Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Requesting help with malware analysis and removal.

  1. #1
    Junior Member
    Join Date
    Jun 2022
    Posts
    7

    Default Requesting help with malware analysis and removal.

    Hello.

    I'm asking for help.

    My computer, which is still running Windows 7, has been having problems, lately. First, Office stopped working, so I wanted to upgrade to Windows 10. However, the tool I downloaded from Microsoft to install Windows 10 can't execute, and the same happens with other files. At some point, several applications stopped working, including Microsoft Security Essentials, Malwarebytes, CCleaner, and the Task Manager. I've had to restore system several times to be able to use the PC.

    As an aside, I ran both Microsoft Security Essentials and Malwarebytes, and they found no problems. I also ran AdwCleaner, and that one did quarantine some files.

    At this point, I'm considering formatting the PC and installing Windows 10 from 0, but I need to keep using the computer for work related purposes for a few days before then, so I'm hoping for help with removing any malware program that might be around.

    I've found this forum, read the instructions for using Farbar and aswMBR, and I was hoping you could help me.

    I used regedit to make a registry backup, then I ran Farbar and aswMBR, and got these logs I will be posting next. Thank you already for your time.


    Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 04-06-2022 01
    Ejecutado por Pato (administrador) sobre CASITA (04-06-2022 14:29:14)
    Ejecutado desde C:\Users\Pato\Desktop\Farbar
    Perfiles cargados: Pato
    Plataforma: Microsoft Windows 7 Ultimate Service Pack 1 (X64) Idioma: Español (España, internacional)
    Navegador predeterminado: FF
    Modo de Inicio: Normal

    ==================== Procesos (Lista blanca) =================

    (Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

    (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ->) (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
    (explorer.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
    (explorer.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Users\Pato\Downloads\AdwCleaner.exe
    (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <12>
    (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe <2>
    (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
    (services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
    (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>

    ==================== Registro (Lista blanca) ===================

    (Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
    HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1601744 2019-01-27] (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
    HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA) [Archivo no firmado]
    HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Run: [Discord] => C:\Users\Pato\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
    HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Run: [f.lux] => C:\Users\Pato\AppData\Local\FluxSoftware\Flux\flux.exe [1515848 2021-06-17] (F.lux Software LLC -> f.lux Software LLC)
    HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36836592 2022-05-11] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [8537040 2022-02-02] (Comfort Software Group -> Comfort Software Group)
    HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\MountPoints2: F - F:\setup.exe
    HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\MountPoints2: L - L:\setup.exe
    HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\MountPoints2: {48641d4f-c405-11e3-a7aa-50465d09814d} - G:\setup.exe
    HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\MountPoints2: {48641d52-c405-11e3-a7aa-50465d09814d} - 0
    HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\MountPoints2: {c70770c1-39ec-11ea-a2c2-30b5c2008a06} - G:\ResidentEvil2.exe
    HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\MountPoints2: {e7093fe8-719c-11e5-9353-50465d09814d} - L:\LG_PC_Programs.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-12-21] (Microsoft Windows -> Microsoft Corporation)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\102.0.5005.63\Installer\chrmstp.exe [2022-06-01] (Google LLC -> Google LLC)
    HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
    Startup: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIREFOX.lnk [2022-01-27]
    ShortcutTarget: FIREFOX.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    Startup: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OPERA.lnk [2022-01-27]
    ShortcutTarget: OPERA.lnk -> C:\Users\Pato\AppData\Local\Programs\Opera GX\launcher.exe (Opera Software AS -> Opera Software)

    ==================== Tareas programadas (Lista blanca) ============

    (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

    Task: {01B79720-3C63-455D-A98E-2A3477386AFD} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1617197801 => C:\Users\Pato\AppData\Local\Programs\Opera GX\launcher.exe [2369792 2022-05-30] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Pato\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
    Task: {025E13C4-E7AF-4387-913B-E089BC23AB12} - System32\Tasks\stream
    Task: {031C6724-0368-4820-BB63-3F70A78AB799} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
    Task: {050D685F-FE41-4CC0-BA78-11E1A1889D88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
    Task: {1CD23378-7FEE-4B86-B780-9E9946EEBE8F} - System32\Tasks\Tierra
    Task: {219BC370-1C4E-4F4C-9BDF-150E64A30BB8} - System32\Tasks\avastBCLRestartS-1-5-21-482052857-3487469296-3382205014-1000 => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Task: {26E5925B-510A-4988-A059-5E0AC0CCF2EA} - System32\Tasks\{EEFADF95-F858-4CD2-8AA2-0E517C98D228} => C:\Windows\system32\pcalua.exe -a I:\SETUP.EXE -d I:\
    Task: {39CD3F67-3DC8-4840-A204-7F046FA12AB4} - System32\Tasks\Alarmas\Alarma
    Task: {3B1C4C53-A0ED-427B-B060-9A4D2AAAA20C} - System32\Tasks\pagar deuda
    Task: {40434AA4-0F38-4C8B-B8EE-525956FB7D8B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload (Ningún archivo)
    Task: {4D1B15FA-5406-4D8C-A1ED-DB8AB4B23EBB} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
    Task: {52535C7C-E788-42FC-B8E7-963F98EDAF71} - System32\Tasks\curso
    Task: {5AB22868-8C5A-4EBC-B38A-C8A5F5178F8C} - System32\Tasks\CCleanerSkipUAC - Pato => C:\Program Files\CCleaner\CCleaner.exe [30924528 2022-05-11] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {64F06016-74FE-4807-8DD2-557EF4F8D051} - System32\Tasks\plomero
    Task: {682399FC-F09E-4613-8059-3F1D5F1C805C} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [71648 2016-12-15] (DivX, LLC -> DivX, LLC)
    Task: {6A895425-402F-45DC-B63F-6DBC7C683E08} - System32\Tasks\rezero13
    Task: {71725899-9BA9-4633-A199-EAC49901296C} - System32\Tasks\21 twitch
    Task: {76E6EA14-7700-4C25-8B04-F4119451A115} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (Ningún archivo)
    Task: {785B6124-1862-4A08-908B-F78277A7C3C1} - System32\Tasks\AdobeAAMUpdater-1.0-casita-Pato => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {7ECB9352-A9F6-4A12-9006-2267E586E2BC} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
    Task: {822BB38F-DBA6-4985-954C-46196F881BAE} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [1174016 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
    Task: {84114F84-4A4F-4313-A7D6-484A96661F17} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
    Task: {884EC2A6-F243-4F85-BD2D-C5B5DD1D6947} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
    Task: {89E50FB9-6494-41E2-B28D-C312667D56CF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /frequentupdate SCHEDULEDTASK displaylevel=False (Ningún archivo)
    Task: {8DA63800-4D6C-48A6-BF05-34180D894556} - System32\Tasks\Opera GX scheduled Autoupdate 1616187668 => C:\Users\Pato\AppData\Local\Programs\Opera GX\launcher.exe [2369792 2022-05-30] (Opera Software AS -> Opera Software)
    Task: {97F69FCB-4CCF-40E4-8FA4-CB0925D968A0} - System32\Tasks\tp fisica
    Task: {99AF7C31-7C44-42A4-9857-A29BC34F9584} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
    Task: {9C192135-7214-42CD-A895-B58BDA26F7C0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe (Ningún archivo)
    Task: {9C6C7B7F-97CF-4BD4-804B-5983D5861165} - System32\Tasks\clase
    Task: {A3B223CD-7BAA-4416-84E9-DCBE17B4CC04} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (Ningún archivo)
    Task: {A51F1F4C-2C82-425E-BC9B-93D0F9E001EF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-05-11] (Piriform Software Ltd -> Piriform)
    Task: {AD68FD0B-2D4C-4327-AADB-0DFB80236EFA} - System32\Tasks\devolucions
    Task: {B72E43E9-1975-4A45-94D3-B44E04DDDC4C} - System32\Tasks\mira a otro lado
    Task: {C02935F0-25B1-4C9E-BE5D-865531C4BDAA} - System32\Tasks\tele y churros
    Task: {C6502971-ACD9-4D5B-B4E7-3C675DC5228E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
    Task: {D7361B0E-1E1A-4A6E-8B32-6214EDED6B5A} - System32\Tasks\{6DB9007F-3ABB-4C3A-9CD6-0931F6E3952E} => C:\Windows\system32\pcalua.exe -a C:\Users\Pato\Downloads\rafkill-1.2.3.exe -d C:\Users\Pato\Downloads
    Task: {DA1C4164-B5A3-442E-A2E8-5EF7F32DD50F} - System32\Tasks\devolucion
    Task: {E3B51905-B9D1-4B7A-B562-178B02BDF29B} - System32\Tasks\{B6BA0174-32CA-4339-BBC8-73E6934B9CCD} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Valve\Portal\Portal.exe" -d "C:\Program Files\Valve\Portal"
    Task: {E3E35150-972F-4640-A360-BFC4D705F6F0} - System32\Tasks\pok
    Task: {E9ED7BC1-7614-46E5-9E9E-8684E8FCD456} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Ningún archivo)
    Task: {EA545B29-5DE5-4BCC-BE34-B612FB380823} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe /onlogon (Ningún archivo)
    Task: {F921A173-57C3-4A52-91E8-6287B326FCC8} - System32\Tasks\{AE0E3E39-CD0D-478D-AE83-1B711A6F387E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Valve\Half-Life\ESForces.v1.3.OPENBETA.FINAL.exe" -d "C:\Program Files (x86)\Valve\Half-Life"
    Task: {FD9AD0D9-34D4-4C4E-BBCC-39BE1C2552F8} - System32\Tasks\bounties

    (Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)


    ==================== Internet (Lista blanca) ====================

    (Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

    Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
    Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
    Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
    Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
    Tcpip\..\Interfaces\{7C5BB6DD-585E-44EA-9CA8-C408332FDEDA}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{E06A01A6-DF69-4175-8104-554BA46997F8}: [DhcpNameServer] 200.42.4.210 200.49.130.41
    HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.0.1,-1]
    HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,26.0.0.1,9256]

    FireFox:
    ========
    FF DefaultProfile: qoeltqbd.default-1542229303266
    FF ProfilePath: C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266 [2022-06-04]
    FF Session Restore: Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266 -> está habilitado.
    FF Extension: (Color Changer) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\@colorchanger.xpi [2021-11-30]
    FF Extension: (AdBlocker Ultimate) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\adblockultimate@adblockultimate.net.xpi [2022-05-25]
    FF Extension: (Tampermonkey) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\firefox@tampermonkey.net.xpi [2022-05-12]
    FF Extension: (fanfiction-tools) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\jid1-APQ1424BwMIlpg@jetpack.xpi [2018-12-06]
    FF Extension: (Malwarebytes Browser Guard) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-05-24]
    FF Extension: (Tab Saver) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\{3c764d86-a50a-4f5c-b773-cb84bea924e7}.xpi [2021-12-08]
    FF Extension: (NoScript) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2022-05-30]
    FF Extension: (Adblock para YouTube™) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\{80e9f0be-bd1e-4b69-b079-5f44b2962921}.xpi [2018-11-15]
    FF Extension: (Sin Nombre) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-05-31]
    FF Extension: (Toggle Website Colors (Tab)) - C:\Users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\qoeltqbd.default-1542229303266\Extensions\{d9d33933-40dc-4da1-8dc5-5b0449ce7d46}.xpi [2021-09-20]
    FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-12-15] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-12-15] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [Ningún archivo]
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-12-23] (DivX, LLC -> DivX, LLC)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [Ningún archivo]
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [Ningún archivo]
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG -> Nero AG)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
    FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2013-03-11] (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
    FF Plugin HKU\S-1-5-21-482052857-3487469296-3382205014-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Ningún archivo]

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default [2022-05-13]
    CHR DownloadDir: C:\Users\Pato\Desktop
    CHR StartupUrls: Default -> "hxxps://forums.sufficientvelocity.com/forums/quests.29/","hxxps://forums.sufficientvelocity.com/threads/we-have-the-technology-penny-quest.42457/page-17#post-9709782","hxxps://mail.google.com/mail/u/0/h/3hsqg9f6dg6c/?zy=g&f=1","hxxps://www.youtube.com/watch?v=IvK8XG-vSLg","hxxps://chrome.google.com/webstore/search/scroll","hxxps://www.google.com.ar/search?q=chrome+tabs+like+firefox&num=30&safe=off&rlz=1C1PRFC_enAR773AR773&source=lnt&tbs=qdr:y&sa=X&ved=0ahUKEwiv9s3_8ebXAhUIfZAKHddPBLEQpwUIHw&biw=1024&bih=675","hxxps://www.reddit.com/r/chrome/comments/2asqg2/recently_switched_is_there_a_way_to_have_tabs/","hxxps://www.reddit.com/r/chrome/comments/5yr83k/yo_is_there_really_no_way_on_chrome_to_have_tabs/"
    CHR Session Restore: Default -> está habilitado.
    CHR Extension: (Lazy Tabs) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabgbgciohhaogajcnacpgilhmacdahc [2018-02-15]
    CHR Extension: (TooManyTabs para Chrome) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2017-11-30]
    CHR Extension: (Documentos) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-30]
    CHR Extension: (Google Drive) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-30]
    CHR Extension: (Video Styler (brightness and more)) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmgdnjlifbmedglimhnbhgkefanaiep [2018-03-07]
    CHR Extension: (YouTube) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-30]
    CHR Extension: (Tampermonkey) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-08-28]
    CHR Extension: (Session Buddy) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-29]
    CHR Extension: (Documentos de Google sin conexión) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
    CHR Extension: (Bloqueador de anuncios para Youtube ™) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2018-10-29]
    CHR Extension: (Selectable - for fanfiction.net and more) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcidlhgdoojamkbpmhbpgldmajnobefd [2018-05-16]
    CHR Extension: (The Great Suspender) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-11-30]
    CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
    CHR Extension: (uMatrix) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfcmafjalglgifnmanfmnieipoejdcf [2018-08-28]
    CHR Extension: (Gmail) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-30]
    CHR Extension: (Chrome Media Router) - C:\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-31]
    CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

    Opera:
    =======
    StartMenuInternet: (HKU\S-1-5-21-482052857-3487469296-3382205014-1000) Opera GXStable - "C:\Users\Pato\AppData\Local\Programs\Opera GX\Launcher.exe"

    ==================== Servicios (Lista blanca) ===================

    (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

    S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
    S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
    S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
    R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2018-05-10] (Apple Inc. -> Apple Inc.)
    S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)
    S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [128584 2018-03-26] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
    R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3729512 2018-10-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8524512 2022-05-13] (Malwarebytes Inc. -> Malwarebytes)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
    S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies Inc. -> VIA Technologies, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
    R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)

    ===================== Controladores (Lista blanca) ===================

    (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

    R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [31576 2020-04-24] (DEV47 APPS -> Dev47Apps)
    R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-11-29] (Disc Soft Ltd -> Disc Soft Ltd)
    R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-11-29] (Disc Soft Ltd -> Disc Soft Ltd)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-14] (Disc Soft Ltd -> Disc Soft Ltd)
    S3 h647906; C:\Windows\System32\drivers\h647906.sys [63856 2008-08-08] (Shen Zhen Dragon Rise Macro Technology Limited Company -> Your Corporation)
    S3 h648101; C:\Windows\System32\drivers\h648101.sys [65776 2008-08-08] (Shen Zhen Dragon Rise Macro Technology Limited Company -> Your Corporation)
    S3 h648103; C:\Windows\System32\drivers\h648103.sys [62960 2008-08-08] (Shen Zhen Dragon Rise Macro Technology Limited Company -> Your Corporation)
    S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41272 2008-08-08] (Shen Zhen Dragon Rise Macro Technology Limited Company -> Your Corporation)
    S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [43192 2008-08-08] (Shen Zhen Dragon Rise Macro Technology Limited Company -> Your Corporation)
    S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [40856 2008-08-08] (Shen Zhen Dragon Rise Macro Technology Limited Company -> Your Corporation)
    R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-05-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239560 2022-04-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
    S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-01-11] (MiniTool Solution Ltd -> )
    S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-01-11] (MiniTool Solution Ltd -> )
    S3 RvNetMP60; C:\Windows\System32\DRIVERS\RvNetMP60.sys [69048 2021-09-21] (Famatech Corp. -> Famatech Corp.)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-04-14] () [Archivo no firmado] [El archivo está en uso]
    S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R3 tpg64win7; C:\Windows\System32\DRIVERS\tpg64win7.sys [648808 2012-02-22] (Realtek Semiconductor Corp -> TP-LINK TECHNOLOGIES CO., LTD)
    S3 vjoy; C:\Windows\System32\DRIVERS\vjoy.sys [56560 2015-08-15] (Shaul Eizikovich -> Shaul Eizikovich)
    R3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [35696 2017-11-25] (Beijing Wolicheng Technology Co., Ltd. -> Windows (R) Win 7 DDK provider)
    S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Windows Central Build Account - X -> Microsoft Corporation)
    U3 a7b9c01f; no ImagePath
    S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
    S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
    U3 aswbdisk; no ImagePath
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 MpKsl1199b774; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4FA05688-FB88-43B2-852A-5121B1F33BA8}\MpKslDrv.sys [X]
    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

    ==================== NetSvcs (Lista blanca) ===================

    (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


    ==================== Un mes (creado) (Lista blanca) =========

    (Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

    2022-06-04 14:29 - 2022-06-04 14:30 - 000000000 ____D C:\Users\Pato\Desktop\Farbar
    2022-06-04 14:29 - 2022-06-04 14:29 - 000000000 _____ C:\Users\Pato\Downloads\wEkk4S4-.exe.part
    2022-06-04 14:29 - 2022-06-04 14:29 - 000000000 _____ C:\Users\Pato\Downloads\aswMBR.exe
    2022-06-04 14:23 - 2022-06-04 14:23 - 008551608 _____ (Malwarebytes) C:\Users\Pato\Downloads\AdwCleaner(1).exe
    2022-06-04 14:11 - 2022-06-04 14:16 - 000052680 _____ C:\Users\Pato\Downloads\Addition.txt
    2022-06-04 14:05 - 2022-06-04 14:16 - 000048665 _____ C:\Users\Pato\Downloads\FRST.txt
    2022-06-04 14:05 - 2022-06-04 14:05 - 008551608 _____ (Malwarebytes) C:\Users\Pato\Downloads\AdwCleaner.exe
    2022-06-04 13:51 - 2022-06-04 13:51 - 000627600 _____ C:\Users\Pato\Documents\cc_20220604_135150.reg
    2022-06-04 13:35 - 2022-06-04 13:35 - 000000000 ___HD C:\Users\Pato\Downloads\.opera
    2022-06-04 13:35 - 2022-06-04 13:35 - 000000000 ___HD C:\Users\Pato\.opera
    2022-06-04 12:18 - 2022-06-04 12:18 - 000000000 ___HD C:\$Windows.~WS
    2022-06-04 11:47 - 2022-06-04 11:47 - 000000000 ____D C:\$WINDOWS.~BT
    2022-06-04 11:45 - 2022-06-04 11:45 - 003096328 _____ C:\Users\Pato\Desktop\2ndbackup04062022.rar
    2022-06-04 11:44 - 2022-06-04 11:44 - 035405041 _____ C:\Users\Pato\Desktop\bookmarksfirefox04062022.html
    2022-06-04 11:44 - 2022-06-04 11:44 - 000093633 _____ C:\Users\Pato\Desktop\bookmarksopera04062022.html
    2022-06-03 13:24 - 2022-06-03 13:24 - 000000000 ____D C:\Users\Public\Documents\Catch!
    2022-06-03 08:23 - 2022-06-03 08:23 - 000088146 _____ C:\Users\Pato\Desktop\2022.05.01-PRORRATEO PRELIMINAR- FEDERICO LACROZE 2137 - MAYO PRELIMINAR.pdf
    2022-06-02 16:29 - 2022-06-02 16:29 - 000109534 _____ C:\Users\Pato\Downloads\2022.05.01-PRORRATEO PRELIMINAR- ACOYTE 673 - MAYO PRELIMINAR.pdf
    2022-06-02 16:27 - 2022-06-02 16:28 - 000071747 _____ C:\Users\Pato\Downloads\2022.05.01-PRORRATEO PRELIMINAR- ACOYTE 673 - MAYO PRELIMINAR.xlsx
    2022-06-02 16:21 - 2022-06-02 16:21 - 000223440 _____ C:\Users\Pato\Downloads\2022.05.01-PRORRATEO PRELIMINAR- ACOYTE 673 - MAYO PRELIMINAR a.xlsx
    2022-06-02 16:21 - 2022-06-02 16:21 - 000223440 _____ C:\Users\Pato\Downloads\2022.05.01-PRORRATEO- ACOYTE 673 - MAYO.xlsx
    2022-06-01 17:28 - 2022-06-01 17:44 - 000000000 ____D C:\Windows\system32\appmgmt
    2022-05-31 23:11 - 2022-06-01 09:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2022-05-31 20:54 - 2022-05-31 20:55 - 001232764 _____ C:\Users\Pato\Documents\cc_20220531_205447.reg
    2022-05-31 16:07 - 2022-05-31 16:07 - 000027643 _____ C:\Users\Pato\Documents\20363197869-constancia cuit afip.pdf
    2022-05-31 14:03 - 2022-05-31 14:03 - 000000520 _____ C:\Users\Pato\Desktop\Asistente de soporte y recuperación de Microsoft.appref-ms
    2022-05-31 12:00 - 2022-05-31 12:05 - 000000000 ____D C:\Users\Pato\AppData\Roaming\DFXCT
    2022-05-31 11:25 - 2022-05-31 15:33 - 000000000 ____D C:\Users\Pato\AppData\Local\SaraResults
    2022-05-31 10:55 - 2022-05-31 14:05 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
    2022-05-31 10:55 - 2022-05-31 10:55 - 000000000 ____D C:\Users\Pato\AppData\Local\SaRALogs
    2022-05-25 17:28 - 2022-05-25 17:28 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
    2022-05-12 21:27 - 2022-06-04 13:35 - 000004048 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1616187668
    2022-05-08 19:05 - 2022-05-08 19:05 - 000001079 _____ C:\Users\Public\Desktop\Free Alarm Clock.lnk
    2022-05-08 19:05 - 2022-05-08 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
    2022-05-08 19:05 - 2022-05-08 19:05 - 000000000 ____D C:\Program Files (x86)\FreeAlarmClock
    2022-05-08 19:03 - 2022-05-08 19:03 - 004721088 _____ (Comfort Software Group ) C:\Users\Pato\Desktop\FreeAlarmClockSetup.exe

    ==================== Un mes (modificado) ==================

    (Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

    2022-06-04 14:29 - 2016-02-03 12:19 - 000000000 ____D C:\FRST
    2022-06-04 14:23 - 2022-02-09 11:34 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
    2022-06-04 14:22 - 2017-02-17 18:11 - 000000000 ____D C:\Users\Pato\AppData\Roaming\discord
    2022-06-04 14:22 - 2016-11-18 09:13 - 000000000 ____D C:\Users\Pato\AppData\LocalLow\Mozilla
    2022-06-04 14:20 - 2014-03-12 09:33 - 000000000 ____D C:\AdwCleaner
    2022-06-04 14:15 - 2013-02-16 16:26 - 000000000 ____D C:\Program Files (x86)\Google
    2022-06-04 14:05 - 2009-07-14 01:45 - 000028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2022-06-04 14:05 - 2009-07-14 01:45 - 000028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2022-06-04 13:45 - 2013-03-01 12:55 - 000000000 ____D C:\Program Files\CCleaner
    2022-06-04 13:44 - 2017-02-17 18:11 - 000000000 ____D C:\Users\Pato\AppData\Local\Discord
    2022-06-04 13:37 - 2019-10-03 09:09 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
    2022-06-04 13:35 - 2013-02-16 16:09 - 000000000 ____D C:\Users\Pato
    2022-06-04 13:28 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2022-06-04 13:27 - 2021-11-27 18:25 - 000000000 ____D C:\Program Files (x86)\StarCraft II
    2022-06-04 13:27 - 2020-05-27 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WarCraft III
    2022-06-04 13:27 - 2018-05-10 23:11 - 000000000 ____D C:\Program Files (x86)\StarCroft
    2022-06-04 13:27 - 2016-06-27 22:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2016
    2022-06-04 13:27 - 2013-12-13 07:10 - 000000000 ____D C:\Program Files (x86)\Battle.net
    2022-06-04 13:27 - 2013-03-05 11:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
    2022-06-04 13:27 - 2013-02-18 01:17 - 000000000 ____D C:\Users\Pato\Desktop\EVERYTHING
    2022-06-04 13:27 - 2013-02-17 15:44 - 000000000 ____D C:\PCSX2 1.0.0
    2022-06-04 13:26 - 2022-04-23 15:44 - 000000000 ____D C:\Program Files (x86)\International GunZ
    2022-06-04 13:26 - 2022-02-14 18:42 - 000000000 ____D C:\Users\Pato\Desktop\Formulario para atención de usuarios Argentina.gob.ar_archivos
    2022-06-04 13:26 - 2022-02-14 18:42 - 000000000 ____D C:\Users\Pato\Desktop\Formulario para atención de usuarios Argentina.gob.ar 1_archivos
    2022-06-04 13:26 - 2021-11-27 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheating-Death
    2022-06-04 13:26 - 2021-11-27 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
    2022-06-04 13:26 - 2021-11-27 18:25 - 000000000 ____D C:\Users\Pato\Documents\StarCraft II
    2022-06-04 13:26 - 2021-11-02 21:33 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
    2022-06-04 13:26 - 2021-06-02 12:39 - 000000000 ____D C:\Users\Pato\Documents\PCSX2
    2022-06-04 13:26 - 2021-05-22 10:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Compressor
    2022-06-04 13:26 - 2021-05-22 10:46 - 000000000 ____D C:\Program Files (x86)\Free Video Compressor
    2022-06-04 13:26 - 2021-04-27 13:48 - 000000000 ____D C:\SNES9x v1.53-1240
    2022-06-04 13:26 - 2021-03-25 16:30 - 000000000 ____D C:\Users\Pato\Documents\My Cheat Tables
    2022-06-04 13:26 - 2021-01-25 18:51 - 000000000 ____D C:\Warframe
    2022-06-04 13:26 - 2021-01-25 18:50 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
    2022-06-04 13:26 - 2020-05-19 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker
    2022-06-04 13:26 - 2020-05-19 20:02 - 000000000 ____D C:\Program Files (x86)\Tracker
    2022-06-04 13:26 - 2020-04-08 17:57 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Zoom
    2022-06-04 13:26 - 2019-07-19 17:03 - 000000000 ____D C:\Program Files (x86)\NirSoft
    2022-06-04 13:26 - 2018-08-09 20:39 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
    2022-06-04 13:26 - 2018-05-10 23:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft
    2022-06-04 13:26 - 2018-02-19 16:13 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1
    2022-06-04 13:26 - 2016-11-29 16:47 - 000000000 ____D C:\Users\Pato\Desktop\EVERYTHING 2
    2022-06-04 13:26 - 2016-10-28 16:53 - 000000000 ____D C:\Program Files (x86)\ePub Reader for Windows
    2022-06-04 13:26 - 2016-09-08 14:20 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
    2022-06-04 13:26 - 2016-08-20 01:19 - 000000000 ____D C:\Program Files (x86)\BANDAI NAMCO Games
    2022-06-04 13:26 - 2016-03-19 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
    2022-06-04 13:26 - 2016-03-19 11:40 - 000000000 ____D C:\Users\Pato\Documents\Heroes of the Storm
    2022-06-04 13:26 - 2016-03-19 11:40 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
    2022-06-04 13:26 - 2016-02-04 23:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2022-06-04 13:26 - 2015-02-15 19:17 - 000000000 ____D C:\Users\Pato\Documents\Assassin's Creed IV Black Flag
    2022-06-04 13:26 - 2014-12-06 18:13 - 000000000 ____D C:\Program Files\Valve
    2022-06-04 13:26 - 2014-10-06 17:22 - 000000000 ____D C:\Program Files (x86)\Freemake
    2022-06-04 13:26 - 2014-05-08 20:32 - 000000000 ____D C:\Program Files (x86)\Child of Light
    2022-06-04 13:26 - 2014-04-14 17:12 - 000000000 ____D C:\Games
    2022-06-04 13:26 - 2014-04-14 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
    2022-06-04 13:26 - 2014-04-14 15:54 - 000000000 ____D C:\Program Files (x86)\Diablo II
    2022-06-04 13:26 - 2014-03-25 18:21 - 000000000 ____D C:\th135
    2022-06-04 13:26 - 2014-02-03 18:04 - 000000000 ____D C:\Program Files (x86)\Lame For Audacity
    2022-06-04 13:26 - 2014-01-09 08:51 - 000000000 ____D C:\Program Files (x86)\Firefall
    2022-06-04 13:26 - 2013-12-13 07:11 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Battle.net
    2022-06-04 13:26 - 2013-12-13 07:11 - 000000000 ____D C:\Users\Pato\AppData\Local\Battle.net
    2022-06-04 13:26 - 2013-12-13 07:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
    2022-06-04 13:26 - 2013-08-14 18:13 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
    2022-06-04 13:26 - 2013-07-19 17:44 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magicka
    2022-06-04 13:26 - 2013-07-19 17:43 - 000000000 ____D C:\Program Files (x86)\Magicka
    2022-06-04 13:26 - 2013-05-14 18:51 - 000000000 ____D C:\Program Files (x86)\JDownloader
    2022-06-04 13:26 - 2013-05-11 23:12 - 000000000 ____D C:\Users\Pato\AppData\Roaming\IrfanView
    2022-06-04 13:26 - 2013-04-15 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frontier Aja
    2022-06-04 13:26 - 2013-04-15 16:59 - 000000000 ____D C:\Program Files (x86)\Frontier Aja
    2022-06-04 13:26 - 2013-04-02 20:03 - 000000000 ____D C:\Program Files (x86)\SPlayer
    2022-06-04 13:26 - 2013-03-19 01:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
    2022-06-04 13:26 - 2013-03-09 23:29 - 000000000 ____D C:\Program Files (x86)\Bethesda Softworks
    2022-06-04 13:26 - 2013-03-05 11:16 - 000000000 ____D C:\Program Files (x86)\Nero
    2022-06-04 13:26 - 2013-03-01 12:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2022-06-04 13:26 - 2013-02-28 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
    2022-06-04 13:26 - 2013-02-28 19:00 - 000000000 ____D C:\Program Files (x86)\MagicISO
    2022-06-04 13:26 - 2013-02-18 11:59 - 000000000 ____D C:\Users\Pato\Desktop\ST
    2022-06-04 13:26 - 2013-02-17 21:48 - 000000000 ____D C:\Program Files (x86)\NAMCO BANDAI Games
    2022-06-04 13:26 - 2013-02-17 21:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2022-06-04 13:26 - 2013-02-16 22:59 - 000000000 ____D C:\Users\Pato\Documents\My Games
    2022-06-04 13:26 - 2013-02-16 21:22 - 000000000 ____D C:\Program Files (x86)\KONAMI
    2022-06-04 13:26 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
    2022-06-04 13:25 - 2013-02-16 16:10 - 000000000 ____D C:\Windows\SoftwareDistribution.old
    2022-06-04 13:25 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\registration
    2022-06-04 12:19 - 2013-02-17 00:02 - 000000000 ____D C:\Windows\Panther
    2022-06-01 18:16 - 2021-07-10 13:34 - 000000000 ____D C:\Users\Pato\AppData\Roaming\NCH Software
    2022-06-01 18:16 - 2014-12-08 16:42 - 000000000 ____D C:\Program Files (x86)\UltraISO
    2022-06-01 18:05 - 2009-07-14 02:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2022-06-01 17:51 - 2014-08-17 07:55 - 000000000 ____D C:\ProgramData\McAfee Security Scan
    2022-06-01 17:49 - 2017-07-28 18:11 - 000000000 ____D C:\Users\Pato\AppData\Local\CrashDumps
    2022-06-01 17:39 - 2017-04-22 20:29 - 000000000 ____D C:\Program Files\Free PDF to Word Converter
    2022-06-01 17:37 - 2021-11-27 22:06 - 000000000 ____D C:\Program Files (x86)\Cheating-Death
    2022-06-01 17:30 - 2018-06-29 13:15 - 000000000 ____D C:\Users\Pato\Desktop\Materias
    2022-06-01 16:34 - 2016-11-27 19:31 - 000000000 ____D C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2022-06-01 09:23 - 2021-07-20 09:03 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
    2022-06-01 00:16 - 2017-11-30 14:52 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2022-05-31 14:53 - 2016-02-13 19:08 - 000000000 ____D C:\Users\Pato\AppData\Local\Deployment
    2022-05-31 14:23 - 2020-04-04 01:46 - 000000000 ____D C:\Program Files\Microsoft Office
    2022-05-31 14:23 - 2009-07-14 00:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2022-05-31 12:48 - 2020-08-18 23:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
    2022-05-31 12:46 - 2020-08-18 23:17 - 000000000 ____D C:\Program Files\AutoHotkey
    2022-05-31 12:46 - 2020-04-04 02:00 - 000000000 ____D C:\Program Files (x86)\Teams Installer
    2022-05-25 17:30 - 2020-04-04 02:01 - 000000000 ___RD C:\Users\Pato\OneDrive
    2022-05-25 11:31 - 2021-06-21 19:23 - 000000000 ____D C:\Users\Pato\AppData\Roaming\flashpoint-launcher
    2022-05-13 18:45 - 2022-02-21 12:16 - 000001908 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2022-05-13 18:45 - 2020-08-02 20:17 - 000001920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
    2022-05-13 18:41 - 2017-11-30 14:25 - 000000000 ____D C:\Program Files\Malwarebytes
    2022-05-13 18:41 - 2014-05-13 15:56 - 000000000 ____D C:\ProgramData\Malwarebytes
    2022-05-12 21:39 - 2017-11-30 14:52 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
    2022-05-12 09:35 - 2015-12-21 01:28 - 000000000 ____D C:\Windows\system32\MRT
    2022-05-12 09:24 - 2013-03-16 11:54 - 145501456 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2022-05-09 08:16 - 2009-07-14 02:08 - 000032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT

    ==================== Archivos en la raíz de algunos directorios ========

    2018-05-15 14:07 - 2018-05-22 12:53 - 000000033 _____ () C:\Users\Pato\AppData\Roaming\AdobeWLCMCache.dat
    2017-09-17 18:10 - 2018-08-12 20:45 - 000003584 _____ () C:\Users\Pato\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2018-09-28 10:13 - 2018-09-28 10:13 - 000000000 _____ () C:\Users\Pato\AppData\Local\oobelibMkey.log
    2014-03-29 13:36 - 2014-03-29 13:36 - 000000218 _____ () C:\Users\Pato\AppData\Local\recently-used.xbel
    2014-02-23 17:32 - 2018-12-22 16:01 - 000007597 _____ () C:\Users\Pato\AppData\Local\Resmon.ResmonCfg

    ==================== SigCheck ============================

    (No existe una corrección automática para los archivos que no pasan la verificación.)


    LastRegBack: 2022-05-27 00:38
    ==================== Final de FRST.txt ========================


    Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 04-06-2022 01
    Ejecutado por Pato (04-06-2022 14:31:15)
    Ejecutado desde C:\Users\Pato\Desktop\Farbar
    Microsoft Windows 7 Ultimate Service Pack 1 (X64) (2013-02-16 19:09:16)
    Modo de Inicio: Normal
    ==========================================================


    ==================== Cuentas: =============================


    (Si una entrada es incluida en el fixlist, será eliminada.)

    Administrador (S-1-5-21-482052857-3487469296-3382205014-500 - Administrator - Disabled)
    HomeGroupUser$ (S-1-5-21-482052857-3487469296-3382205014-1002 - Limited - Enabled)
    Invitado (S-1-5-21-482052857-3487469296-3382205014-501 - Limited - Disabled)
    Pato (S-1-5-21-482052857-3487469296-3382205014-1000 - Administrator - Enabled) => C:\Users\Pato

    ==================== Centro de Seguridad ========================

    (Si una entrada es incluida en el fixlist, será eliminada.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Programas instalados ======================

    (Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Asistente de soporte y recuperación de Microsoft (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\a1a734b8150c1d83) (Version: 17.0.8503.9 - Microsoft Corporation)
    AutoHotkey 1.1.33.02 (HKLM\...\AutoHotkey) (Version: 1.1.33.02 - Lexikos)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    CCleaner (HKLM\...\CCleaner) (Version: 6.00 - Piriform)
    CodeBlocks (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.9.0.0650 - Disc Soft Ltd)
    Discord (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Discord) (Version: 0.0.309 - Discord Inc.)
    DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.141 - DivX, LLC)
    DroidCam Client (HKLM-x32\...\DroidCam) (Version: 6.3.3 - Dev47apps)
    DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
    Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    ePub Reader for Windows versión 5.3 (HKLM-x32\...\{BFBA7F3A-1F10-4754-ADEC-A8CFBB4F925B}_is1) (Version: 5.3 - HANSoft, Inc.)
    f.lux (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Flux) (Version: - f.lux Software LLC)
    ffdshow (remove only) (HKLM-x32\...\ffdshow) (Version: - )
    FlexHEX version 2.7 (HKLM-x32\...\FlexHEX_is1) (Version: 2.7 - Inv Softworks LLC)
    FormatFactory 3.3.3.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.3.0 - Format Factory)
    Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 5.2.0.0 - Comfort Software Group)
    Free Video Compressor (HKLM-x32\...\{01554C33-4131-4BC7-9E6D-AF85E02BDF4F}_is1) (Version: - freevideocompressor.com)
    Freemake Video Converter versión 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
    Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.156.0 - International GeoGebra Institute)
    GeoGebra Classic (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\GeoGebra_6) (Version: 6.0.489 - International GeoGebra Institute)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 102.0.5005.63 - Google LLC)
    Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    Half-Life (HKLM-x32\...\Half-Life_is1) (Version: Half-Life - No Steam - KingSOFT DVD)
    Hero Editor V1.04 (HKLM-x32\...\ST6UNST #1) (Version: - )
    Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    International GunZ Installer (HKLM-x32\...\{F5F73DCD-B812-4FD3-B0B9-C1022739864F}) (Version: 1.2.2.0 - International GunZ)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
    IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
    JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
    K-Lite Codec Pack 9.8.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.0 - )
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
    Malwarebytes version 4.5.9.198 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.9.198 - Malwarebytes)
    Microsoft OneDrive (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
    MiKTeX 2.9 (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
    MiniTool Partition Wizard Home Edition 7.7 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
    Mnemosyne 2.8 (HKLM-x32\...\Mnemosyne_is1) (Version: - )
    Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox (x64 es-AR) (HKLM\...\Mozilla Firefox 101.0 (x64 es-AR)) (Version: 101.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.1 - Mozilla)
    MPC-HC 1.6.6.6957 (3975d54) (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.6.6957 - MPC-HC Team)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Multi-Timer Ultimate 2.51 (HKLM-x32\...\Multi-Timer Ultimate_is1) (Version: - Johannes Wallroth)
    NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - )
    Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 8.1.5 - Notepad++ Team)
    OpenShot Video Editor versión 2.5.1 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.5.1 - OpenShot Studios, LLC)
    Opera GX Stable 86.0.4363.64 (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Opera GX 86.0.4363.64) (Version: 86.0.4363.64 - Opera Software)
    Opera GX Stable 86.0.4363.70 (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\Opera GX 86.0.4363.70) (Version: 86.0.4363.70 - Opera Software)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
    StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
    StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
    Stashimi Stub Installer (HKLM-x32\...\{910B539D-F257-46C8-9CB8-6C95EFF9CF22}) (Version: 18.001.1 - Nero AG) Hidden
    Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.362 - Microsoft Corporation)
    Tracker (HKLM-x32\...\OSP Tracker) (Version: 5.1.5 - Open Source Physics)
    USB Network Driver (HKLM-x32\...\{66ED8E01-C915-41F5-B33E-C5C31F27B885}) (Version: V3.70a - )
    USB Vibration Joystick (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
    VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
    VIA Administrador de dispositivos de plataforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
    vJoy Device Driver 0.2.1.6 (HKLM\...\{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 0.2.1.6 - Shaul Eizikovich)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
    Warframe (HKLM-x32\...\{61E16878-258F-429D-A1D0-4E3E5D183BB5}) (Version: 1.0.0 - Digital Extremes)
    Welcome App (Start-up experience) (HKLM-x32\...\{828175FA-7307-4DBF-95AD-9CEE086B6F45}) (Version: 12.0.14000 - Nero AG) Hidden
    WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
    WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )
    WO Mic Client (HKLM-x32\...\WOMic) (Version: - )
    Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
    X-Mouse Button Control 2.18.2 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.18.2 - Highresolution Enterprises)
    YAWLE 0.5b (HKLM-x32\...\Yawle_0.3b) (Version: - )
    YoloMouse (HKLM\...\{0BD95EA1-50C1-4841-869E-25B3AC863A26}) (Version: 0.8.1.0 - HaPpY)
    Zoom (HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\ZoomUMX) (Version: 5.8.3 (1581) - Zoom Video Communications, Inc.)

    ==================== Personalizado CLSID (Lista blanca): ==============

    (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

    CustomCLSID: HKU\S-1-5-21-482052857-3487469296-3382205014-1000_Classes\CLSID\{6514CF27-CAB1-4577-81A9-EC81618C5003}\InprocServer32 -> C:\Program Files (x86)\FlexHEX\FlexCtx64.dll (Inv Softworks LLC -> Inv Softworks LLC)
    CustomCLSID: HKU\S-1-5-21-482052857-3487469296-3382205014-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Ningún archivo
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Ningún archivo
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Ningún archivo
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Ningún archivo
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Ningún archivo
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Ningún archivo
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Ningún archivo
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Archivo no firmado]
    ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2021-02-13] (Notepad++ -> )
    ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
    ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [Archivo no firmado]
    ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Ningún archivo
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2011-03-15] (WinZip Computing -> WinZip Computing, S.L.)
    ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-10-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
    ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-10-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
    ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Ningún archivo
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Archivo no firmado]
    ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
    ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [Archivo no firmado]
    ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Ningún archivo
    ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2011-03-15] (WinZip Computing -> WinZip Computing, S.L.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
    ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [Archivo no firmado]
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2011-03-15] (WinZip Computing -> WinZip Computing, S.L.)
    ContextMenuHandlers1_S-1-5-21-482052857-3487469296-3382205014-1000: [FlexHEX Menu] -> {6514CF27-CAB1-4577-81A9-EC81618C5003} => C:\Program Files (x86)\FlexHEX\FlexCtx64.dll [2018-06-30] (Inv Softworks LLC -> Inv Softworks LLC)

    ==================== Codecs (Lista blanca) ====================

    (Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

    HKLM\...\Drivers32-x32: [vidc.iv50] => C:\PROGRA~2\SPlayer\ir50_32.dll
    HKLM\...\Drivers32: [vidc.ffds] => C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax [1761280 2004-10-12] () [Archivo no firmado]

    ==================== Accesos directos & WMI ========================

    (Las entradas pueden ser listadas para ser restauradas o eliminadas.)

    Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\Configure default LISP for Maxima.lnk -> C:\maxima-5.38.1\bin\lispselector.bat (Ningún archivo)
    Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\Maxima (command line).lnk -> C:\maxima-5.38.1\bin\maxima.bat (Ningún archivo)
    Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\XMaxima (simple GUI).lnk -> C:\maxima-5.38.1\bin\xmaxima.bat (Ningún archivo)

    ==================== Módulos cargados (Lista blanca) =============

    2010-11-18 20:08 - 2010-11-18 20:08 - 000086016 _____ (Igor Pavlov) [Archivo no firmado] D:\Program Files\7-Zip\7-zip.dll
    2013-02-28 19:00 - 2008-05-22 22:25 - 000043520 _____ (MagicISO, Inc.) [Archivo no firmado] C:\Program Files (x86)\MagicISO\misosh64.dll

    ==================== Alternate Data Streams (Lista blanca) ========

    ==================== Modo Seguro (Lista blanca) ==================

    (Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Asociación (Lista blanca) =================

    ==================== Internet Explorer (Versión 11) (Lista blanca) ==========

    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-482052857-3487469296-3382205014-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-12-15] (Oracle America, Inc. -> Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-12-15] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - Ningún archivo
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - Ningún archivo
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - Ningún archivo
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - Ningún archivo
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - Ningún archivo

    (Si una entrada es incluida en el fixlist, será eliminada del registro.)

    IE trusted site: HKU\S-1-5-21-482052857-3487469296-3382205014-1000\...\sharepoint.com -> hxxps://insptutneduar-files.sharepoint.com

    ==================== Hosts contenido: =========================

    (Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

    2009-07-13 23:34 - 2009-06-10 18:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

    ==================== Otras Áreas ===========================

    (Actualmente no existe una corrección automática para esta sección.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64
    HKU\S-1-5-21-482052857-3487469296-3382205014-1000\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 8.8.8.8 - 8.8.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Firewall de Windows está habilitado.

    ==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

    (Si una entrada es incluida en el fixlist, será eliminada.)

    MSCONFIG\Services: Hamachi2Svc => 2
    MSCONFIG\Services: NAUpdate => 2
    MSCONFIG\Services: Update webget => 2
    MSCONFIG\Services: Util webget => 2
    MSCONFIG\Services: WMPNetworkSvc => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\Windows\pss\HandyAndy.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Pato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OUTLOOK.EXE => C:\Windows\pss\OUTLOOK.EXE.Startup
    MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Chromium => "c:\users\pato\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
    MSCONFIG\startupreg: com.squirrel.Teams.Teams => C:\Users\Pato\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated"
    MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
    MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    MSCONFIG\startupreg: EpicGamesLauncher => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
    MSCONFIG\startupreg: f.lux => "C:\Users\Pato\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
    MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    MSCONFIG\startupreg: RadminVPN => "C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe" /minimized
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: UPlayLoader => C:\Users\Pato\AppData\Roaming\UPlayLoader.exe
    MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

    ==================== Reglas de firewall (Lista blanca) ================

    (Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

    FirewallRules: [{B317C595-ADAA-419E-AA04-C5B57AC90C66}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG)
    FirewallRules: [{AF8EAB99-5E97-4CB7-A988-ADD5D729FC2F}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG)
    FirewallRules: [TCP Query User{B9DFAC50-376A-4E7E-BD17-D0DB1AA1362F}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe (Valve) [Archivo no firmado]
    FirewallRules: [UDP Query User{BFCBC9F9-2E91-4EF8-9CCD-209F039EEB2B}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe (Valve) [Archivo no firmado]
    FirewallRules: [TCP Query User{1D3EC1D8-4141-4B0F-86CB-D7FFDFB592A1}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Allow) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe (Nero AG -> Nero AG)
    FirewallRules: [UDP Query User{9F3BCE5B-6762-4950-AB2F-239DF175D882}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Allow) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe (Nero AG -> Nero AG)
    FirewallRules: [{4BD44338-7818-47E9-8EBA-9B68C5A1661F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
    FirewallRules: [{4F5EBF28-717A-4EF1-A54D-1069CC3F7986}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
    FirewallRules: [{41C6D3D7-6500-4F51-9509-BC99C90DB18B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
    FirewallRules: [{CA0AAE92-79A6-4510-9275-1000A0AFC3CF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
    FirewallRules: [{26963E97-41CE-4E65-95A0-4561ECC31E01}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
    FirewallRules: [{B71FFAEA-F658-4B95-A613-7AC31099E2E0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
    FirewallRules: [{F07C1F5D-42AC-46FB-9362-128D019B2E96}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\pes2013_100.exe (Konami Digital Entertainment Co., Ltd.) [Archivo no firmado]
    FirewallRules: [{E04F6326-6204-49C3-AC3B-E45BF210CD26}] => (Allow) C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\pes2013_100.exe (Konami Digital Entertainment Co., Ltd.) [Archivo no firmado]
    FirewallRules: [{3FCD27C9-F2D5-4F31-8128-CB9389311090}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{E31F97C9-2053-450E-BF0A-51B62EEC1487}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{17AF8ED0-3F81-43EE-BF2C-C290D40F750B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{A5499914-2D45-4C8A-97FE-153072172605}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG)
    FirewallRules: [{E6248984-39DC-40E1-B5EB-3972E9AEE64D}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe (Nero AG -> Nero AG)
    FirewallRules: [{6F3CA005-ED53-4A22-8AAF-5CDE1107D0E9}] => (Allow) C:\Program Files (x86)\Nero\KM\MediaHome.exe (Nero AG -> Nero AG)
    FirewallRules: [{D7D8263C-87BF-4739-8CCE-FD7E7444CCB0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{FBA8C345-F400-4D50-9E8D-B83E571EDFFF}] => (Allow) LPort=2869
    FirewallRules: [{93651A7F-4113-4308-8CA4-0C43B2584A19}] => (Allow) LPort=1900
    FirewallRules: [TCP Query User{656C255F-E817-40E0-AD7E-8B373FB5A158}C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
    FirewallRules: [UDP Query User{947D8881-C737-41CF-B4A9-25073C374889}C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
    FirewallRules: [{7D292005-9E2E-49E0-8479-2DDD3765A49C}] => (Block) C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
    FirewallRules: [{F937DC6B-D489-4A75-92BA-09028D86CB38}] => (Block) C:\program files (x86)\heroes of the storm\versions\base48760\heroesofthestorm.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
    FirewallRules: [{3015F648-9558-4FEF-9BDB-C51C6A57E5AE}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe () [Archivo no firmado]
    FirewallRules: [{3FB7E181-724A-447A-8016-8107E6309198}] => (Allow) LPort=4950
    FirewallRules: [{ED2813FF-5FED-4589-8255-10908AF27E13}] => (Allow) LPort=443
    FirewallRules: [{025748E8-9C6B-4375-B83C-E434911EEBF1}] => (Allow) LPort=443
    FirewallRules: [{7946578E-FD20-476E-9F9F-DA3D4B9F5AE6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
    FirewallRules: [{42E40672-C902-4528-9980-15444846114D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
    FirewallRules: [{448B31E4-B7A4-433B-96D1-6782DE3CFB43}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
    FirewallRules: [TCP Query User{2A091CBF-B51A-4630-B2DD-F5BC1C0D1A3F}C:\program files (x86)\heroes of the storm\versions\base72649\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base72649\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
    FirewallRules: [UDP Query User{96C037B8-76EC-41A1-B353-71075F9697AC}C:\program files (x86)\heroes of the storm\versions\base72649\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base72649\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
    FirewallRules: [{1696B94A-31A6-4A05-BA42-8DDC6DE14E65}] => (Allow) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN -> VideoLAN)
    FirewallRules: [{AD58927D-30F6-4CE1-9780-CC9520AD1223}] => (Allow) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN -> VideoLAN)
    FirewallRules: [{5F174A67-D0B8-4115-8EDA-C3980E9A6104}] => (Allow) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN -> VideoLAN)
    FirewallRules: [{96096FDE-2C04-43BE-9B2A-2D9DE3DE3F4C}] => (Allow) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN -> VideoLAN)
    FirewallRules: [{89BB6CA8-11F4-42A6-B82D-A0DC89241737}] => (Allow) C:\Users\Pato\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{1DAAAB6D-A97F-44C5-8D7C-4655CB69A0A8}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe () [Archivo no firmado]
    FirewallRules: [TCP Query User{BE0B00AA-3D93-435C-BB6D-6646EF1259A6}C:\program files (x86)\tracker\jre\bin\java.exe] => (Allow) C:\program files (x86)\tracker\jre\bin\java.exe
    FirewallRules: [UDP Query User{D08D7310-48F2-4E2E-9373-608673947ECE}C:\program files (x86)\tracker\jre\bin\java.exe] => (Allow) C:\program files (x86)\tracker\jre\bin\java.exe
    FirewallRules: [{9E1BF09A-0193-4BCE-B77A-FB665F233ECF}] => (Allow) LPort=6112
    FirewallRules: [{8D846872-1FDB-4641-9A75-2D6B161E8C27}] => (Allow) LPort=6112
    FirewallRules: [{95FDBEFF-82FB-4229-9E5A-A501D9123936}] => (Allow) LPort=4000
    FirewallRules: [{29F4B8F2-557E-4CCE-A932-880518D54DAA}] => (Allow) LPort=4000
    FirewallRules: [{37B76B7C-CCFE-4F90-AEC3-149E76C15DC6}] => (Allow) C:\Program Files\OpenShot Video Editor\openshot-qt.exe (OpenShot Studios, LLC) [Archivo no firmado]
    FirewallRules: [{CC07EDB1-6294-47AB-BFE8-7EA7432ABE86}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe (Nero AG -> Nero AG)
    FirewallRules: [{26C077A0-345D-4837-8109-A9CB52C35050}] => (Allow) C:\Users\Pato\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
    FirewallRules: [{538A8C99-BFE8-4027-8B57-366E5A1E00BD}] => (Allow) C:\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
    FirewallRules: [{2BB2D4D9-BFD2-4DAC-B2BE-AD95870AD9CE}] => (Allow) C:\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
    FirewallRules: [{9585137B-F7BB-4DCC-B662-72B4FC5C7802}] => (Allow) C:\Users\Pato\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
    FirewallRules: [{30695D5E-CAE9-4B86-AF6D-A34A25BE6378}] => (Allow) C:\Users\Pato\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe (Digital Extremes Ltd. -> Digital Extremes)
    FirewallRules: [{E0403F6C-0E20-4929-9002-14E60D20E856}] => (Allow) C:\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
    FirewallRules: [{C651ADA3-C0C3-4A08-8662-FFF710904169}] => (Allow) C:\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
    FirewallRules: [{7E48D0CF-0174-47E1-B6B9-4106A4CDD908}] => (Allow) C:\Users\Pato\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe (Digital Extremes Ltd. -> )
    FirewallRules: [{6B62DCC2-E666-4E2B-9E16-314C70F84941}] => (Allow) C:\Program Files\OpenShot Video Editor\openshot-qt.exe (OpenShot Studios, LLC) [Archivo no firmado]
    FirewallRules: [TCP Query User{267B9261-B594-4BFB-BAC7-7EB4D98DC2CE}C:\program files (x86)\mnemosyne\mnemosyne.exe] => (Allow) C:\program files (x86)\mnemosyne\mnemosyne.exe () [Archivo no firmado]
    FirewallRules: [UDP Query User{FFBE34C7-E4C8-4B29-A4DD-929620EE843B}C:\program files (x86)\mnemosyne\mnemosyne.exe] => (Allow) C:\program files (x86)\mnemosyne\mnemosyne.exe () [Archivo no firmado]
    FirewallRules: [{AEF9E817-2F07-4806-8837-C94ED9D66667}] => (Block) C:\program files (x86)\mnemosyne\mnemosyne.exe () [Archivo no firmado]
    FirewallRules: [{96D0072B-A110-411F-8326-4F9A9FE9D7E7}] => (Block) C:\program files (x86)\mnemosyne\mnemosyne.exe () [Archivo no firmado]
    FirewallRules: [{80E878EA-F650-4795-BB2B-426C4650A728}] => (Allow) C:\Users\Pato\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{B8ADCFA3-76A0-458B-8B08-464BDB2766BD}] => (Allow) LPort=27015
    FirewallRules: [TCP Query User{D73A08FC-8A14-4A8C-82A3-DA814D20B22C}C:\users\pato\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\pato\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
    FirewallRules: [UDP Query User{1B152A2F-4B64-4353-A89B-219DBAF9ED44}C:\users\pato\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\pato\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
    FirewallRules: [{B315C64C-5418-45B4-B9EC-B42BC61B75F1}] => (Block) C:\users\pato\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
    FirewallRules: [{DA0759FA-F04D-4862-956C-F872161750DA}] => (Block) C:\users\pato\appdata\local\programs\opera gx\opera.exe (Opera Software AS -> Opera Software)
    FirewallRules: [TCP Query User{92870FF9-7F06-4223-95E6-A3DEB638175A}C:\program files (x86)\starcraft ii\versions\base87702\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base87702\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
    FirewallRules: [UDP Query User{ADBAED1C-346E-4BCC-A2B2-F833AAD042AC}C:\program files (x86)\starcraft ii\versions\base87702\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base87702\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
    FirewallRules: [{C4B3E3A2-6674-461C-8D4C-8348352618C3}] => (Block) C:\program files (x86)\starcraft ii\versions\base87702\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
    FirewallRules: [{AE4A419F-1DAE-410D-8BB0-ACF298861AC7}] => (Block) C:\program files (x86)\starcraft ii\versions\base87702\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
    FirewallRules: [TCP Query User{6FE9EB81-8D27-4409-A2B8-1749B801851B}C:\program files (x86)\international gunz\client\gunz.exe] => (Allow) C:\program files (x86)\international gunz\client\gunz.exe (International GunZ) [Archivo no firmado]
    FirewallRules: [UDP Query User{379A1025-2B53-4366-A758-97207D5E65CB}C:\program files (x86)\international gunz\client\gunz.exe] => (Allow) C:\program files (x86)\international gunz\client\gunz.exe (International GunZ) [Archivo no firmado]
    FirewallRules: [{F44ADF2D-3FFC-484B-813B-05EC0552F604}] => (Block) C:\program files (x86)\international gunz\client\gunz.exe (International GunZ) [Archivo no firmado]
    FirewallRules: [{E79B0282-AD6B-403F-AACD-7F25C8ED212F}] => (Block) C:\program files (x86)\international gunz\client\gunz.exe (International GunZ) [Archivo no firmado]
    FirewallRules: [{2EC600A3-790E-4C63-9429-F0AC8DEFC4F9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Puntos de Restauración =========================

    01-06-2022 18:16:56 Removed Warframe
    03-06-2022 13:43:32 Windows Update
    04-06-2022 13:11:09 Operación de restauración
    04-06-2022 14:04:11 Windows Update

    ==================== Dispositivos defectuosos en el Administrador de dispositivos ============

    Name: AQ436N82 IDE Controller
    Description: AQ436N82 IDE Controller
    Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
    Manufacturer: (Standard mass storage controllers)
    Service: a7b9c01f
    Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
    Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
    Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Errores del registro de eventos: ========================

    Errores de aplicación:
    ==================
    Error: (06/04/2022 02:29:45 PM) (Source: VSS) (EventID: 12297) (User: )
    Description: Error del Servicio de instantáneas de volumen: no se pueden vaciar las escrituras de E/S durante el período de creación de la instantánea en el volumen \\?\Volume{b12a5a45-78c7-11e2-9264-806e6f6e6963}\.
    El índice del volumen en el conjunto de instantánea es 0. Detalles del error: Open[0x00000000, La operación se completó correctamente.
    ], Flush[0x80042302, Un componente del Servicio de instantáneas de volumen detectó un error inesperado.
    Consulte el registro de eventos de la aplicación para obtener más información.
    ], Release[0x00000000, La operación se completó correctamente.
    ], OnRun[0x00000000, La operación se completó correctamente.
    ].


    Operación:
    Ejecutando operación asincrónica

    Contexto:
    Estado actual: DoSnapshotSet

    Error: (06/04/2022 02:29:45 PM) (Source: VSS) (EventID: 12289) (User: )
    Description: Error del Servicio de instantáneas de volumen: error inesperado DeviceIoControl(\\?\Volume{b12a5a45-78c7-11e2-9264-806e6f6e6963} - 0000000000000244,0x0053c000,0000000000463240,0,0000000000464250,4096,[0]). HR = 0x80070005, Acceso denegado.
    .


    Operación:
    Ejecutando operación asincrónica

    Contexto:
    Estado actual: calling flush-and-hold IOCTL
    Estado actual: flush-and-hold writes
    Nombre del volumen: \\?\Volume{b12a5a45-78c7-11e2-9264-806e6f6e6963}\

    Error: (06/04/2022 02:24:22 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
    Description: No se pudo iniciar el servicio de protección de software. 0xD000010A
    6.1.7601.17514

    Error: (06/04/2022 01:09:22 PM) (Source: System Restore) (EventID: 8206) (User: )
    Description: El punto de restauración seleccionado se dañó o eliminó durante la restauración (Removed International GunZ Installer).

    Error: (06/04/2022 12:46:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
    Description: Los Servicios de cifrado no pudieron inicializar la base de datos del catálogo. El error ESENT era: -543.

    Error: (06/04/2022 12:46:02 PM) (Source: ESENT) (EventID: 454) (User: )
    Description: Catalog Database (960) Catalog Database: Error inesperado al recuperar o restaurar la base de datos -543.

    Error: (06/04/2022 12:46:02 PM) (Source: ESENT) (EventID: 452) (User: )
    Description: Catalog Database (960) Catalog Database: La base de datos C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb requiere los archivos de registro 1155-1166, para recuperarse correctamente. El proceso de recuperación sólo encontró los archivos de registro a partir del 1160.

    Error: (06/01/2022 05:49:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nombre de la aplicación con errores: firefox.exe, versión: 101.0.0.8181, marca de tiempo: 0x628ff7f7
    Nombre del módulo con errores: xul.dll, versión: 101.0.0.8181, marca de tiempo: 0x628ff95e
    Código de excepción: 0x80000003
    Desplazamiento de errores: 0x00000000044f3bb8
    Id. del proceso con errores: 0x1518
    Hora de inicio de la aplicación con errores: 0x01d875b265b98ea6
    Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Ruta de acceso del módulo con errores: C:\Program Files (x86)\Mozilla Firefox\xul.dll
    Id. del informe: 5a174660-e1ec-11ec-b67e-30b5c2008a06


    Errores del sistema:
    =============
    Error: (06/04/2022 02:24:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: El servicio Protección de software se cerró con el siguiente error:
    Acceso denegado.

    Error: (06/04/2022 02:22:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: El servicio Adobe Acrobat Update Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

    Error: (06/04/2022 02:22:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: El servicio AdobeUpdateService se terminó de manera inesperada. Esto ha sucedido 1 veces.

    Error: (06/04/2022 02:22:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: El servicio Adobe Genuine Monitor Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

    Error: (06/04/2022 02:22:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: El servicio Adobe Genuine Software Integrity Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

    Error: (06/04/2022 02:22:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: El servicio Bonjour Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 500 milisegundos: Reiniciar el servicio.

    Error: (06/04/2022 02:22:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: El servicio VIA Karaoke digital mixer Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

    Error: (06/04/2022 02:22:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: El servicio Windows Live ID Sign-in Assistant terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.


    ==================== Información de la memoria ===========================

    BIOS: American Megatrends Inc. 0608 08/10/2012
    Placa base: ASUSTeK COMPUTER INC. P8H61-M LX3 R2.0
    Procesador: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
    Porcentaje de memoria en uso: 69%
    RAM física total: 7113.84 MB
    RAM física disponible: 2153.52 MB
    Virtual total: 14225.83 MB
    Virtual disponible: 8412.16 MB

    ==================== Unidades ================================

    Drive c: () (Fixed) (Total:361.12 GB) (Free:246.02 GB) (Model: WDC WD5000AAKX-00ERMA0 ATA Device) NTFS
    Drive d: (Datos) (Fixed) (Total:52.09 GB) (Free:20.44 GB) (Model: WDC WD5000AAKX-00ERMA0 ATA Device) NTFS

    \\?\Volume{b12a5a44-78c7-11e2-9264-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

    ==================== MBR & Tabla de particiones ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 106BA9D7)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=361.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=52.1 GB) - (Type=0F Extended)

    ==================== Final de Addition.txt =======================

  2. #2
    Junior Member
    Join Date
    Jun 2022
    Posts
    7

    Default

    I realize after posting that the second log I had was also from Farbar. AswMBR is still running, and I will post its log once it's done.

    And here is the aswMBR log. Hope anyone helps me with all these.



    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2022-06-04 14:37:01
    -----------------------------
    14:37:01.733 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:37:01.733 Number of processors: 4 586 0x2A07
    14:37:01.733 ComputerName: CASITA UserName: Pato
    14:37:04.283 Initialize success
    14:37:04.463 VM: initialized successfully
    14:37:04.463 VM: Intel CPU BiosDisabled
    14:38:14.033 AVAST engine defs: 17030301
    14:39:22.883 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
    14:39:22.883 Disk 0 Vendor: WDC_WD5000AAKX-00ERMA0 15.01H15 Size: 476940MB BusType: 3
    14:39:22.913 Disk 0 MBR read successfully
    14:39:22.913 Disk 0 MBR scan
    14:39:22.983 Disk 0 Windows 7 default MBR code
    14:39:22.983 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    14:39:22.993 Disk 0 default boot code
    14:39:23.073 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 369784 MB offset 206848
    14:39:23.103 Disk 0 Partition - 00 0F Extended LBA 53339 MB offset 867528641
    14:39:23.133 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 53339 MB offset 867528704
    14:39:23.183 Disk 0 scanning C:\Windows\system32\drivers
    14:39:47.503 Service scanning
    14:40:08.493 Service MpKsl985c5d71 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31DC730B-326D-47B9-B564-B631B8115E4D}\MpKslDrv.sys **LOCKED** 32
    14:40:29.753 Modules scanning
    14:40:29.753 Disk 0 trace - called modules:
    14:40:29.763 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800749b2c0]<<spwh.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    14:40:29.773 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078e6060]
    14:40:29.773 3 CLASSPNP.SYS[fffff88001ad943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa80075ea060]
    14:40:29.783 \Driver\atapi[0xfffffa800755d630] -> IRP_MJ_CREATE -> 0xfffffa800749b2c0
    14:40:31.073 AVAST engine scan C:\Windows
    14:40:40.713 AVAST engine scan C:\Windows\system32
    14:47:01.203 AVAST engine scan C:\Windows\system32\drivers
    14:47:28.853 AVAST engine scan C:\Users\Pato
    14:49:41.424 File: C:\Users\Pato\AppData\Local\Chromium\Application\58.0.3014.0\Installer\setup.exe **INFECTED** Win32:MalOb-CA [Cryp]
    14:49:45.354 File: C:\Users\Pato\AppData\Local\Chromium\Application\chrome.exe **INFECTED** Win32:MalOb-CA [Cryp]
    15:53:55.137 AVAST engine scan C:\ProgramData
    16:22:26.894 Disk 0 statistics 5963612/0/0 @ 0,71 MB/s
    16:22:26.899 Scan finished successfully
    16:23:15.555 Disk 0 MBR has been saved successfully to "C:\Users\Pato\Desktop\Farbar\MBR.dat"
    16:23:15.675 The log file has been saved successfully to "C:\Users\Pato\Desktop\Farbar\aswMBR log.txt"
    Last edited by tashi; 2022-06-05 at 00:30. Reason: Merged two posts

  3. #3
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,057

    Default

    Hi and welcome

    There is actually no visible signs of infection.
    We can run a script by FRST to tidy up, and I did find errors related to your computer.

    Please go to the below site to scan the following files:
    Virus Total (Recommended)

    C:\Users\Pato\Downloads\wEkk4S4-.exe

    Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
    If it says already scanned -- click "reanalyze now"
    Please post the results in your next reply.


    ****
    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator, just open it and let it wait)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Start::
    CloseProcesses:
    CreateRestorePoint:
    U3 a7b9c01f; no ImagePath
    S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
    S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
    U3 aswbdisk; no ImagePath
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 MpKsl1199b774; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4FA05688-FB88-43B2-852A-5121B1F33BA8}\MpKslDrv.sys [X]
    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Ningún archivo
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Ningún archivo
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Ningún archivo
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Ningún archivo
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Ningún archivo
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Ningún archivo
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Ningún archivo
    ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Ningún archivo
    Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\Configure default LISP for Maxima.lnk -> C:\maxima-5.38.1\bin\lispselector.bat (Ningún archivo)
    Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\Maxima (command line).lnk -> C:\maxima-5.38.1\bin\maxima.bat (Ningún archivo)
    Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\XMaxima (simple GUI).lnk -> C:\maxima-5.38.1\bin\xmaxima.bat (Ningún archivo)
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - Ningún archivo
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - Ningún archivo
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - Ningún archivo
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - Ningún archivo
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - Ningún archivo
    Hosts:
    CMD: netsh int ip reset
    CMD: ipconfig /flushDNS
    EmptyTemp:
    C:\Windows\Temp\*.*
    SystemRestore:
    End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Press the Fix button.
    FRST will process the lines copied above from the clipboard.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    Please also include the information for the file scanned.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Description: Error del Servicio de instantáneas de volumen
    Volume Shadow Copy Service error
    Description: AQ436N82 IDE Controller, Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
    Hard drive errors
    The above are errors found on your computer that might be the result of trying to download Windows 10
    It's hard to say if the errors were already existing or recent.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #4
    Junior Member
    Join Date
    Jun 2022
    Posts
    7

    Default

    Hello, thanks for the reply.

    I'm replying from my phone, since after running the fix with Farbar, my pc can't connect to many servers.

    I tried some, and I can't open Discord, nor enter this forum, Outlook online, Google Sheets, Ikariam, Virustotal, nor archiveofourown.

    I'm also logged out of Gmail and Whatsapp Web on firefox.

    There are sites I can access, though. Whatsapp Web is still open and logged in on Opera, as are Spacebattles Forums, Sufficientvelocity Forums, Youtube, Google (the search part, not Outlook nor Sheets). Wikipedia still works, as do xkcd and the Giant in the Playground site.

    I'm manually copying the link from the Virustotal analysis: https://www.virustotal.com/gui/file/...52b855/details

    As for the fixlog from Farbar, I copied the text by sending to myself with whatsapp:

    Resultados de la corrección de Farbar Recovery Scan Tool (x64) Versión: 04-06-2022 01
    Ejecutado por Pato (05-06-2022 10:50:34) Run:1
    Ejecutado desde C:\Users\Pato\Desktop\Farbar
    Perfiles cargados: Pato
    Modo de Inicio: Normal
    ==============================================

    fixlist contenido:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    U3 a7b9c01f; no ImagePath
    S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
    S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
    U3 aswbdisk; no ImagePath
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 MpKsl1199b774; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4FA05688-FB88-43B2-852A-5121B1F33BA8}\MpKslDrv.sys [X]
    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Ningún archivo
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Ningún archivo
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Ningún archivo
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Ningún archivo
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Ningún archivo
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Ningún archivo
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Ningún archivo
    ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Ningún archivo
    Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\Configure default LISP for Maxima.lnk -> C:\maxima-5.38.1\bin\lispselector.bat (Ningún archivo)
    Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\Maxima (command line).lnk -> C:\maxima-5.38.1\bin\maxima.bat (Ningún archivo)
    Shortcut: C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\XMaxima (simple GUI).lnk -> C:\maxima-5.38.1\bin\xmaxima.bat (Ningún archivo)
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - Ningún archivo
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - Ningún archivo
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - Ningún archivo
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - Ningún archivo
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - Ningún archivo
    Hosts:
    CMD: netsh int ip reset
    CMD: ipconfig /flushDNS
    EmptyTemp:
    C:\Windows\Temp\*.*
    SystemRestore:

    *****************

    Procesos cerrados correctamente.
    El punto de restauración fue creado correctamente.
    a7b9c01f => servicio no encontrado.
    HKLM\System\CurrentControlSet\Services\AndNetDiag => eliminado correctamente
    AndNetDiag => servicio eliminado correctamente
    HKLM\System\CurrentControlSet\Services\ANDNetModem => eliminado correctamente
    ANDNetModem => servicio eliminado correctamente
    HKLM\System\CurrentControlSet\Services\aswbdisk => eliminado correctamente
    aswbdisk => servicio eliminado correctamente
    HKLM\System\CurrentControlSet\Services\EagleX64 => eliminado correctamente
    EagleX64 => servicio eliminado correctamente
    MpKsl1199b774 => servicio no encontrado.
    HKLM\System\CurrentControlSet\Services\VMnetAdapter => eliminado correctamente
    VMnetAdapter => servicio eliminado correctamente
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => eliminado correctamente
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => eliminado correctamente
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => eliminado correctamente
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => eliminado correctamente
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => eliminado correctamente
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => eliminado correctamente
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => eliminado correctamente
    HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => eliminado correctamente
    C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\Configure default LISP for Maxima.lnk => movido correctamente
    C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\Maxima (command line).lnk => movido correctamente
    C:\Users\Pato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\maxima-5.38.1\XMaxima (simple GUI).lnk => movido correctamente
    HKLM\Software\Classes\PROTOCOLS\Handler\mso-minsb-roaming.16 => eliminado correctamente
    HKLM\Software\Classes\PROTOCOLS\Handler\mso-minsb.16 => eliminado correctamente
    HKLM\Software\Classes\PROTOCOLS\Handler\osf-roaming.16 => eliminado correctamente
    HKLM\Software\Classes\PROTOCOLS\Handler\osf.16 => eliminado correctamente
    HKLM\Software\Classes\PROTOCOLS\Filter\text/xml => eliminado correctamente
    C:\Windows\System32\Drivers\etc\hosts => movido correctamente
    Hosts restaurado correctamente.

    ========= netsh int ip reset =========

    Global se restableci¢ correctamente.
    Interfaz se restableci¢ correctamente.
    Direcci¢n de unidifusi¢n se restableci¢ correctamente.
    Ruta se restableci¢ correctamente.
    Reinicie el equipo para completar esta acci¢n.



    ========= Final de CMD: =========


    ========= ipconfig /flushDNS =========


    Configuraci¢n IP de Windows

    Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.


    ========= Final de CMD: =========


    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\adobegc.log => movido correctamente
    C:\Windows\Temp\DMI2D46.tmp => movido correctamente
    C:\Windows\Temp\DMID4CB.tmp => movido correctamente
    C:\Windows\Temp\MpCmdRun.log => movido correctamente
    C:\Windows\Temp\MpSigStub.log => movido correctamente

    ========= Final -> "C:\Windows\Temp\*.*" ========

    SystemRestore: => Error: Ninguna corrección automática encontrada para esta entrada.

    =========== EmptyTemp: ==========

    BITS transfer queue => 0 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7561178 B
    Java, Discord, Steam htmlcache => 1029036125 B
    Windows/system/drivers => 251810 B
    Edge => 0 B
    Chrome => 1753610 B
    Firefox => 1322064992 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 128 B
    systemprofile32 => 256 B
    LocalService => 256 B
    NetworkService => 141127468 B
    Pato => 863786349 B

    RecycleBin => 539936145 B
    EmptyTemp: => 3.6 GB datos temporales eliminados.

    ================================


    El sistema necesita reiniciarse.

    ==== Final de Fixlog 10:57:22 ====

  5. #5
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,057

    Default

    Try resetting the router and reboot the computer.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Junior Member
    Join Date
    Jun 2022
    Posts
    7

    Default

    I tried rebooting the router and the PC, and flushing the DNS again.

    I needed to work on some files with microsoft online, so I figured I can always run the fix again, and system restored to the point created by Farbar. That's done, so if necessary, I can re-run the fix.

  7. #7
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,057

    Default

    NO need to run again, it posted it was removed successfully.

    These items you mentioned not running or wont run at all happened after trying to upgrade to a newer version of windows, windows 10?

    Reason I ask, this computer might not have been compatible for the upgrade and Microsoft also states there is a possibility some programs might not work afterwards.

    We can continue to check for malware?

    Also, can you post the log created by AdwCleaner?

    ~~~

    ESET Online Scanner:
    • Download ESET Online Scanner from the ESET website by clicking the ONE-TIME-SCAN button on that webpage
    • Double-click the esetonlinescanner.exe file you downloaded to run the application
    • Select product language
    • Click Get started and confirm the User access control dialog of Windows
    • In the Terms of use screen, click Accept if you agree to the Terms of use. After accepting the terms of use, the shortcut for ESET Online Scanner is created on the Desktop
    • Click Get started in the welcome screen
    • Select whether or not you want to join the Customer Experience Improvement Program, and whether or not to enable the feedback system, then click Continue
    • Select the Full Scan type
    • Select the choice to enable detections of potentially unwanted applications (PUA)
    • After the detection module updates are downloaded, the scan starts. Scan progress is shown via the progress bar along with the path and title of file being scanned. You can pause or cancel the scan at any time
    • Note: The scan make take several hours depending on how many files are on your computer..When the scan has finished and if threats have been detected, click Save scan log and save the text file with a unique name such as, ESET results.txt thenclick Continue.
    • Copy and paste the contents of this ESET results report into your next reply to me (If no threats were detected, you do not need to save the results)
    • The following steps are optional and are not required
    • If there has been no ESET security product detected on your machine, and your user account has administrator privileges, ESET Online Scanner will offer you to turn on Periodic scan. This choice is up to you
    • In the Thank you for using ESET Online Scanner screen you can rate the application and leave feedback. In addition, to delete all detection modules and settings of ESET Online Scanner configured in previous steps, select Delete application's data on closing
    • Click Submit and close if you rated the application and/or left a feedback, or click Close without feedback

    • Click Finish to exit ESET Online Scanner

    Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Junior Member
    Join Date
    Jun 2022
    Posts
    7

    Default

    Quote Originally Posted by Juliet View Post
    NO need to run again, it posted it was removed successfully.

    These items you mentioned not running or wont run at all happened after trying to upgrade to a newer version of windows, windows 10?

    Reason I ask, this computer might not have been compatible for the upgrade and Microsoft also states there is a possibility some programs might not work afterwards.
    I should be more specific. I couldn't even try to upgrade to Windows 10, the executable that's supposed to create the ISO or program the flash USB that would be used to install Windows 10 was one of the programs that didn't work at all, with the other programs being all of Microsoft Office.

    And later, while I was trying to fix that, the computer got worse, and I got errors trying to run most programs, even including msconfig and the task manager. That got undone through system restore.

    This is the executable I downloaded from Microsoft to try and install Windows 10, and its error message:


    This is the error I get when trying to use the Microsoft Office setup file (I uninstalled Office before trying to reinstall it):


    (The errors I got when trying to run Microsoft Office apps where what prompted me to try and upgrade from Windows 7 to 10.)

    While I'm at it, I found this strange file in my desktop today, don't know what's up with this:



    We can continue to check for malware?

    Also, can you post the log created by AdwCleaner?
    Here are the logs, first the scan log:

    # -------------------------------
    # Malwarebytes AdwCleaner 8.3.2.0
    # -------------------------------
    # Build: 03-23-2022
    # Database: 2022-03-15.3 (Local)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 06-04-2022
    # Duration: 00:00:54
    # OS: Windows 7 Ultimate
    # Scanned: 32050
    # Detected: 18


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    PUP.Adware.Heuristic C:\ProgramData\C53133092C51F964
    PUP.Optional.Legacy C:\Program Files (x86)\Common Files\Speedbit
    PUP.Optional.Legacy C:\ProgramData\Speedbit
    PUP.Optional.Legacy C:\Users\Pato\AppData\LocalLow\Speedbit
    PUP.Optional.Legacy C:\Users\Pato\AppData\Roaming\Speedbit
    PUP.Optional.OutbytePCRepair C:\ProgramData\Outbyte

    ***** [ Files ] *****

    PUP.Optional.Legacy C:\END

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.Legacy HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Opera GX Browser Assistant
    PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
    PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
    PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
    PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
    PUP.Optional.Legacy HKLM\Software\Wow6432Node\dt soft\daemon tools toolbar
    PUP.Optional.Legacy HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    PUP.Optional.Legacy HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    PUP.Optional.Legacy HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    PUP.Optional.Legacy HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    PUP.Optional.SofTonicAssistant HKCU\Software\Softonic

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries found.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software found.



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########



    And the cleaning log:

    # -------------------------------
    # Malwarebytes AdwCleaner 8.3.2.0
    # -------------------------------
    # Build: 03-23-2022
    # Database: 2022-03-15.3 (Local)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 06-04-2022
    # Duration: 00:00:22
    # OS: Windows 7 Ultimate
    # Cleaned: 18
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    Deleted C:\Program Files (x86)\Common Files\Speedbit
    Deleted C:\ProgramData\C53133092C51F964
    Deleted C:\ProgramData\Outbyte
    Deleted C:\ProgramData\Speedbit
    Deleted C:\Users\Pato\AppData\LocalLow\Speedbit
    Deleted C:\Users\Pato\AppData\Roaming\Speedbit

    ***** [ Files ] *****

    Deleted C:\END

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKCU\Software\Softonic
    Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Opera GX Browser Assistant
    Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
    Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
    Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
    Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
    Deleted HKLM\Software\Wow6432Node\dt soft\daemon tools toolbar
    Deleted HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Deleted HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Deleted HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Deleted HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries cleaned.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [2890 octets] - [04/06/2022 14:20:56]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########




    ~~~

    ESET Online Scanner:
    • Download ESET Online Scanner from the ESET website by clicking the ONE-TIME-SCAN button on that webpage
    • Double-click the esetonlinescanner.exe file you downloaded to run the application
    • Select product language
    • Click Get started and confirm the User access control dialog of Windows
    • In the Terms of use screen, click Accept if you agree to the Terms of use. After accepting the terms of use, the shortcut for ESET Online Scanner is created on the Desktop
    • Click Get started in the welcome screen
    • Select whether or not you want to join the Customer Experience Improvement Program, and whether or not to enable the feedback system, then click Continue
    • Select the Full Scan type
    • Select the choice to enable detections of potentially unwanted applications (PUA)
    • After the detection module updates are downloaded, the scan starts. Scan progress is shown via the progress bar along with the path and title of file being scanned. You can pause or cancel the scan at any time
    • Note: The scan make take several hours depending on how many files are on your computer..When the scan has finished and if threats have been detected, click Save scan log and save the text file with a unique name such as, ESET results.txt thenclick Continue.
    • Copy and paste the contents of this ESET results report into your next reply to me (If no threats were detected, you do not need to save the results)
    • The following steps are optional and are not required
    • If there has been no ESET security product detected on your machine, and your user account has administrator privileges, ESET Online Scanner will offer you to turn on Periodic scan. This choice is up to you
    • In the Thank you for using ESET Online Scanner screen you can rate the application and leave feedback. In addition, to delete all detection modules and settings of ESET Online Scanner configured in previous steps, select Delete application's data on closing
    • Click Submit and close if you rated the application and/or left a feedback, or click Close without feedback

    • Click Finish to exit ESET Online Scanner

    Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply
    05/06/2022 17:30:56
    Files scanned: 347282
    Detected files: 131
    Cleaned files: 131
    Total scan time 02:57:12
    Scan status: Finished
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vuze\.install4j\user\mism.exe.vir a variant of Win32/Toolbar.Conduit.AR potentially unwanted application cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Administrador\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Invitado\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\AdwCleaner\Quarantine\C\Users\Pato\AppData\Local\torch\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Program Files\DAEMON Tools Lite\Inst\setuphlp.dll a variant of Win32/Yandex.K potentially unwanted application deleted

    C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\BrowserPlugin.dll a variant of MSIL/Freemake.A potentially unwanted application cleaned by deleting

    C:\Program Files (x86)\Freemake\Freemake Video Converter\FMCommon\ConverterCommon\FreemakeConverterCommon.dll a variant of MSIL/Freemake.A potentially unwanted application cleaned by deleting

    C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe a variant of Win32/Hao123.A potentially unwanted application cleaned by deleting

    C:\Program Files (x86)\JDownloader\tools\Windows\kikin\kikin_installer.exe a variant of Win32/Kikin.A potentially unwanted application cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Invitado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iacibmmadlphhijfdjbnlnldogcepmci\1.0\rO_03hE.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\228\OzwO7uKZe.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\content.js.vir JS/Chromex.Agent.L trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Qoobox\Quarantine\C\Users\Pato\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljkhboffmelocidogfjeoanidmecmjhg\3.7\S7eYZasJL.js.vir JS/Kryptik.ATB trojan cleaned by deleting

    C:\Windows\Installer\MSI9C90.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting

    D:\EVERYTHING 2\ccsetup503.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting





    Thanks for taking the time to help me with this!

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,057

    Default

    C:\Qoobox\Quarantine
    The above shows you have used ComboFix on the computer. I don't know if that was something used years ago and was never removed or if it was something you have used recently?
    Point is, this tool is not maintained or updated and hasn't been in a very long time.
    Using it can do damage.

    https://answers.microsoft.com/en-us/...6-f6989e45e721
    the latest version of Microsoft 365 is not supported on Windows 7,

    I don't think your windows 7 computer can support what you attempted to do.

    For items that wont connect to the internet

    Navigate to the desktop. ...
    Right-click the Start button (the Windows logo in the lower-left).
    Choose Command Prompt (Admin).
    When asked whether to allow Command Prompt to make changes to your computer, select Yes. ...
    Type ipconfig /flushdns and press Enter. <= there is a space between ipconfig and the /
    Type ipconfig /registerdns and press Enter. <= there is a space between ipconfig and the /

    ~~~~~~~~~~~~~~~~~~~~`

    • Download CKScanner and save it to your Desktop.
    • Double click CKScanner.
    • Select Search For Files.
    • When it has completed select Save List to File.
    • A ckfiles.txt document will be placed on your Desktop.
    • Copy and paste the results of this report into your next reply.


    If you have problems trying to download:
    For the CKScanner, try copy/pasting the link directly into your browser.
    http://downloads.malwareremoval.com/CKScanner.exe

    Note: A new webpage may open up when you click the above link however it will be a blank page. [b]Also, you should be asked permission to download the CKScanner file. In any event, please check your Downloads folder afterward and see if you can find the file there.


    The below is something you might consider, but, at times it wont work and can cause further problems if the system registry is corrupt.
    Last Known Good Configuration” is a recovery option Microsoft built into all versions of Windows, available from the Advanced Boot Options menu, and can be a valuable asset when attempting to recover a PC that isn't working correctly.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Junior Member
    Join Date
    Jun 2022
    Posts
    7

    Default

    Quote Originally Posted by Juliet View Post
    C:\Qoobox\Quarantine
    The above shows you have used ComboFix on the computer. I don't know if that was something used years ago and was never removed or if it was something you have used recently?
    Point is, this tool is not maintained or updated and hasn't been in a very long time.
    Using it can do damage.
    Combofix does sound familiar. Last time I used must have been years ago, though.

    https://answers.microsoft.com/en-us/...6-f6989e45e721
    the latest version of Microsoft 365 is not supported on Windows 7,

    I don't think your windows 7 computer can support what you attempted to do.
    Yes, it seems that way. My Microsoft Office apps were working perfectly until around May 30, then the next morning just gave an error message. A friend told me I need to upgrade to Windows 10, but the application used for it also gives me an error message. I think today or tomorrow I'll be able to get access to another computer, so I'll be able to prepare the Flash USB so I can bring it home and install Windows 10. I don't know if I need to format the C partition first, or it happens during the installation, or what, but it should be the end of all these issues even if they can't be fixed, I hope. And we were able to keep the computer running well enough I could work on it, so thanks for that.


    For items that wont connect to the internet

    Navigate to the desktop. ...
    Right-click the Start button (the Windows logo in the lower-left).
    Choose Command Prompt (Admin).
    When asked whether to allow Command Prompt to make changes to your computer, select Yes. ...
    Type ipconfig /flushdns and press Enter. <= there is a space between ipconfig and the /
    Type ipconfig /registerdns and press Enter. <= there is a space between ipconfig and the /
    The system restore helped when that happened, but I'll make a note of this, I only did up to flushing the DNS that time.


    ~~~~~~~~~~~~~~~~~~~~`

    • Download CKScanner and save it to your Desktop.
    • Double click CKScanner.
    • Select Search For Files.
    • When it has completed select Save List to File.
    • A ckfiles.txt document will be placed on your Desktop.
    • Copy and paste the results of this report into your next reply.


    If you have problems trying to download:
    For the CKScanner, try copy/pasting the link directly into your browser.
    http://downloads.malwareremoval.com/CKScanner.exe

    Note: A new webpage may open up when you click the above link however it will be a blank page. [b]Also, you should be asked permission to download the CKScanner file. In any event, please check your Downloads folder afterward and see if you can find the file there.
    The download worked when I copied the URL.

    As for the results, there's only this:

    CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
    c:\program files (x86)\ubisoft\ubisoft game launcher\uplay_cracked.exe
    scanner sequence 3.BC.11.UFAPNZ
    ----- EOF -----


    The below is something you might consider, but, at times it wont work and can cause further problems if the system registry is corrupt.
    Last Known Good Configuration” is a recovery option Microsoft built into all versions of Windows, available from the Advanced Boot Options menu, and can be a valuable asset when attempting to recover a PC that isn't working correctly.
    I'll keep it in mind, thanks.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •