• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 14

    "30TaB" SECUESTRADOR INBORRABLE!

    Ayer descargue un programa que ya habia descargado con anterioridad, siempre soy muy cuidadoso conq ue o se me instale algo de mas, pero no se como sucedio, solo abri chrom y me aparecio este ...

    1. #1
      Usuario Avatar de RhScott
      Registrado
      dic 2017
      Ubicación
      México
      Mensajes
      8

      Atención "30TaB" SECUESTRADOR INBORRABLE!

      Ayer descargue un programa que ya habia descargado con anterioridad, siempre soy muy cuidadoso conq ue o se me instale algo de mas, pero no se como sucedio, solo abri chrom y me aparecio este secuestrador llamado "30tab.com/es.htm", ya intente eliminarlo de mil formas y NO ME DEJA ELIMINARLO POR NADA DEL MUNDO AYUDA PORFAVOR Ya use ADW Cleaner, Eset nod32 y nada me funciona, cuando va a terminar de analizar el Eset nod32 me bota pantallaso azul :c

    2. #2
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.364

      Re: "30TaB" SECUESTRADOR INBORRABLE!

      Hola RhScott


      Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

      1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

      • Realiza un Análisis Completo, actualizando si te lo pide.
      • Pulsar en “Eliminar Seleccionados” para enviarlo a la cuarentena y Reinicias el sistema.
      • En el apartado del manual "Historial" >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.



      2) Descargar Junkware Removal Tool

      • Desactiva temporalmente el Antivirus
      • Ejecuta JRT.exe, (en Windows 7 u 8 ejecutar como "Administrador")
      • Presiona cualquier tecla para continuar y espera pacientemente a que termine su proceso.
      • Al finalizar, un registro (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.
      • Copia y pega el contenido de JRT.txt en tu próximo mensaje de respuesta



      3) Descarga >> AdwCleaner | InfoSpyware en el escritorio.

      • Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus.
      • Cierra también todos los programas que tengas abiertos.
      • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botónLimpiar.
      • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistemaAceptas.
      • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
      • El informe también se puede encontrar en "C:\AdwCleaner\AdwCleaner[C0].txt"



      4) Descarga CCleaner

      • Instala Ccleaner
      • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine > clic en ejecutar limpiador
      • clic en la pestaña Registro > clic en buscar problemas esperas que termine > clic en Reparar Seleccionadas y haces una copia de seguridad
      • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.


      Pega los reportes de Malwarebytes, AdwCleaner y JRT y comentas como va el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de RhScott
      Registrado
      dic 2017
      Ubicación
      México
      Mensajes
      8

      Re: "30TaB" SECUESTRADOR INBORRABLE!

      El nuevo esta abajo, aun no soluciono nada :c

    4. #4
      Usuario Avatar de RhScott
      Registrado
      dic 2017
      Ubicación
      México
      Mensajes
      8

      Re: "30TaB" SECUESTRADOR INBORRABLE!

      Malwarebytes
      www.malwarebytes.com

      -Detalles del registro-
      Fecha del análisis: 16/12/17
      Hora del análisis: 2:12
      Archivo de registro: ec4006f0-e238-11e7-8c32-00ac8f4cea7b.json
      Administrador: Sí

      -Información del software-
      Versión: 3.3.1.2183
      Versión de los componentes: 1.0.262
      Versión del paquete de actualización: 1.0.3501
      Licencia: Prueba

      -Información del sistema-
      SO: Windows 8.1
      CPU: x64
      Sistema de archivos: NTFS
      Usuario: RHSCOTT\Rh Scott

      -Resumen del análisis-
      Tipo de análisis: Análisis de amenazas
      Resultado: Completado
      Objetos analizados: 249165
      Amenazas detectadas: 32
      Amenazas en cuarentena: 32
      Tiempo transcurrido: 6 min, 21 seg

      -Opciones de análisis-
      Memoria: Activado
      Inicio: Activado
      Sistema de archivos: Activado
      Archivo: Activado
      Rootkits: Desactivado
      Heurística: Activado
      PUP: Detectar
      PUM: Detectar

      -Detalles del análisis-
      Proceso: 0
      (No hay elementos maliciosos detectados)

      Módulo: 0
      (No hay elementos maliciosos detectados)

      Clave del registro: 4
      Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, Se eliminará al reiniciar, [4416], [424837],1.0.3501
      Adware.NetFilter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mrxsmb22, Se eliminará al reiniciar, [1430], [468094],1.0.3501
      RiskWare.Extension.NFCS, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\iinglghmhcgdgjjlafobajghjamdchik, Se eliminará al reiniciar, [8229], [419391],1.0.3501
      RiskWare.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TNod, Se eliminará al reiniciar, [400], [352776],1.0.3501

      Valor del registro: 1
      RiskWare.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|TNOD UP, Se eliminará al reiniciar, [400], [382498],1.0.3501

      Datos del registro: 0
      (No hay elementos maliciosos detectados)

      Secuencia de datos: 0
      (No hay elementos maliciosos detectados)

      Carpeta: 2
      PUP.Optional.WindowService.Generic, C:\USERS\RH SCOTT\APPDATA\LOCAL\TEMP\WS, Se eliminará al reiniciar, [8191], [409257],1.0.3501
      PUP.Optional.BundleInstaller, C:\USERS\RH SCOTT\APPDATA\LOCAL\TEMP\52403453, Se eliminará al reiniciar, [19], [463480],1.0.3501

      Archivo: 25
      Trojan.Agent, C:\WINDOWS\SYSTEM32\HOSTS, Se eliminará al reiniciar, [18], [204104],1.0.3501
      PUP.Optional.WindowService.Generic, C:\USERS\RH SCOTT\APPDATA\LOCAL\TEMP\WS\NEWTONSOFT.JSON.XML, Se eliminará al reiniciar, [8191], [409257],1.0.3501
      PUP.Optional.WindowService.Generic, C:\Users\Rh Scott\AppData\Local\Temp\WS\128x128.png, Se eliminará al reiniciar, [8191], [409257],1.0.3501
      PUP.Optional.WindowService.Generic, C:\Users\Rh Scott\AppData\Local\Temp\WS\ati_upd.dll, Se eliminará al reiniciar, [8191], [409257],1.0.3501
      PUP.Optional.WindowService.Generic, C:\Users\Rh Scott\AppData\Local\Temp\WS\Newtonsoft.Json.dll, Se eliminará al reiniciar, [8191], [409257],1.0.3501
      PUP.Optional.WindowService.Generic, C:\Users\Rh Scott\AppData\Local\Temp\WS\NLog.config, Se eliminará al reiniciar, [8191], [409257],1.0.3501
      PUP.Optional.WindowService.Generic, C:\Users\Rh Scott\AppData\Local\Temp\WS\NLog.dll, Se eliminará al reiniciar, [8191], [409257],1.0.3501
      PUP.Optional.WindowService.Generic, C:\Users\Rh Scott\AppData\Local\Temp\WS\NLog.xml, Se eliminará al reiniciar, [8191], [409257],1.0.3501
      PUP.Optional.WindowService.Generic, C:\Users\Rh Scott\AppData\Local\Temp\WS\state, Se eliminará al reiniciar, [8191], [409257],1.0.3501
      PUP.Optional.WindowService.Generic, C:\Users\Rh Scott\AppData\Local\Temp\WS\WindowService.InstallLog, Se eliminará al reiniciar, [8191], [409257],1.0.3501
      PUP.Optional.WindowService.Generic, C:\Users\Rh Scott\AppData\Local\Temp\WS\WindowService.InstallState, Se eliminará al reiniciar, [8191], [409257],1.0.3501
      PUP.Optional.WindowService.Generic, C:\Users\Rh Scott\AppData\Local\Temp\WS\WindowService.Lib.dll, Se eliminará al reiniciar, [8191], [409257],1.0.3501
      Adware.SearchAwesome.TskLnk, C:\WINDOWS\36c5f87ef6ecf575aaf28ae8a73a9c82.ps1, Se eliminará al reiniciar, [2219], [428239],1.0.3501
      Adware.NetFilter, C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB22.SYS, Se eliminará al reiniciar, [1430], [468094],1.0.3501
      RiskWare.Extension.NFCS, C:\USERS\RH SCOTT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, [8229], [419391],1.0.3501
      PUP.Optional.BundleInstaller, C:\USERS\RH SCOTT\APPDATA\LOCAL\TEMP\52403453\ic-0.0d5965f573efd.exe, Se eliminará al reiniciar, [19], [463480],1.0.3501
      PUP.Optional.BundleInstaller, C:\Users\Rh Scott\AppData\Local\Temp\52403453\dlreport, Se eliminará al reiniciar, [19], [463480],1.0.3501
      PUP.Optional.BundleInstaller, C:\Users\Rh Scott\AppData\Local\Temp\52403453\ic-0.b5dae010382d98.exe, Se eliminará al reiniciar, [19], [463480],1.0.3501
      RiskWare.Agent, C:\PROGRAM FILES\TNOD USER & PASSWORD FINDER\UNINST-TNOD.EXE, Se eliminará al reiniciar, [400], [352776],1.0.3501
      RiskWare.Agent, C:\USERS\RH SCOTT\APPDATA\LOCAL\TEMP\~NSU.TMP\AU_.EXE, Se eliminará al reiniciar, [400], [352776],1.0.3501
      PUP.Optional.InstallCore, C:\USERS\RH SCOTT\DOWNLOADS\CAMSTUDIO.EXE, Se eliminará al reiniciar, [2], [395091],1.0.3501
      RiskWare.Tool.HCK, C:\USERS\RH SCOTT\IMAGELINE_KEYGEN.EXE, Se eliminará al reiniciar, [1984], [97362],1.0.3501
      RiskWare.Agent, C:\USERS\RH SCOTT\DOWNLOADS\TNODACTIVADO.RAR, Se eliminará al reiniciar, [400], [352776],1.0.3501
      RiskWare.Tool.HCK, C:\USERS\RH SCOTT\DOWNLOADS\BDMF.RAR, Se eliminará al reiniciar, [1984], [64690],1.0.3501
      RiskWare.Agent, C:\USERS\RH SCOTT\DOWNLOADS\TNOD-1.6.0-BETA-SETUP.RAR, Se eliminará al reiniciar, [400], [352776],1.0.3501

