 16:10
Hi and welcome

There is actually no visible signs of infection.
We can run a script by FRST to tidy up, and I did find errors related to your computer.

Please go to the below site to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)

C:\Users\Pato\Downloads\wEkk4S4-.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.


****
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator, just open it and let it wait)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Start::
CloseProcesses:
CreateRestorePoint:
U3 a7b9c01f; no ImagePath
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
U3 aswbdisk; no ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MpKsl1199b774; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4FA05688-FB88-43B2-852A-5121B1F33BA8}\MpKslDrv.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Ningún archivo
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Ningún archivo
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Ningún archivo
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Ningún archivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Ningún archivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Ningún archivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Ningún archivo
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Ningún archivo
Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\Configure default LISP for Maxima.lnk -> C:\maxima-5.38.1\bin\lispselector.bat (Ningún archivo)
Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\Maxima (command line).lnk -> C:\maxima-5.38.1\bin\maxima.bat (Ningún archivo)
Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\XMaxima (simple GUI).lnk -> C:\maxima-5.38.1\bin\xmaxima.bat (Ningún archivo)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - Ningún archivo
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - Ningún archivo
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - Ningún archivo
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - Ningún archivo
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - Ningún archivo
Hosts:
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
EmptyTemp:
C:\Windows\Temp\*.*
SystemRestore:
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Press the Fix button.
FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
Please also include the information for the file scanned.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Description: Error del Servicio de instantáneas de volumen
Volume Shadow Copy Service error
Description: AQ436N82 IDE Controller, Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Hard drive errors
The above are errors found on your computer that might be the result of trying to download Windows 10
It's hard to say if the errors were already existing or recent.

Onmur
2022-06-05, 17:41
Hello, thanks for the reply.

I'm replying from my phone, since after running the fix with Farbar, my pc can't connect to many servers.

I tried some, and I can't open Discord, nor enter this forum, Outlook online, Google Sheets, Ikariam, Virustotal, nor archiveofourown.

I'm also logged out of Gmail and Whatsapp Web on firefox.

There are sites I can access, though. Whatsapp Web is still open and logged in on Opera, as are Spacebattles Forums, Sufficientvelocity Forums, Youtube, Google (the search part, not Outlook nor Sheets). Wikipedia still works, as do xkcd and the Giant in the Playground site.

I'm manually copying the link from the Virustotal analysis: https://www.virustotal.com/gui/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/details

As for the fixlog from Farbar, I copied the text by sending to myself with whatsapp:

Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 04-06-2022 01
Ejecutado por Pato (05-06-2022 10:50:34) Run:1
Ejecutado desde C:\Users\Pato\Desktop\Farbar
Perfiles cargados: Pato
Modo de Inicio: Normal
==============================================

fixlist contenido:
*****************
CloseProcesses:
CreateRestorePoint:
U3 a7b9c01f; no ImagePath
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
U3 aswbdisk; no ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MpKsl1199b774; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4FA05688-FB88-43B2-852A-5121B1F33BA8}\MpKslDrv.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Ningún archivo
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Ningún archivo
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Ningún archivo
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Ningún archivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Ningún archivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Ningún archivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Ningún archivo
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Ningún archivo
Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\Configure default LISP for Maxima.lnk -> C:\maxima-5.38.1\bin\lispselector.bat (Ningún archivo)
Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\Maxima (command line).lnk -> C:\maxima-5.38.1\bin\maxima.bat (Ningún archivo)
Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\XMaxima (simple GUI).lnk -> C:\maxima-5.38.1\bin\xmaxima.bat (Ningún archivo)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - Ningún archivo
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - Ningún archivo
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - Ningún archivo
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - Ningún archivo
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - Ningún archivo
Hosts:
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
EmptyTemp:
C:\Windows\Temp\*.*
SystemRestore:

*****************

Procesos cerrados correctamente.
El punto de restauración fue creado correctamente.
a7b9c01f => servicio no encontrado.
HKLM\System\CurrentControlSet\Services\AndNetDiag => eliminado correctamente
AndNetDiag => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\ANDNetModem => eliminado correctamente
ANDNetModem => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\aswbdisk => eliminado correctamente
aswbdisk => servicio eliminado correctamente
HKLM\System\CurrentControlSet\Services\EagleX64 => eliminado correctamente
EagleX64 => servicio eliminado correctamente
MpKsl1199b774 => servicio no encontrado.
HKLM\System\CurrentControlSet\Services\VMnetAdapter => eliminado correctamente
VMnetAdapter => servicio eliminado correctamente
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => eliminado correctamente
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => eliminado correctamente
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => eliminado correctamente
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => eliminado correctamente
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => eliminado correctamente
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => eliminado correctamente
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => eliminado correctamente
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => eliminado correctamente
C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\Configure default LISP for Maxima.lnk => movido correctamente
C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\Maxima (command line).lnk => movido correctamente
C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\XMaxima (simple GUI).lnk => movido correctamente
HKLM\Software\Classes\PROTOCOLS\Handler\mso-minsb-roaming.16 => eliminado correctamente
HKLM\Software\Classes\PROTOCOLS\Handler\mso-minsb.16 => eliminado correctamente
HKLM\Software\Classes\PROTOCOLS\Handler\osf-roaming.16 => eliminado correctamente
HKLM\Software\Classes\PROTOCOLS\Handler\osf.16 => eliminado correctamente
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml => eliminado correctamente
C:\Windows\System32\Drivers\etc\hosts => movido correctamente
Hosts restaurado correctamente.

========= netsh int ip reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.



========= Final de CMD: =========


========= ipconfig /flushDNS =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.


========= Final de CMD: =========


=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\adobegc.log => movido correctamente
C:\Windows\Temp\DMI2D46.tmp => movido correctamente
C:\Windows\Temp\DMID4CB.tmp => movido correctamente
C:\Windows\Temp\MpCmdRun.log => movido correctamente
C:\Windows\Temp\MpSigStub.log => movido correctamente

========= Final -> "C:\Windows\Temp\*.*" ========

SystemRestore: => Error: Ninguna corrección automática encontrada para esta entrada.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7561178 B
Java, Discord, Steam htmlcache => 1029036125 B
Windows/system/drivers => 251810 B
Edge => 0 B
Chrome => 1753610 B
Firefox => 1322064992 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 256 B
LocalService => 256 B
NetworkService => 141127468 B
Pato => 863786349 B

RecycleBin => 539936145 B
EmptyTemp: => 3.6 GB datos temporales eliminados.

================================


El sistema necesita reiniciarse.

==== Final de Fixlog 10:57:22 ====

Juliet
2022-06-05, 18:29
Try resetting the router and reboot the computer.

Onmur
2022-06-05, 18:36
I tried rebooting the router and the PC, and flushing the DNS again.

I needed to work on some files with microsoft online, so I figured I can always run the fix again, and system restored to the point created by Farbar. That's done, so if necessary, I can re-run the fix.

Juliet
2022-06-05, 19:33
NO need to run again, it posted it was removed successfully.

These items you mentioned not running or wont run at all happened after trying to upgrade to a newer version of windows, windows 10?

Reason I ask, this computer might not have been compatible for the upgrade and Microsoft also states there is a possibility some programs might not work afterwards.

We can continue to check for malware?

Also, can you post the log created by AdwCleaner?

~~~

ESET Online Scanner:

Download ESET Online Scanner from the ESET website (https://www.eset.com/int/home/online-scanner/) by clicking the ONE-TIME-SCAN button on that webpage
Double-click the esetonlinescanner.exe file you downloaded to run the application
Select product language
Click Get started and confirm the User access control dialog of Windows
In the Terms of use screen, click Accept if you agree to the Terms of use. After accepting the terms of use, the shortcut for ESET Online Scanner is created on the Desktop
Click Get started in the welcome screen
Select whether or not you want to join the Customer Experience Improvement Program, and whether or not to enable the feedback system, then click Continue
Select the Full Scan type
Select the choice to enable detections of potentially unwanted applications (https://help.eset.com/getHelp?product=glossary&lang=1033&topic=unwanted_application) (PUA)
After the detection module updates are downloaded, the scan starts. Scan progress is shown via the progress bar along with the path and title of file being scanned. You can pause or cancel the scan at any time
Note: The scan make take several hours depending on how many files are on your computer..When the scan has finished and if threats have been detected, click Save scan log and save the text file with a unique name such as, ESET results.txt then click Continue.
Copy and paste the contents of this ESET results report into your next reply to me (If no threats were detected, you do not need to save the results)
The following steps are optional and are not required

If there has been no ESET security product detected on your machine, and your user account has administrator privileges, ESET Online Scanner will offer you to turn on Periodic scan. This choice is up to you
In the Thank you for using ESET Online Scanner screen you can rate the application and leave feedback. In addition, to delete all detection modules and settings of ESET Online Scanner configured in previous steps, select Delete application's data on closing
Click Submit and close if you rated the application and/or left a feedback, or click Close without feedback


Click Finish to exit ESET Online Scanner

Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply

Onmur
2022-06-05, 23:41
NO need to run again, it posted it was removed successfully.

These items you mentioned not running or wont run at all happened after trying to upgrade to a newer version of windows, windows 10?

Reason I ask, this computer might not have been compatible for the upgrade and Microsoft also states there is a possibility some programs might not work afterwards.

I should be more specific. I couldn't even try to upgrade to Windows 10, the executable that's supposed to create the ISO or program the flash USB that would be used to install Windows 10 was one of the programs that didn't work at all, with the other programs being all of Microsoft Office.

And later, while I was trying to fix that, the computer got worse, and I got errors trying to run most programs, even including msconfig and the task manager. That got undone through system restore.

This is the executable I downloaded from Microsoft to try and install Windows 10, and its error message:
https://cdn.discordapp.com/attachments/887061943620345926/983050969619243148/unknown.png

This is the error I get when trying to use the Microsoft Office setup file (I uninstalled Office before trying to reinstall it):
https://cdn.discordapp.com/attachments/887061943620345926/983050985498878032/unknown.png

(The errors I got when trying to run Microsoft Office apps where what prompted me to try and upgrade from Windows 7 to 10.)

While I'm at it, I found this strange file in my desktop today, don't know what's up with this:
https://cdn.discordapp.com/attachments/887061943620345926/983052242179461130/unknown.png



We can continue to check for malware?

Also, can you post the log created by AdwCleaner?

Here are the logs, first the scan log:

# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-03-15.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-04-2022
# Duration: 00:00:54
# OS: Windows 7 Ultimate
# Scanned: 32050
# Detected: 18


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Adware.Heuristic C:\ProgramData\C53133092C51F964
PUP.Optional.Legacy C:\Program Files (x86)\Common Files\Speedbit
PUP.Optional.Legacy C:\ProgramData\Speedbit
PUP.Optional.Legacy C:\Users\Pato\AppData\LocalLow\Speedbit
PUP.Optional.Legacy C:\Users\Pato\AppData\Roaming\Speedbit
PUP.Optional.OutbytePCRepair C:\ProgramData\Outbyte

***** [ Files ] *****

PUP.Optional.Legacy C:\END

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Opera GX Browser Assistant
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\dt soft\daemon tools toolbar
PUP.Optional.Legacy HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.Legacy HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
PUP.Optional.SofTonicAssistant HKCU\Software\Softonic

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########



And the cleaning log:

# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-03-15.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-04-2022
# Duration: 00:00:22
# OS: Windows 7 Ultimate
# Cleaned: 18
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Common Files\Speedbit
Deleted C:\ProgramData\C53133092C51F964
Deleted C:\ProgramData\Outbyte
Deleted C:\ProgramData\Speedbit
Deleted C:\Users\Pato\AppData\LocalLow\Speedbit
Deleted C:\Users\Pato\AppData\Roaming\Speedbit

***** [ Files ] *****

Deleted C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Softonic
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Opera GX Browser Assistant
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Deleted HKLM\Software\Wow6432Node\dt soft\daemon tools toolbar
Deleted HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Deleted HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Deleted HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Deleted HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2890 octets] - [04/06/2022 14:20:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########





~~~

ESET Online Scanner:

Download ESET Online Scanner from the ESET website (https://www.eset.com/int/home/online-scanner/) by clicking the ONE-TIME-SCAN button on that webpage
Double-click the esetonlinescanner.exe file you downloaded to run the application
Select product language
Click Get started and confirm the User access control dialog of Windows
In the Terms of use screen, click Accept if you agree to the Terms of use. After accepting the terms of use, the shortcut for ESET Online Scanner is created on the Desktop
Click Get started in the welcome screen
Select whether or not you want to join the Customer Experience Improvement Program, and whether or not to enable the feedback system, then click Continue
Select the Full Scan type
Select the choice to enable detections of potentially unwanted applications (https://help.eset.com/getHelp?product=glossary&lang=1033&topic=unwanted_application) (PUA)
After the detection module updates are downloaded, the scan starts. Scan progress is shown via the progress bar along with the path and title of file being scanned. You can pause or cancel the scan at any time
Note: The scan make take several hours depending on how many files are on your computer..When the scan has finished and if threats have been detected, click Save scan log and save the text file with a unique name such as, ESET results.txt then click Continue.
Copy and paste the contents of this ESET results report into your next reply to me (If no threats were detected, you do not need to save the results)
The following steps are optional and are not required

If there has been no ESET security product detected on your machine, and your user account has administrator privileges, ESET Online Scanner will offer you to turn on Periodic scan. This choice is up to you
In the Thank you for using ESET Online Scanner screen you can rate the application and leave feedback. In addition, to delete all detection modules and settings of ESET Online Scanner configured in previous steps, select Delete application's data on closing
Click Submit and close if you rated the application and/or left a feedback, or click Close without feedback


Click Finish to exit ESET Online Scanner

Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply

05/06/2022 17:30:56
Files scanned: 347282
Detected files: 131
Cleaned files: 131
Total scan time 02:57:12
Scan status: Finished
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vuze\.install4j\user\mism.exe.vir a variant of Win32/Toolbar.Conduit.AR potentially unwanted application cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Program Files\DAEMON Tools Lite\Inst\setuphlp.dll a variant of Win32/Yandex.K potentially unwanted application deleted

C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\BrowserPlugin.dll a variant of MSIL/Freemake.A potentially unwanted application cleaned by deleting

C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\FreemakeConverterCommon.dll a variant of MSIL/Freemake.A potentially unwanted application cleaned by deleting

C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe a variant of Win32/Hao123.A potentially unwanted application cleaned by deleting

C:\Program Files (x86)\JDownloader\tools\Windows\kikin\kikin_installer.exe a variant of Win32/Kikin.A potentially unwanted application cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

C:\Windows\Installer\MSI9C90.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting

D:\EVERYTHING 2\ccsetup503.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting





Thanks for taking the time to help me with this!

Juliet
2022-06-06, 15:15
C:\Qoobox\Quarantine
The above shows you have used ComboFix on the computer. I don't know if that was something used years ago and was never removed or if it was something you have used recently?
Point is, this tool is not maintained or updated and hasn't been in a very long time.
Using it can do damage.

https://answers.microsoft.com/en-us/msoffice/forum/all/office-setup-app-crashes/2b48540a-1a96-413e-a6a6-f6989e45e721
the latest version of Microsoft 365 is not supported on Windows 7,

I don't think your windows 7 computer can support what you attempted to do.

For items that wont connect to the internet

Navigate to the desktop. ...
Right-click the Start button (the Windows logo in the lower-left).
Choose Command Prompt (Admin).
When asked whether to allow Command Prompt to make changes to your computer, select Yes. ...
Type ipconfig /flushdns and press Enter. <= there is a space between ipconfig and the /
Type ipconfig /registerdns and press Enter. <= there is a space between ipconfig and the /

~~~~~~~~~~~~~~~~~~~~`


Download CKScanner (http://downloads.malwareremoval.com/CKScanner.exe) and save it to your Desktop.
Double click CKScanner.
Select Search For Files.
When it has completed select Save List to File.
A ckfiles.txt document will be placed on your Desktop.
Copy and paste the results of this report into your next reply.


If you have problems trying to download:
For the CKScanner, try copy/pasting the link directly into your browser.
http://downloads.malwareremoval.com/CKScanner.exe

Note: A new webpage may open up when you click the above link however it will be a blank page. [b]Also, you should be asked permission to download the CKScanner file. In any event, please check your Downloads folder afterward and see if you can find the file there.


The below is something you might consider, but, at times it wont work and can cause further problems if the system registry is corrupt.
Last Known Good Configuration” is a recovery option Microsoft built into all versions of Windows, available from the Advanced Boot Options menu, and can be a valuable asset when attempting to recover a PC that isn't working correctly.

Onmur
2022-06-06, 17:39
C:\Qoobox\Quarantine
The above shows you have used ComboFix on the computer. I don't know if that was something used years ago and was never removed or if it was something you have used recently?
Point is, this tool is not maintained or updated and hasn't been in a very long time.
Using it can do damage.
Combofix does sound familiar. Last time I used must have been years ago, though.


https://answers.microsoft.com/en-us/msoffice/forum/all/office-setup-app-crashes/2b48540a-1a96-413e-a6a6-f6989e45e721
the latest version of Microsoft 365 is not supported on Windows 7,

I don't think your windows 7 computer can support what you attempted to do.
Yes, it seems that way. My Microsoft Office apps were working perfectly until around May 30, then the next morning just gave an error message. A friend told me I need to upgrade to Windows 10, but the application used for it also gives me an error message. I think today or tomorrow I'll be able to get access to another computer, so I'll be able to prepare the Flash USB so I can bring it home and install Windows 10. I don't know if I need to format the C partition first, or it happens during the installation, or what, but it should be the end of all these issues even if they can't be fixed, I hope. And we were able to keep the computer running well enough I could work on it, so thanks for that.



For items that wont connect to the internet

Navigate to the desktop. ...
Right-click the Start button (the Windows logo in the lower-left).
Choose Command Prompt (Admin).
When asked whether to allow Command Prompt to make changes to your computer, select Yes. ...
Type ipconfig /flushdns and press Enter. <= there is a space between ipconfig and the /
Type ipconfig /registerdns and press Enter. <= there is a space between ipconfig and the /
The system restore helped when that happened, but I'll make a note of this, I only did up to flushing the DNS that time.



~~~~~~~~~~~~~~~~~~~~`


Download CKScanner (http://downloads.malwareremoval.com/CKScanner.exe) and save it to your Desktop.
Double click CKScanner.
Select Search For Files.
When it has completed select Save List to File.
A ckfiles.txt document will be placed on your Desktop.
Copy and paste the results of this report into your next reply.


If you have problems trying to download:
For the CKScanner, try copy/pasting the link directly into your browser.
http://downloads.malwareremoval.com/CKScanner.exe

Note: A new webpage may open up when you click the above link however it will be a blank page. [b]Also, you should be asked permission to download the CKScanner file. In any event, please check your Downloads folder afterward and see if you can find the file there.
The download worked when I copied the URL.

As for the results, there's only this:

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\ubisoft\ubisoft game launcher\uplay_cracked.exe
scanner sequence 3.BC.11.UFAPNZ
----- EOF -----



The below is something you might consider, but, at times it wont work and can cause further problems if the system registry is corrupt.
Last Known Good Configuration” is a recovery option Microsoft built into all versions of Windows, available from the Advanced Boot Options menu, and can be a valuable asset when attempting to recover a PC that isn't working correctly.
I'll keep it in mind, thanks.

Juliet
2022-06-07, 01:40
Be very careful downloading cracked apps and keygens.
Most are infiltrated with malware.

One thing to think about before up grading to windows 10, make a back up of your computer first to have in case it doesn't go well.

Let's remove tools and quarantine folders

Please download KpRm (https://toolslib.net/downloads/viewdownload/951-kprm) by Kernel-panik and save to your Desktop.

Click on KpRm.exe to run the tool.


Vista/Windows 7/8/10 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).

Put a check mark next to these items:


- Delete tools
- Delete now

Click the "Run" button.

https://github.com/KernelPan1k/KpRm/raw/master/screenshots/automatic.png[/url]


When the tool has finished, it will create and open a log report and delete itself.


~~~~

Onmur
2022-06-07, 03:19
I checked the box to create a restore point while I was at it. I hope that's OK.

As for upgrading to Windows 10, I have one hard drive that has a partition. Windows 7 installed in C, and D doesn't have a SO installed. If I install Windows 10 in C, will D get affected, or can I save stuff in there?



# Run at 06/06/2022 21:12:28
# KpRm (Kernel-panik) version 2.9.3
# Website https://kernel-panik.me/tool/kprm/
# Run by Pato from C:\Users\Pato\Desktop
# Computer Name: CASITA
# OS: Windows 7 X64 (7601) Service Pack 1
# Number of passes: 1

- Checked options -

~ Delete Tools
~ Create Restore Point
~ Delete Quarantines

- Delete Tools -


## AdwCleaner
[OK] C:\Users\Pato\Downloads\AdwCleaner(1).exe deleted
[OK] C:\Users\Pato\Downloads\AdwCleaner.exe deleted
[OK] C:\AdwCleaner deleted

## AswMBR
[OK] C:\Users\Pato\Desktop\Farbar\aswMBR log.txt deleted
[OK] C:\Users\Pato\Desktop\Farbar\aswMBR.exe deleted
[OK] C:\Users\Pato\Desktop\Farbar\MBR.dat deleted
[OK] HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR deleted

## CKScanner
[OK] C:\Users\Pato\Desktop\ckfiles.txt deleted
[OK] C:\Users\Pato\Desktop\CKScanner(3).exe deleted

## Combofix
[OK] C:\Qoobox deleted

## ESET Online Scanner
[OK] C:\Users\Pato\Desktop\ESET Online Scanner.lnk deleted
[OK] C:\Users\Pato\Downloads\esetonlinescanner.exe deleted
[OK] C:\Users\Pato\AppData\Local\ESET\ESETOnlineScanner deleted

## FRST
[OK] C:\Users\Pato\Desktop\Farbar\Addition.txt deleted
[OK] C:\Users\Pato\Desktop\Farbar\Fixlog.txt deleted
[OK] C:\Users\Pato\Desktop\Farbar\FRST.txt deleted
[OK] C:\Users\Pato\Desktop\Farbar\FRST64.exe deleted
[OK] C:\Users\Pato\Downloads\Addition.txt deleted
[OK] C:\Users\Pato\Downloads\FRST.txt deleted
[OK] C:\FRST deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ [I] RP named Operación de restauración created at 06/04/2022 16:11:09
~ [I] RP named Windows Update created at 06/04/2022 17:04:11
~ [I] RP named Restore Point Created by FRST created at 06/05/2022 13:50:38
~ [I] RP named Operación de restauración created at 06/05/2022 15:10:59
~ [I] RP named KpRm created at 06/07/2022 00:13:29

-- KPRM finished in 176.28s --

Juliet
2022-06-07, 03:35
These are questions I can't answer but did find research and info


C the default Windows System Drive letter
https://www.thewindowsclub.com/why-is-c-the-default-windows-system-drive-letter-always

Juliet
2022-06-16, 18:46
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.