      Sector físico: 0
      (No hay elementos maliciosos detectados)


      (end)

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.4 (07.09.2017)
      Operating System: Windows 8.1 Pro x64
      Ran by Rh Scott (Administrator) on 16/12/2017 at 2:28:28,37
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      File System: 4

      Successfully deleted: C:\ProgramData\esellerate (Folder)
      Successfully deleted: C:\ProgramData\mntemp (File)
      Successfully deleted: C:\ProgramData\productdata (Folder)
      Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (Rh Scott) (Task)



      Registry: 0





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 16/12/2017 at 2:30:30,69
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    5. #5
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.364

      Re: "30TaB" SECUESTRADOR INBORRABLE!

      Hola

      Falta el reporte de AdwCleaner.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #6
      Usuario Avatar de RhScott
      Registrado
      dic 2017
      Ubicación
      México
      Mensajes
      8

      Re: "30TaB" SECUESTRADOR INBORRABLE!

      # AdwCleaner 7.0.5.0 - Logfile created on Sat Dec 16 08:43:35 2017
      # Updated on 2017/29/11 by Malwarebytes
      # Database: 12-15-2017.1
      # Running on Windows 8.1 Pro (X64)
      # Mode: scan
      # Support: https://www.malwarebytes.com/support

      ***** [ Services ] *****

      PUP.Adware.Heuristic, 36c5f87ef6ecf575aaf28ae8a73a9c82


      ***** [ Folders ] *****

      No malicious folders found.

      ***** [ Files ] *****

      No malicious files found.

      ***** [ DLL ] *****

      No malicious DLLs found.

      ***** [ WMI ] *****

      No malicious WMI found.

      ***** [ Shortcuts ] *****

      No malicious shortcuts found.

      ***** [ Tasks ] *****

      No malicious tasks found.

      ***** [ Registry ] *****

      No malicious registry entries found.

      ***** [ Firefox (and derivatives) ] *****

      No malicious Firefox entries.

      ***** [ Chromium (and derivatives) ] *****

      No malicious Chromium entries.

      *************************

      C:/AdwCleaner/AdwCleaner[C0].txt - [2901 B] - [2017/12/16 712]
      C:/AdwCleaner/AdwCleaner[S0].txt - [3205 B] - [2017/12/16 739]
      C:/AdwCleaner/AdwCleaner[S1].txt - [1184 B] - [2017/12/16 7:16:10]


      ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########

      Me sigue apareciendo :c ayudame estoy apunto de reinstalar mi ordenador desde 0

    7. #7
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.364

      Re: "30TaB" SECUESTRADOR INBORRABLE!

      Hola

      El reporte de AdwCleaner es del escaneo, presionaste después en limpiar?


      Descarga Farbar Recovery Scan Tool segun la arquitectura de tu sistema (32 o 64 bits)

      • La guardas en el escritorio >> Esto es muy importante..
      • Doble clic para ejecutar Frst.exe. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • En la ventana del Disclaimer, presiona Yes.

      • En la nueva ventana que se abre, presiona el botón Scan y espera paciente a que concluya el análisis.
      • Se abrirán dos (2) archivos (Logs), Frst.txt y Addition.txt, estos estarán grabados en tu escritorio.

      • Para terminar abres los archivos Frst.txt y Addition.Txt copia y pega todo su contenido en tu próxima respuesta. Utiliza dos mensajes si te dice que es muy largo.


      El reporte me llevará tiempo revisarlo ya que es muy extenso, ten paciencia y no formatees

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de RhScott
      Registrado
      dic 2017
      Ubicación
      México
      Mensajes
      8

      Re: "30TaB" SECUESTRADOR INBORRABLE!

      Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2017
      Ran by Rh Scott (16-12-2017 03:28:08)
      Running from C:\Users\Rh Scott\Desktop
      Windows 8.1 Pro (Update) (X64) (2017-06-16 02:53:48)
      Boot Mode: Normal
      ==========================================================


      ==================== Accounts: =============================

      Administrador (S-1-5-21-3163783240-1864820225-3818946960-500 - Administrator - Disabled)
      Invitado (S-1-5-21-3163783240-1864820225-3818946960-501 - Limited - Disabled)
      Rh Scott (S-1-5-21-3163783240-1864820225-3818946960-1001 - Administrator - Enabled) => C:\Users\Rh Scott

      ==================== Security Center ========================

      (If an entry is included in the fixlist, it will be removed.)

      AV: ESET NOD32 Antivirus 9.0.318.20 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
      AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      AS: ESET NOD32 Antivirus 9.0.318.20 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

      ==================== Installed Programs ======================

      (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

      µTorrent (HKU\S-1-5-21-3163783240-1864820225-3818946960-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
      3DP Chip Lite v17.05 (HKLM-x32\...\3DP Chip Lite) (Version: v17.05 - 3DP)
      Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.133 - Adobe Systems Incorporated)
      Adobe Photoshop CS6 versión 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
      ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
      Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.38.1 - Asmedia Technology)
      Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
      Boris Continuum Complete 9 OFX for Sony (64-Bit) (HKLM\...\{3DF67BF0-17E8-4537-951C-758102AB87F7}) (Version: 9.0.2005 - Boris FX, Inc.)
      Call of Duty 4 Modern Warfare versión 1.7 (HKLM-x32\...\{FC6A85BF-52A3-4186-8BFC-1D9F1F2757A0}_is1) (Version: 1.7 - Activision)
      CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
      Castlevania Lords of Shadow - Ultimate Edition versión 1.0 u2 (HKLM-x32\...\Castlevania Lords of Shadow - Ultimate Edition_is1) (Version: 1.0 u2 - Konami)
      Castlevania Lords of Shadow 2 versión 1.0 u1 (HKLM-x32\...\Castlevania Lords of Shadow 2_is1) (Version: 1.0 u1 - Konami)
      Castlevania: Lords of Shadow Mirror of Fate HD (HKLM-x32\...\Q2FzdGxldmFuaWFMb3Jkc29mU2hhZG93TWlycm9yb2ZGYXRlSEQ=_is1) (Version: 1 - )
      DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 6.1.0.0484 - Disc Soft Ltd)
      ESET NOD32 Antivirus (HKLM\...\{75E71936-6B4E-4CAA-8DBB-A1E3A6A209BE}) (Version: 9.0.318.20 - ESET, spol. s r.o.)
      FFmpeg (Windows) for Audacity versión 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
      FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
      FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
      GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version: - )
      Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.108 - Google Inc.)
      Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
      IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
      Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
      Intel(R) Network Connections 21.1.29.0 (HKLM\...\PROSetDX) (Version: 21.1.29.0 - Intel)
      Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4505 - Intel Corporation)
      Killer Performance Suite (HKLM\...\{0B988985-38C9-4DD4-9835-5AC17EEC26F7}) (Version: 1.0.762 - Nombre de su organización)
      LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
      League of Legends (HKLM-x32\...\{525E2F2D-F698-4567-825F-8177C2702494}) (Version: 4.1.2 - Riot Games) Hidden
      League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
      Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.81 - Logitech Inc.)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
      Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
      Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
      Mozilla Firefox 57.0.2 (x64 es-MX) (HKLM\...\Mozilla Firefox 57.0.2 (x64 es-MX)) (Version: 57.0.2 - Mozilla)
      Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0 - Mozilla)
      NewBlue plug-ins bundle patch build 121206 (HKLM\...\NewBlue plug-ins bundle patch build 121206_is1) (Version: 3.0.0.0 - NewBlue Inc.)
      NewBlue plug-ins bundle patch build 121206 (HKLM-x32\...\NewBlue plug-ins bundle patch build 121206_is1) (Version: 3.0.0.0 - NewBlue Inc.)
      NewBlue Video Essentials VI for Windows (HKLM-x32\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
      Nox APP Player (HKLM-x32\...\Nox) (Version: 3.8.0.5 - Duodian Technology Co. Ltd.)
      OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
      Outlast (HKLM-x32\...\Outlast_is1) (Version: - )
      Paquete de controladores de Windows - Intel (e1dexpress) Net (05/10/2016 12.15.23.1) (HKLM\...\C1229F72AB790AC3FC3A16A6FCEEDBACCB2BBFBB) (Version: 05/10/2016 12.15.23.1 - Intel)
      Paquete de controladores de Windows - Intel(R) Corporation (IntcDAud) MEDIA (06/05/2016 09.22.00.621) (HKLM\...\A812661C80486484DD4BF81F733355E19505CA5C) (Version: 06/05/2016 09.22.00.621 - Intel(R) Corporation)
      Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8105 - Realtek Semiconductor Corp.)
      RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 1.17.0331.1 - GIGABYTE)
      Sid Meiers Civilization VI Persia and Macedon Civilization and Scenario Pack (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - )
      Silent Hill Gold Repack (HKLM-x32\...\Silent Hill Gold Repack) (Version: 9.99 - VictorVal)
      Software para dispositivos de chipset Intel® (HKLM-x32\...\{6e9b3b7e-2467-45d0-8d14-32d3e51d5353}) (Version: 10.1.2.80 - Intel(R) Corporation) Hidden
      Sound Blaster X-Fi MB5 (HKLM-x32\...\{918A4598-866C-4B8F-8901-13F8593EBED6}) (Version: 1.00.19 - Creative Technology Limited)
      Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
      TeamSpeak 3 Client (HKU\S-1-5-21-3163783240-1864820225-3818946960-1001\...\TeamSpeak 3 Client) (Version: 3.1.6 - TeamSpeak Systems GmbH)
      Traducción Game of Thrones (HKLM-x32\...\Traducción Game of Thrones_is1) (Version: 1.1.0 - ZombieWolfTeam)
      Ultimate Epic Battle Simulator (HKLM\...\dWx0aW1hdGVlcGljYmF0dGxlc2ltdWxhdG9y_is1) (Version: 1 - )
      VEGAS Pro 14.0 (64-bit) (HKLM\...\{4D911470-79F9-11E6-9145-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
      VTuner (HKLM-x32\...\{C381226E-C402-4976-9411-54282F1396D3}) (Version: 1.17.0103 - GIGABYTE) Hidden
      VTuner (HKLM-x32\...\InstallShield_{C381226E-C402-4976-9411-54282F1396D3}) (Version: 1.17.0103 - GIGABYTE)
      WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
      Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

      ==================== Custom CLSID (Whitelisted): ==========================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      CustomCLSID: HKU\S-1-5-21-3163783240-1864820225-3818946960-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
      CustomCLSID: HKU\S-1-5-21-3163783240-1864820225-3818946960-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
      CustomCLSID: HKU\S-1-5-21-3163783240-1864820225-3818946960-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
      CustomCLSID: HKU\S-1-5-21-3163783240-1864820225-3818946960-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
      CustomCLSID: HKU\S-1-5-21-3163783240-1864820225-3818946960-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
      CustomCLSID: HKU\S-1-5-21-3163783240-1864820225-3818946960-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
      ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2015-09-22] (ESET)
      ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
      ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
      ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2015-09-22] (ESET)
      ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-08-24] (Intel Corporation)
      ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2015-09-22] (ESET)
      ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
      ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

      ==================== Scheduled Tasks (Whitelisted) =============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      Task: {57C97CDA-99B2-42BC-99DA-0CF9F7AB991A} - System32\Tasks\Intel\Intel(R) Optane(TM) Memory - Volume Optimization
      Task: {9C84B0C1-74D8-444B-A86A-3572E7258B80} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13] (Adobe Systems Incorporated)
      Task: {A3F49C4A-1FAE-41FD-AB07-199939675FE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-16] (Google Inc.)
      Task: {C6BC6151-B9BA-4BDF-AB6D-037BA778F1E0} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
      Task: {E135ECAA-48BE-445F-9A13-EF00127E8149} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-16] (Google Inc.)

      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


      ==================== Shortcuts & WMI ========================

      (The entries could be listed to be restored or removed.)


      ==================== Loaded Modules (Whitelisted) ==============

      2016-09-29 03:55 - 2016-09-29 03:55 - 000560128 _____ () C:\Program Files\Killer Networking\Killer Control Center\SpeedTestDLL.dll
      2017-06-15 21:30 - 2015-07-31 09:34 - 000089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
      2017-06-15 21:30 - 2015-07-31 09:33 - 000366080 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
      2006-09-19 08:07 - 2006-09-19 08:07 - 000827392 _____ () C:\Windows\vsnpstd3.exe
      2015-03-06 18:07 - 2015-03-06 18:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
      2017-08-18 03:01 - 2017-08-18 03:01 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
      2015-03-06 18:07 - 2015-03-06 18:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
      2017-08-18 03:01 - 2017-08-18 03:01 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
      2017-08-18 02:41 - 2017-08-18 02:41 - 000077824 _____ () C:\Program Files\Logitech Gaming Software\LAClient\zlib.dll
      2017-08-18 02:41 - 2017-08-18 02:41 - 000144896 _____ () C:\Program Files\Logitech Gaming Software\LAClient\libssh2.dll
      2016-10-05 13:17 - 2016-10-05 13:17 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

      ==================== Alternate Data Streams (Whitelisted) =========

      (If an entry is included in the fixlist, only the ADS will be removed.)


      ==================== Safe Mode (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

      ==================== Association (Whitelisted) ===============

      (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

      HKU\S-1-5-21-3163783240-1864820225-3818946960-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

      ==================== Internet Explorer trusted/restricted ===============

      (If an entry is included in the fixlist, it will be removed from the registry.)


      ==================== Hosts content: ==========================

      (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

      2013-08-22 07:25 - 2017-10-26 14:55 - 000001419 ____N C:\Windows\system32\Drivers\etc\hosts

      127.0.0.1 mirillis.com
      127.0.0.1 www.mirillis.com
      127.0.0.1 serwer2.paka-service.com
      127.0.0.1 ns386119.ovh.net
      127.0.0.1 mirillis.pl
      127.0.0.1 thislineskipsanyemptylines
      127.0.0.1 176.31.241.10
      127.0.0.1 54.148.249.18
      127.0.0.1 54.68.188.84
      127.0.0.1 54.221.244.28
      127.0.0.1 40.77.226.250
      127.0.0.1 54.187.37.182
      127.0.0.1 mirillis.eu
      127.0.0.1 updates.mirillis.com
      127.0.0.1 thislineskipsanyemptylines
      127.0.0.1 thislineskipsanyemptylines

      ==================== Other Areas ============================

      (Currently there is no automatic fix for this section.)

      HKU\S-1-5-21-3163783240-1864820225-3818946960-1001\Control Panel\Desktop\\Wallpaper ->
      DNS Servers: 192.168.1.254
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
      Windows Firewall is enabled.

      ==================== MSCONFIG/TASK MANAGER disabled items ==

      HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
      HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
      HKU\S-1-5-21-3163783240-1864820225-3818946960-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"

      ==================== FirewallRules (Whitelisted) ===============

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      FirewallRules: [TCP Query User{81C24F6B-AFBC-4C23-8267-7E18F1101723}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
      FirewallRules: [UDP Query User{309AF986-23EF-451F-8EBF-AC8FEB8D16D5}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
      FirewallRules: [{29357B32-49D6-4E0D-861D-731DD87F8B82}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{59FFC957-C128-49F2-8225-788AC162EA3B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
      FirewallRules: [{C1D88AE2-9567-43D6-B555-2BBE11FB1404}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [{BC1EEEAA-5F97-4998-84E1-DE7D8457B090}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
      FirewallRules: [TCP Query User{D795CBE9-B0E8-4DDE-A907-C23C25D0EAD9}C:\program files (x86)\red barrels\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\red barrels\outlast\binaries\win64\olgame.exe
      FirewallRules: [UDP Query User{68A686C2-06B7-4533-A1A1-575402013EFF}C:\program files (x86)\red barrels\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\red barrels\outlast\binaries\win64\olgame.exe
      FirewallRules: [{6096E897-D6E0-4B3C-83C3-248C19054E8D}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe
      FirewallRules: [TCP Query User{8AA42EE3-F11E-4102-B9DF-83FCEFB9640C}C:\users\rh scott\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\rh scott\appdata\roaming\utorrent\utorrent.exe
      FirewallRules: [UDP Query User{CC504BD8-437B-4F75-979C-11B836213D7E}C:\users\rh scott\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\rh scott\appdata\roaming\utorrent\utorrent.exe
      FirewallRules: [{0E6145D9-991D-4006-8AFB-4D41EE2410AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
      FirewallRules: [{A34F52FC-9602-43F8-8D4B-B648E6061755}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
      FirewallRules: [{73F8BF36-EE8E-41E1-8AC6-855D5D8E5658}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
      FirewallRules: [{80303A52-AF11-4431-9D19-37AFE7810415}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
      FirewallRules: [{252ACAB1-83E1-4790-B8A5-7575E4E6B414}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe
      FirewallRules: [{3F962C7F-6E59-466C-85AE-0035FF54220A}] => (Allow) C:\Program Files (x86)\DroidCam\DroidCamApp.exe
      FirewallRules: [{3D5B799C-AE36-4C8B-87BC-0C4E31CF3072}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
      FirewallRules: [{4706D331-1F49-46E9-B0F5-3C70DF02D414}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CSNZ\Bin\cstrike-online.exe
      FirewallRules: [{0069563D-6492-4787-8121-83451833721C}] => (Allow) F:\SoftEther VPN Client\vpncmgr.exe
      FirewallRules: [{FFC2DBF7-E720-4953-A66E-F0587313E4DA}] => (Allow) F:\SoftEther VPN Client\vpncmgr_x64.exe
      FirewallRules: [{BE0023DB-1B39-42E1-8765-745A3C09AF1A}] => (Allow) F:\SoftEther VPN Client\vpncmd_x64.exe
      FirewallRules: [{FE5ACBE5-8187-4FF0-B364-7FAF9CD566DB}] => (Allow) F:\SoftEther VPN Client\vpncmd.exe
      FirewallRules: [{67BB50D0-9AE4-4B31-AEAF-4E21A7CB9CC4}] => (Allow) F:\SoftEther VPN Client\vpnclient.exe
      FirewallRules: [{01F17A32-508D-4585-A8C4-6DC8F84A7744}] => (Allow) F:\SoftEther VPN Client\vpnclient_x64.exe
      FirewallRules: [{49E88093-C898-4EF4-9B8F-A19BC59F477A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
      FirewallRules: [{7B1272E8-168C-4CBC-819A-18A23DE872E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
      FirewallRules: [{1F6CAB26-4065-4674-854C-5B4BAFED9777}] => (Block) %ProgramFiles% (x86)\Bandicam\bdcam.exe
      FirewallRules: [{C641282D-47F5-415D-9857-E506E351513E}] => (Block) %ProgramFiles% (x86)\Bandicam\bdcam.exe
      FirewallRules: [{CD3AAF79-0E91-41BC-AC95-E11B81AA92B1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

      ==================== Restore Points =========================

      29-11-2017 00:30:30 Installed Universal Adb Driver
      08-12-2017 22:08:57 Punto de control programado
      15-12-2017 13:56:25 Operación de restauración
      16-12-2017 02:28:33 JRT Pre-Junkware Removal

      ==================== Faulty Device Manager Devices =============


      ==================== Event log errors: =========================

      Application errors:
      ==================
      Error: (12/16/2017 03:22:35 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
      Description: Error de la activación de licencia (slui.exe) con el siguiente código:
      hr=0xC004F074
      Argumentos de línea de comandos:
      RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

      Error: (12/16/2017 03:22:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
      Description: Error de la activación de licencia (slui.exe) con el siguiente código:
      hr=0xC004F074
      Argumentos de línea de comandos:
      RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

      Error: (12/16/2017 03:14:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RHSCOTT)
      Description: No se pudo activar la aplicación microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail debido al error: -2144927149. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

      Error: (12/16/2017 03:00:41 AM) (Source: Application Error) (EventID: 1000) (User: )
      Description: Nombre de la aplicación con errores: adwcleaner_7.0.5.0.exe, versión: 7.0.5.0, marca de tiempo: 0x5a2050fd
      Nombre del módulo con errores: adwcleaner_7.0.5.0.exe, versión: 7.0.5.0, marca de tiempo: 0x5a2050fd
      Código de excepción: 0xc0000005
      Desplazamiento de errores: 0x0004b584
      Identificador del proceso con errores: 0xc50
      Hora de inicio de la aplicación con errores: 0x01d3764c33bffc5a
      Ruta de acceso de la aplicación con errores: C:\Users\Rh Scott\Downloads\adwcleaner_7.0.5.0.exe
      Ruta de acceso del módulo con errores: C:\Users\Rh Scott\Downloads\adwcleaner_7.0.5.0.exe
      Identificador del informe: 974068f2-e23f-11e7-82e6-1c1b0d968c0a
      Nombre completo del paquete con errores:
      Identificador de aplicación relativa del paquete con errores:

      Error: (12/16/2017 02:47:33 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
      Description: Error de la activación de licencia (slui.exe) con el siguiente código:
      hr=0xC004F074
      Argumentos de línea de comandos:
      RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

      Error: (12/16/2017 02:47:29 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
      Description: Error de la activación de licencia (slui.exe) con el siguiente código:
      hr=0xC004F074
      Argumentos de línea de comandos:
      RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

      Error: (12/16/2017 02:28:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
      Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().

      Details:
      AddLegacyDriverFiles: Unable to back up image of binary Protocolo de detección de nivel de vínculo de Microsoft.

      System Error:
      Acceso denegado.
      .

      Error: (12/16/2017 02:22:55 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
      Description: Error de la activación de licencia (slui.exe) con el siguiente código:
      hr=0xC004F074
      Argumentos de línea de comandos:
      RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

      Error: (12/16/2017 02:22:50 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
      Description: Error de la activación de licencia (slui.exe) con el siguiente código:
      hr=0xC004F074
      Argumentos de línea de comandos:
      RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

      Error: (12/16/2017 02:11:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
      Description: El programa LiveComm.exe, versión 17.5.9600.20911, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

      Identificador de proceso: bc8

      Hora de inicio: 01d37644bec7a619

      Hora de finalización: 4294967295

      Ruta de acceso de la aplicación: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

      Identificador de informe: b45c56f0-e238-11e7-82e4-1c1b0d968c0a

      Nombre completo de paquete con errores: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

      Identificador de aplicación relativa del paquete con errores: ppleae38af2e007f4358a809ac99a64a67c1


      System errors:
      =============
      Error: (12/16/2017 03:23:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
      Description: El servicio mrxsmb22 no pudo iniciarse debido al siguiente error:
      %%2 = El sistema no puede encontrar el archivo especificado.

      Error: (12/16/2017 03:20:58 AM) (Source: DCOM) (EventID: 10005) (User: RHSCOTT)
      Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "No disponible" para ejecutar el servidor:
      {9E175B68-F52A-11D8-B9A5-505054503030}

      Error: (12/16/2017 03:20:58 AM) (Source: DCOM) (EventID: 10005) (User: RHSCOTT)
      Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
      {DD522ACC-F821-461A-A407-50B198B896DC}

      Error: (12/16/2017 03:20:37 AM) (Source: DCOM) (EventID: 10005) (User: RHSCOTT)
      Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
      {DD522ACC-F821-461A-A407-50B198B896DC}

      Error: (12/16/2017 03:20:33 AM) (Source: DCOM) (EventID: 10005) (User: RHSCOTT)
      Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "No disponible" para ejecutar el servidor:
      {9E175B68-F52A-11D8-B9A5-505054503030}

      Error: (12/16/2017 03:20:32 AM) (Source: DCOM) (EventID: 10005) (User: RHSCOTT)
      Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "No disponible" para ejecutar el servidor:
      {9E175B68-F52A-11D8-B9A5-505054503030}

      Error: (12/16/2017 03:20:32 AM) (Source: DCOM) (EventID: 10005) (User: RHSCOTT)
      Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
      {DD522ACC-F821-461A-A407-50B198B896DC}

      Error: (12/16/2017 03:20:31 AM) (Source: DCOM) (EventID: 10005) (User: RHSCOTT)
      Description: Error de DCOM "1068" al intentar iniciar el servicio netprofm con argumentos "No disponible" para ejecutar el servidor:
      {A47979D2-C419-11D9-A5B4-001185AD2B89}

      Error: (12/16/2017 03:20:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Servicio de lista de redes depende del servicio Reconoc. ubicación de red, el cual no pudo iniciarse debido al siguiente error:
      %%1068 = No se puede iniciar el servicio o grupo de dependencia.

      Error: (12/16/2017 03:20:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
      Description: El servicio Reconoc. ubicación de red depende del servicio Cliente DHCP, el cual no pudo iniciarse debido al siguiente error:
      %%1068 = No se puede iniciar el servicio o grupo de dependencia.


      CodeIntegrity:
      ===================================
      Date: 2017-07-08 19:29:01.133
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2017-07-08 19:29:01.124
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2017-07-08 19:27:07.942
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

      Date: 2017-07-08 19:27:07.919
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


      ==================== Memory info ===========================

      Processor: Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz
      Percentage of memory in use: 25%
      Total physical RAM: 8072.55 MB
      Available physical RAM: 5993.8 MB
      Total Virtual: 16072.55 MB
      Available Virtual: 13831.3 MB

      ==================== Drives ================================

      Drive c: () (Fixed) (Total:465.76 GB) (Free:172.85 GB) NTFS ==>[drive with boot components (obtained from BCD)]
      Drive d: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
      Drive f: (Rh) (Fixed) (Total:220.78 GB) (Free:138.1 GB) NTFS

      ==================== MBR & Partition Table ==================

      ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0EB38A1D)
      Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

      ========================================================
      Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 5095C34F)
      Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
      Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=220.8 GB) - (Type=07 NTFS)

      ==================== End of Addition.txt ============================

    9. #9
      Usuario Avatar de RhScott
      Registrado
      dic 2017
      Ubicación
      México
      Mensajes
      8

      Re: "30TaB" SECUESTRADOR INBORRABLE!

      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2017
      Ran by Rh Scott (administrator) on RHSCOTT (16-12-2017 03:26:13)
      Running from C:\Users\Rh Scott\Desktop
      Loaded Profiles: Rh Scott (Available Profiles: Rh Scott)
      Platform: Windows 8.1 Pro (Update) (X64) Language: Español (España, internacional)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: ***********************************************************************************************************

      ==================== Processes (Whitelisted) =================

      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

      (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
      (Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
      (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
      (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
      (Microsoft Corporation) C:\Windows\System32\rundll32.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
      () C:\Windows\vsnpstd3.exe
      (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
      (Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe
      (Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
      (Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
      (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe

      ==================== Registry (Whitelisted) ===========================

      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

      HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9192960 2017-03-29] (Realtek Semiconductor)
      HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
      HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17988216 2017-08-18] (Logitech Inc.)
      HKLM-x32\...\Run: [Sound Blaster X-Fi MB5] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe [871936 2016-09-23] (Creative Technology Ltd)
      HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
      HKU\S-1-5-21-3163783240-1864820225-3818946960-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
      HKU\S-1-5-21-3163783240-1864820225-3818946960-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [4807952 2015-02-27] (Disc Soft Ltd)
      HKU\S-1-5-21-3163783240-1864820225-3818946960-1001\...\MountPoints2: {f9b8873d-74c9-11e7-826d-1c1b0d968c0a} - "E:\setup.exe"
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NewShortcut2.lnk [2017-06-15]
      ShortcutTarget: NewShortcut2.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks)
      Startup: C:\Users\Rh Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WO Mic Client.lnk [2017-08-09]
      ShortcutTarget: WO Mic Client.lnk -> C:\Program Files (x86)\WOMic\WOMicClient.exe ()

      ==================== Internet (Whitelisted) ====================

      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

      Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
      Tcpip\..\Interfaces\{0A991B57-D25F-4CE3-885B-7A7331A3AACD}: [DhcpNameServer] 192.168.1.254 192.168.1.254
      Tcpip\..\Interfaces\{1E05754E-72C3-49C4-A7A3-F84D4722D50E}: [DhcpNameServer] 192.168.42.129
      Tcpip\..\Interfaces\{9CEF31B5-ADE1-4E73-84E5-2C5360A0B206}: [DhcpNameServer] 192.168.1.254 192.168.1.254

      Internet Explorer:
      ==================
      HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
      HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
      HKU\S-1-5-21-3163783240-1864820225-3818946960-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
      HKU\S-1-5-21-3163783240-1864820225-3818946960-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-mx/?ocid=iehp
      SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-21-3163783240-1864820225-3818946960-1001 -> {8C35B765-4A99-4490-A917-0C54E87984B8} URL = hxxp://www.google.com/search?q={searchTerms}

      FireFox:
      ========
      FF DefaultProfile: 10xq4gvd.default
      FF ProfilePath: C:\Users\Rh Scott\AppData\Roaming\Mozilla\Firefox\Profiles\10xq4gvd.default [2017-12-16]
      FF Homepage: Mozilla\Firefox\Profiles\10xq4gvd.default -> hxxp://google.com
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_133.dll [2017-12-13] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_133.dll [2017-12-13] ()
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-16] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-16] (Google Inc.)

      Chrome:
      =======
      CHR Profile: C:\Users\Rh Scott\AppData\Local\Google\Chrome\User Data\Default [2017-12-16]
      CHR Extension: (Documentos) - C:\Users\Rh Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-15]
      CHR Extension: (Google Drive) - C:\Users\Rh Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-15]
      CHR Extension: (YouTube) - C:\Users\Rh Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-15]
      CHR Extension: (Hojas*de*cálculo) - C:\Users\Rh Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-15]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Rh Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-15]
      CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Rh Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-15]
      CHR Extension: (Gmail) - C:\Users\Rh Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-15]
      CHR Extension: (Chrome Media Router) - C:\Users\Rh Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]

      ==================== Services (Whitelisted) ====================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      S3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe [1267984 2015-02-27] (Disc Soft Ltd)
      R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2505472 2015-10-09] (ESET)
      R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [333280 2016-08-24] (Intel Corporation)
      S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
      R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-05] (Intel Corporation)
      R2 Killer Network Service; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [1951456 2016-09-29] (Rivet Networks)
      R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-08-18] (Logitech Inc.)
      S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
      S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

      ===================== Drivers (Whitelisted) ======================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      R1 amdfx; C:\Windows\system32\drivers\amdfx.sys [0 2017-12-16] () <==== ATTENTION (zero byte File/Folder)
      R3 DroidCam; C:\Windows\system32\DRIVERS\droidcam.sys [33592 2015-05-23] (Dev47Apps)
      R3 DroidCamVideo; C:\Windows\system32\DRIVERS\droidcamvideo.sys [230712 2015-05-23] (Windows (R) Win 7 DDK provider)
      R3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30352 2017-07-30] (Disc Soft Ltd)
      R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [555496 2017-06-29] (Intel Corporation)
      R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264040 2015-09-23] (ESET)
      S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2015-09-23] (ESET)
      R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2015-09-23] (ESET)
      R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [170792 2015-09-23] (ESET)
      R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-06-29] (REALiX(tm))
      R3 KillerEth; C:\Windows\system32\DRIVERS\e2xw8x64.sys [162456 2016-02-12] (Qualcomm Atheros, Inc.)
      S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2017-08-08] (Kingsoft Corporation)
      R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
      R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2017-08-18] (Logitech Inc.)
      R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [38432 2017-12-02] (SoftEther Corporation)
      R2 RfeCoSvc; C:\Windows\system32\DRIVERS\RfeCoW8X64.sys [78664 2016-09-29] (Rivet Networks, LLC.)
      U5 SEE; C:\Windows\System32\Drivers\SEE.sys [50208 2017-12-02] (SoftEther Corporation)
      R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [51232 2017-12-02] (SoftEther Corporation)
      S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
      S3 SNPSTD3; C:\Windows\system32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
      S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [131096 2016-10-18] (Oracle Corporation)
      S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
      S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
      S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
      R3 wovad_micarray; C:\Windows\system32\drivers\womic.sys [35328 2017-05-06] (Windows (R) Win 7 DDK provider)
      R2 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\drivers\YSDrv\YSDrv.sys [270608 2017-07-24] (BigNox Corporation)
      S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
      S1 mrxsmb22; system32\drivers\mrxsmb22.sys [X]
      S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

      ==================== NetSvcs (Whitelisted) ===================

      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


      ==================== One Month Created files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2030-08-23 11:39 - 2030-08-23 11:39 - 000002892 _____ () C:\Windows\SysWOW64\audcon.sys
      2030-08-23 11:39 - 2030-08-23 11:39 - 000000000 ____D C:\ProgramData\Syncrosoft
      2030-08-23 11:38 - 2030-08-23 11:38 - 000000049 _____ C:\Windows\SysWOW64\SYNSOPOS.exe.cfg
      2030-08-23 11:38 - 2030-08-23 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
      2030-08-23 11:38 - 2030-08-23 11:38 - 000000000 ____D C:\Program Files (x86)\Syncrosoft
      2030-08-23 11:38 - 2017-08-23 14:02 - 000000000 ____D C:\Users\Rh Scott\AppData\Roaming\Steinberg
      2030-08-23 11:38 - 2011-12-14 13:21 - 000086016 _____ C:\Windows\SysWOW64\SYNSOPOS.exe
      2030-08-23 11:37 - 2030-08-23 11:37 - 000000000 ____D C:\Program Files\eLicenser
      2030-08-23 11:37 - 2017-08-23 11:52 - 000000000 ____D C:\ProgramData\eLicenser
      2030-08-23 11:37 - 2016-06-07 03:22 - 003875328 _____ (Steinberg Media Technologies GmbH) C:\Windows\SysWOW64\SYNSOACC.dll
      2030-08-23 11:37 - 2016-06-07 03:19 - 005438976 _____ (Steinberg Media Technologies GmbH) C:\Windows\system32\SYNSOACC.dll
      2030-08-23 11:36 - 2030-08-23 11:36 - 000000000 ____D C:\Users\Rh Scott\AppData\Roaming\Steinberg Installation Updater
      2030-08-23 11:36 - 2030-08-23 11:36 - 000000000 ____D C:\Users\Rh Scott\AppData\Local\Steinberg Installation Updater
      2030-08-23 11:33 - 2016-11-15 07:35 - 000000038 ____H C:\Users\Rh Scott\Desktop\id
      2017-12-16 03:26 - 2017-12-16 03:27 - 000012558 _____ C:\Users\Rh Scott\Desktop\FRST.txt
      2017-12-16 03:25 - 2017-12-16 03:26 - 000000000 ____D C:\FRST
      2017-12-16 03:24 - 2017-12-16 03:24 - 002392064 _____ (Farbar) C:\Users\Rh Scott\Desktop\FRST64.exe
      2017-12-16 03:22 - 2017-12-16 03:22 - 003494080 _____ C:\Windows\KeyHook64.dll
      2017-12-16 03:10 - 2017-12-16 03:20 - 000000000 ____D C:\Windows\pss
      2017-12-16 02:13 - 2017-12-16 02:14 - 011201632 _____ (Piriform Ltd) C:\Users\Rh Scott\Downloads\ccsetup538.exe
      2017-12-16 02:11 - 2017-12-16 02:11 - 001790024 _____ (Malwarebytes) C:\Users\Rh Scott\Downloads\JRT.exe
      2017-12-16 02:09 - 2017-12-16 02:11 - 083316440 _____ (Malwarebytes ) C:\Users\Rh Scott\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374(1).exe
      2017-12-16 01:28 - 2017-12-16 01:30 - 083316440 _____ (Malwarebytes ) C:\Users\Rh Scott\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
      2017-12-16 01:27 - 2017-12-16 01:27 - 006974584 _____ (ESET spol. s r.o.) C:\Users\Rh Scott\Downloads\ESETOnlineScanner_ESL (1).exe
      2017-12-16 01:24 - 2017-12-16 01:24 - 006974584 _____ (ESET spol. s r.o.) C:\Users\Rh Scott\Downloads\esetonlinescanner_esl.exe
      2017-12-16 01:07 - 2017-12-16 01:07 - 000002289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2017-12-16 01:07 - 2017-12-16 01:07 - 000002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2017-12-16 01:05 - 2017-12-16 01:07 - 008187336 _____ (Malwarebytes) C:\Users\Rh Scott\Downloads\adwcleaner_7.0.5.0.exe
      2017-12-16 01:05 - 2017-12-16 01:07 - 000000000 ____D C:\Program Files (x86)\Google
      2017-12-16 01:05 - 2017-12-16 01:05 - 000003532 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
      2017-12-16 01:05 - 2017-12-16 01:05 - 000003404 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
      2017-12-16 01:04 - 2017-12-16 03:00 - 000000000 ____D C:\AdwCleaner
      2017-12-16 01:03 - 2017-12-16 01:04 - 001129816 _____ (Google Inc.) C:\Users\Rh Scott\Downloads\ChromeSetup.exe
      2017-12-16 01:03 - 2017-12-16 01:03 - 008261584 _____ (Malwarebytes) C:\Users\Rh Scott\Downloads\adwcleaner-7-0-4-0.exe
      2017-12-15 22:57 - 2017-12-16 01:39 - 000000000 ____D C:\Program Files\TNod User & Password Finder
      2017-12-15 22:57 - 2017-12-15 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder
      2017-12-15 22:52 - 2017-12-15 22:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
      2017-12-15 22:52 - 2017-12-15 22:52 - 000000000 ____D C:\ProgramData\ESET
      2017-12-15 22:52 - 2017-12-15 22:52 - 000000000 ____D C:\Program Files\ESET
      2017-12-15 22:45 - 2017-12-15 22:47 - 086333639 _____ C:\Users\Rh Scott\Downloads\ESET NOD32 Antivirus 9 (64 bits).rar
      2017-12-15 22:27 - 2017-12-15 22:27 - 000000000 _____ C:\autoexec.bat
      2017-12-15 12:48 - 2017-12-15 14:07 - 000000000 ____D C:\Windows\SSL
      2017-12-14 23:30 - 2017-12-14 23:30 - 013536080 _____ C:\Users\Rh Scott\Desktop\Improvisacion de base.wav
      2017-12-14 12:30 - 2017-12-15 14:07 - 000000000 ____D C:\Users\Rh Scott\Desktop\FL Studio Producer Edition v12.3
      2017-12-14 12:29 - 2017-12-14 12:29 - 667387699 _____ C:\Users\Rh Scott\Downloads\FLSPE.v12.3.Gratisprogramas.co.rar
      2017-12-13 23:16 - 2017-12-13 23:16 - 000002797 _____ C:\Users\Rh Scott\Desktop\dejarse la piel. el chojin.txt
      2017-12-13 16:10 - 2017-12-13 16:11 - 044998810 _____ C:\Users\Rh Scott\Downloads\suburbano RD.rar
      2017-12-13 16:09 - 2017-12-13 16:09 - 000035369 _____ C:\Users\Rh Scott\Downloads\Instrumental Vst Prueba tutorial.rar
      2017-12-13 15:53 - 2017-12-13 15:53 - 001064129 _____ C:\Users\Rh Scott\Downloads\Cellofan.rar
      2017-12-12 02:30 - 2017-12-12 02:30 - 000000000 ____D C:\Users\Rh Scott\Desktop\El chojin
      2017-12-11 23:16 - 2017-12-11 23:17 - 017594320 _____ (Bandicam Company) C:\Users\Rh Scott\Downloads\bdcamsetup.exe
      2017-12-09 16:10 - 2017-12-09 16:10 - 000000222 _____ C:\Users\Rh Scott\Desktop\Bloons TD Battles.url
      2017-12-08 00:40 - 2017-12-08 00:40 - 000122149 _____ C:\Users\Rh Scott\Downloads\Registro-CursosDiplomados.pdf
      2017-12-05 18:32 - 2017-12-05 18:51 - 703108510 _____ C:\Users\Rh Scott\Documents\COSAS QUE SI SABIA SO NO SABIAS PERO SON CURIOSAS.mp4
      2017-12-05 15:21 - 2017-12-05 15:26 - 008789286 _____ C:\Users\Rh Scott\Documents\Sin título.mp4
      2017-12-05 13:49 - 2017-09-09 00:42 - 000000219 _____ C:\Users\Rh Scott\Desktop\Counter-Strike Global Offensive.url
      2017-12-02 21:12 - 2017-12-02 21:12 - 000038432 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\Neo_VPN.sys
      2017-12-02 17:24 - 2017-12-02 17:24 - 000001429 _____ C:\Users\Rh Scott\Desktop\BeastBattleSimulator - Acceso directo.lnk
      2017-12-02 15:39 - 2017-12-02 15:39 - 000004547 _____ C:\Users\Rh Scott\AppData\Roaming\CamStudio.cfg
      2017-12-02 15:39 - 2017-12-02 15:39 - 000000408 _____ C:\Users\Rh Scott\AppData\Roaming\CamShapes.ini
      2017-12-02 15:39 - 2017-12-02 15:39 - 000000408 _____ C:\Users\Rh Scott\AppData\Roaming\CamLayout.ini
      2017-12-02 15:39 - 2017-12-02 15:39 - 000000046 _____ C:\Users\Rh Scott\AppData\Roaming\Camdata.ini
      2017-12-02 15:38 - 2017-12-02 15:39 - 000000000 ____D C:\Users\Rh Scott\Documents\My CamStudio Temp Files
      2017-12-02 15:36 - 2017-12-02 15:36 - 000000096 _____ C:\Users\Rh Scott\AppData\Roaming\version2.xml
      2017-12-02 15:35 - 2017-12-02 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
      2017-12-02 15:35 - 2017-12-02 15:35 - 000000000 ____D C:\Program Files\CamStudio 2.7
      2017-12-02 13:29 - 2017-12-02 13:29 - 000050208 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\see.sys
      2017-12-02 13:28 - 2017-12-02 13:28 - 000143808 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
      2017-12-02 13:28 - 2017-12-02 13:28 - 000051232 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\SeLow_x64.sys
      2017-12-02 13:26 - 2017-12-02 13:27 - 054329104 _____ C:\Users\Rh Scott\Downloads\vpngate-client-2017.12.03-build-9651.140022.zip
      2017-12-01 02:25 - 2017-12-01 02:25 - 000000000 ____D C:\Users\Rh Scott\AppData\LocalLow\Dog Hoggler
      2017-12-01 01:55 - 2017-12-01 02:21 - 1682801565 _____ C:\Users\Rh Scott\Downloads\Beast Battle Simulator Build 18.11.2017.rar
      2017-11-30 12:36 - 2017-11-30 12:36 - 000001061 _____ C:\Users\Rh Scott\Desktop\UEBS - Acceso directo.lnk
      2017-11-30 12:36 - 2017-11-30 12:36 - 000000000 ____D C:\Users\Rh Scott\AppData\LocalLow\DefaultCompany
      2017-11-30 12:34 - 2017-11-30 12:34 - 000000483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Epic Battle Simulator.lnk
      2017-11-30 12:24 - 2017-06-02 19:00 - 000000000 ____D C:\Users\Rh Scott\Desktop\Ultimate.Epic.Battle.Simulator
      2017-11-29 00:28 - 2017-11-29 00:28 - 000001038 _____ C:\Users\Rh Scott\Desktop\DroidCamApp.lnk
      2017-11-29 00:28 - 2017-11-29 00:28 - 000000000 ____D C:\Users\Rh Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam
      2017-11-29 00:23 - 2017-11-29 00:23 - 000895721 _____ C:\Users\Rh Scott\Downloads\DroidCam.Client.6.0.FullOffline.zip
      2017-11-20 14:34 - 2017-11-20 14:34 - 000001440 _____ C:\Users\Rh Scott\Downloads\AdobeF27.1.6.154.z

      ==================== One Month Modified files and folders ========

      (If an entry is included in the fixlist, the file/folder will be moved.)

      2030-08-23 11:39 - 2017-06-15 21:36 - 000003986 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F8FABD68-05CF-4C5C-B180-ECB4946F3564}
      2017-12-16 03:27 - 2017-06-15 20:59 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3163783240-1864820225-3818946960-1001
      2017-12-16 03:23 - 2017-10-07 22:57 - 000000000 ____D C:\Users\Rh Scott\AppData\LocalLow\Mozilla
      2017-12-16 03:23 - 2017-06-29 07:01 - 000000000 ____D C:\Program Files (x86)\Steam
      2017-12-16 03:22 - 2017-08-10 11:59 - 000000000 __RDO C:\Users\Rh Scott\OneDrive
      2017-12-16 03:22 - 2017-06-29 20:27 - 000000000 __SHD C:\Users\Rh Scott\IntelGraphicsProfiles
      2017-12-16 03:21 - 2013-08-22 08:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2017-12-16 02:42 - 2017-07-31 03:11 - 000000000 ____D C:\Windows\Minidump
      2017-12-16 02:42 - 2017-07-30 09:42 - 000000000 ____D C:\Users\Rh Scott\AppData\Roaming\uTorrent
      2017-12-16 02:42 - 2017-07-30 09:35 - 000000000 ____D C:\Users\Rh Scott\AppData\Roaming\DAEMON Tools Pro
      2017-12-16 02:42 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\Inf
      2017-12-16 02:23 - 2017-09-09 10:34 - 000000000 ____D C:\ProgramData\Logishrd
      2017-12-16 02:21 - 2017-06-15 20:53 - 000000000 ____D C:\Users\Rh Scott
      2017-12-16 01:24 - 2017-10-10 23:24 - 000000000 ____D C:\Users\Rh Scott\AppData\Local\ESET
      2017-12-16 00:47 - 2017-07-11 01:47 - 000000000 ____D C:\Users\Rh Scott\Desktop\Vegas 14
      2017-12-16 00:20 - 2017-06-15 20:54 - 000001010 _____ C:\Users\Rh Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
      2017-12-16 00:09 - 2017-06-15 21:38 - 000000000 ____D C:\Users\Rh Scott\AppData\Local\Google
      2017-12-15 22:58 - 2017-08-30 01:30 - 000000000 ____D C:\Users\Rh Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
      2017-12-15 22:54 - 2013-08-22 09:36 - 000000000 ___HD C:\Windows\ELAMBKUP
      2017-12-15 22:24 - 2017-08-23 12:47 - 000000000 ____D C:\Users\Rh Scott\AppData\Local\Deployment
      2017-12-15 14:08 - 2017-10-24 13:28 - 000000000 ____D C:\Users\Rh Scott\AppData\Roaming\Bandicam Company
      2017-12-15 14:08 - 2017-08-30 01:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
      2017-12-15 14:08 - 2017-08-23 12:26 - 000000000 ____D C:\_AT-Destroyer
      2017-12-15 14:07 - 2017-10-07 22:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
      2017-12-15 14:07 - 2017-10-07 22:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
      2017-12-15 14:07 - 2017-07-11 15:57 - 000000000 ____D C:\Users\Rh Scott\AppData\Roaming\Audacity
      2017-12-15 14:03 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\registration
      2017-12-15 13:40 - 2013-08-22 07:25 - 000524288 ___SH C:\Windows\system32\config\BBI
      2017-12-14 23:31 - 2017-10-07 11:16 - 000000000 ____D C:\Users\Rh Scott\Documents\Bandicam
      2017-12-13 12:17 - 2017-10-10 23:23 - 000004296 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-12-13 12:17 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
      2017-12-13 12:17 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\system32\Macromed
      2017-12-11 20:39 - 2017-07-20 13:46 - 000000000 ____D C:\Users\Rh Scott\Desktop\Ediciòn
      2017-12-09 16:11 - 2017-06-29 07:33 - 000000000 ____D C:\Users\Rh Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
      2017-12-09 02:52 - 2017-10-07 22:57 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      2017-12-03 20:07 - 2017-08-03 00:24 - 000000034 _____ C:\ProgramData\droidcam-settings
      2017-11-30 16:30 - 2013-08-22 09:36 - 000000000 ___HD C:\Program Files\WindowsApps
      2017-11-30 16:30 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\AppReadiness
      2017-11-29 00:28 - 2017-08-03 00:22 - 000000000 ____D C:\Program Files (x86)\DroidCam
      2017-11-20 14:32 - 2017-06-29 06:55 - 000545440 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      2017-11-19 21:05 - 2017-09-25 22:05 - 000000000 ____D C:\Users\Rh Scott\Downloads\1

      ==================== Files in the root of some directories =======

      2017-12-02 15:39 - 2017-12-02 15:39 - 000000046 _____ () C:\Users\Rh Scott\AppData\Roaming\Camdata.ini
      2017-12-02 15:39 - 2017-12-02 15:39 - 000000408 _____ () C:\Users\Rh Scott\AppData\Roaming\CamLayout.ini
      2017-12-02 15:39 - 2017-12-02 15:39 - 000000408 _____ () C:\Users\Rh Scott\AppData\Roaming\CamShapes.ini
      2017-12-02 15:39 - 2017-12-02 15:39 - 000004547 _____ () C:\Users\Rh Scott\AppData\Roaming\CamStudio.cfg
      2017-12-02 15:36 - 2017-12-02 15:36 - 000000096 _____ () C:\Users\Rh Scott\AppData\Roaming\version2.xml

      Some files in TEMP:
      ====================
      2017-08-23 12:48 - 2017-08-23 12:48 - 017002861 _____ () C:\Users\Rh Scott\AppData\Local\Temp\{EC0548ED-B254-4C36-8A59-F17B4FB1FAD9}-60.0.3112.101_chrome_installer.exe

      ==================== Bamital & volsnap ======================

      (There is no automatic fix for files that do not pass verification.)

      C:\Windows\system32\winlogon.exe => File is digitally signed
      C:\Windows\system32\wininit.exe => File is digitally signed
      C:\Windows\explorer.exe => File is digitally signed
      C:\Windows\SysWOW64\explorer.exe => File is digitally signed
      C:\Windows\system32\svchost.exe => File is digitally signed
      C:\Windows\SysWOW64\svchost.exe => File is digitally signed
      C:\Windows\system32\services.exe => File is digitally signed
      C:\Windows\system32\User32.dll => File is digitally signed
      C:\Windows\SysWOW64\User32.dll => File is digitally signed
      C:\Windows\system32\userinit.exe => File is digitally signed
      C:\Windows\SysWOW64\userinit.exe => File is digitally signed
      C:\Windows\system32\rpcss.dll => File is digitally signed
      C:\Windows\system32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

      LastRegBack: 2017-12-15 11:27

      ==================== End of FRST.txt ============================

      Ojala puedas ayudarme, te voy a deber mucho, igual gracias por ayudarme ahorita y brindarme atencion a estas horas

    10. #10
      Moderadora Gral.
      Avatar de @Daniela
      Registrado
      abr 2011
      Ubicación
      España
      Mensajes
      24.364

      Re: "30TaB" SECUESTRADOR INBORRABLE!

      Hola

      Sigue estos pasos, MUY Importante ~ Realiza una copia de seguridad del registro :

      • Para hacerlo descarga >> DelFix en tu escritorio.
        • Doble clic para ejecutarlo.(Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador.")
        • Marca unicamente la casilla "Create registry backup".
      • Pulsar en Run.

        Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


      A continuación inicia tu equipo desde el >> Modo Seguro de Windows con función de red.

      Si tu SO es Windows 8/8.1/10 usa el 2º MÉTODO: de esta Faq de Windows 8 (aplicable a Windows 10) >> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.


      Con los demás programas cerrados ve a >> Inicio >> Ejecutar >> y escribe notepad.exe.

      Ahora copia y pega estos archivos dentro del Notepad: (Se excluye la palabra código)

      Código:
      Start
      CreateRestorePoint:
      CloseProcesses:
      
      HKU\S-1-5-21-3163783240-1864820225-3818946960-1001\...\MountPoints2: {f9b8873d-74c9-11e7-826d-1c1b0d968c0a} - "E:\setup.exe" 
      HKU\S-1-5-21-3163783240-1864820225-3818946960-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
      CHR Extension: (Documentos) - C:\Users\Rh Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-15]
      CHR Extension: (Documentos de Google sin conexión) - C:\Users\Rh Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-15]
      CHR Extension: (Chrome Media Router) - C:\Users\Rh Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15]
      S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
      S1 mrxsmb22; system32\drivers\mrxsmb22.sys [X]
      S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
      2017-08-23 12:48 - 2017-08-23 12:48 - 017002861 _____ () C:\Users\Rh Scott\AppData\Local\Temp\{EC0548ED-B254-4C36-8A59-F17B4FB1FAD9}-60.0.3112.101_chrome_installer.exe 
      
      CMD: ipconfig /flushdns
      CMD: ipconfig /renew
      CMD: bitsadmin /reset /allusers
      RemoveProxy:
      EmptyTemp:
      Hosts:
      end
      • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

      Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

      ATENCION!!!! El siguiente Script de reparación fue hecho específicamente por un miembro del staff para este usuario, si tiene un problema similar por favor abra su propio tema para recibir ayuda personalizada. Usar Scripts de otros usuarios puede causar daños a su equipo

      • Ejecutas Frst.exe.
      • Presionas el botón Fix y aguardas a que termine.
      • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
      • Lo pegas en tu próxima respuesta.


      Pon el reporte y comenta como sigue el problema.

      Un saludo
      ✿◕‿◕✿ La impaciencia no es buena compañía ✿◕‿◕✿

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo