Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01 Ran by Florenci (08-12-2018 20:49:45) Running from C:\Users\Florenci\Desktop Windows 10 Home Version 1803 17134.407 (X64) (2018-05-21 04:58:20) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-549940460-2404856339-1566757125-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-549940460-2404856339-1566757125-503 - Limited - Disabled) Florenci (S-1-5-21-549940460-2404856339-1566757125-1000 - Administrator - Enabled) => C:\Users\Florenci Invitado (S-1-5-21-549940460-2404856339-1566757125-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-549940460-2404856339-1566757125-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Crystal Eye Webcam (HKLM-x32\...\{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2904.00 - CyberLink Corp.) Hidden Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2904.00 - CyberLink Corp.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform) CrystalDiskInfo 8.0.0 Kurei Kei Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.0.0 - Crystal Dew World) Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.80 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) Microsoft OneDrive (HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 63.0.3 (x64 ca) (HKLM\...\Mozilla Firefox 63.0.3 (x64 ca)) (Version: 63.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0 - Mozilla) netcut version 3.5.4 (HKLM-x32\...\{6BE5152F-0885-4AA5-8385-4AD2D8472C71}_is1) (Version: 3.5.4 - arcai.com) NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue) PerformanceTest v9.0 (HKLM\...\PerformanceTest 9_is1) (Version: 9.0.1029.0 - Passmark Software) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6314 - Realtek Semiconductor Corp.) Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.) SoftPerfect WiFi Guard version 2.0.2 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 2.0.2 - SoftPerfect) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1260 - SUPERAntiSpyware.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation) Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 18 - Windscribe Limited) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH) XnView 2.46 (HKLM-x32\...\XnView_is1) (Version: 2.46 - Gougelet Pierre-e) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd) ContextMenuHandlers1-x32: [IXnView] -> {A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A} => C:\Program Files (x86)\XnView\ShellEx\XnViewShellExt.dll [2015-02-19] () ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal) ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Intel Corporation) ContextMenuHandlers5: [SynGlwPad] -> {681C10CE-5E5D-463A-A270-771AA48E4C71} => -> No File ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0024AC74-6019-4D39-B4FF-D2A92650067C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation) Task: {0660B32D-6B9D-4357-A551-4FFEA511E291} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Task: {101BD740-2B08-471B-9DB7-E09C7C6C48D0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {11E73C56-782A-40F5-B4E7-E6EF4BB4206C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-10] (Google Inc.) Task: {156A2B82-FB46-4C12-B0D5-7AF00FEE646F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation) Task: {3A138F57-0858-4F54-9E93-2FEADD41ACE8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe Task: {3D064AB2-C19C-4522-A667-BA0196223E76} - System32\Tasks\SafeZone scheduled Autoupdate 1460396787 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe Task: {40F56396-8649-4C16-93A5-C1342F6042C5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation) Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] () Task: {98E42B25-A34C-4B47-B5AD-3F84F6F6FDCD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-10] (Google Inc.) Task: {B4B5EFCD-C461-439C-88ED-C2214CF69504} - \Burbujas. -> No File <==== ATTENTION Task: {BF02092A-AD93-4490-BA4E-50B672EBFF46} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation) Task: {EEA1AC04-C4C3-482A-B47D-B76EAFC0DD6B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-28] (Piriform Ltd) Task: {F37E8075-F98C-4F8A-A8E0-D96F336A10C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-28] (Piriform Software Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Florenci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicacions de Chrome\Canal Partidazo Plus en directo onlin.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 6" --app-id=emhhkhofpmflafmpejplpbmnidicjjkl ShortcutWithArgument: C:\Users\Florenci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicacions de Chrome\Diresport.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 6" --app-id=nhmklomilgafkfgfghfjfbblcmgonhbg ShortcutWithArgument: C:\Users\Florenci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicacions de Chrome\ROJADIRECTA_ Tarjeta Roja TV - Interg.._ (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 6" --app-id=khcbmelncakfefpbioaneecjmidciecl ShortcutWithArgument: C:\Users\Florenci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicacions de Chrome\ROJADIRECTA_ Tarjeta Roja TV - Interg.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 6" --app-id=khcbmelncakfefpbioaneecjmidciecl ShortcutWithArgument: C:\Users\Florenci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicacions de Chrome\VER CANAL MOVISTAR PARTIDAZO ONLINE E.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 6" --app-id=ihobjaompgheafiigdjbablamjbhdggn ShortcutWithArgument: C:\Users\Florenci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\Florenci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 6" ==================== Loaded Modules (Whitelisted) ============== 2018-10-19 19:59 - 2018-12-06 20:01 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-09-01 09:35 - 2018-09-07 17:53 - 002148864 _____ () C:\Program Files (x86)\arcai.com\netcut_windows.exe 2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2018-12-06 20:27 - 2018-11-01 07:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-12-06 20:36 - 2018-12-06 20:39 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-08-17 12:21 - 2018-08-17 16:23 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-549940460-2404856339-1566757125-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Florenci\Pictures\fondos\5.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Block) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\StartupFolder: => "HandyAndy.lnk" HKLM\...\StartupApproved\Run32: => "Malwarebytes TrayApp" HKLM\...\StartupApproved\Run32: => "SecurityHealth" HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\StartupApproved\Run: => "Uninstall C:\Users\Florenci\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\StartupApproved\Run: => "Uninstall C:\Users\Florenci\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64" HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\StartupApproved\Run: => "Uninstall 17.3.6816.0313" HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\StartupApproved\Run: => "Uninstall 17.3.6816.0313\amd64" HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\StartupApproved\Run: => "Uninstall 17.3.6943.0625\amd64" HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\StartupApproved\Run: => "Uninstall 17.3.6943.0625" HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\StartupApproved\Run: => "Uninstall 17.3.6998.0830" HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\StartupApproved\Run: => "Uninstall 17.3.6998.0830\amd64" HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\StartupApproved\Run: => "Uninstall 17.3.7073.1013" HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\StartupApproved\Run: => "Uninstall 17.3.7073.1013\amd64" HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\StartupApproved\Run: => "FooPlayer" HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\StartupApproved\Run: => "SUPERAntiSpyware" HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\StartupApproved\Run: => "RainWallpaper" HKU\S-1-5-21-549940460-2404856339-1566757125-1000\...\StartupApproved\Run: => "Windscribe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{4E6DAB54-BACA-4711-93EA-AFE4B27796BA}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe FirewallRules: [TCP Query User{95FCE767-37A8-409A-B915-6C5ACCD030D2}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe FirewallRules: [{57634CDD-1A18-4475-9572-34B49EA1D70F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{356BAD18-062A-4126-B4E0-F6AA5D9038A0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{EA310E6B-1889-4F40-A1AE-76AD4A56ECF9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E9B1E333-5940-40BD-9C4F-EC39109F0772}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6E11DECE-0CD7-4649-8FFC-0C0675E28446}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{79D4BF25-11F0-446E-AE26-41583AA44808}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{84B4E4AB-79A3-43C5-8655-024EEDA312FC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{1CAE95A2-7626-4AB2-90D8-F420331F497B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{CA73EEDB-A7D2-4B89-AE1D-A84B7E4A10E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{CCF64C9A-3690-4B21-8CE5-E049774F48E1}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{002802F4-973B-44C9-A5BB-1DFA1A5FA72D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{AF7E4375-7C37-4EA4-856A-C261A6CF9DB8}] => (Allow) C:\Program Files (x86)\arcai.com\aips.exe FirewallRules: [{70789E2D-A989-49A3-87D2-9CAE29849195}] => (Allow) C:\Program Files (x86)\arcai.com\aips.exe FirewallRules: [{AD370B05-E1CE-40B2-9078-AC3C0DD8DBC6}] => (Allow) C:\Program Files (x86)\arcai.com\netcut_windows.exe FirewallRules: [{928A729B-EA97-4375-A03A-23FAC9F9D5BC}] => (Allow) C:\Program Files (x86)\arcai.com\netcut_windows.exe ==================== Restore Points ========================= 23-06-2018 16:01:50 Punto de control programado 28-06-2018 20:55:12 Windows Update 08-07-2018 20:43:21 Punto de control programado 12-07-2018 11:30:50 Windows Update 18-07-2018 06:54:01 Windows Update 26-07-2018 19:29:07 Windows Update 12-08-2018 07:15:47 Installed ProtonVPN 17-08-2018 12:42:46 Windows Update 21-08-2018 18:26:05 Instalador de Módulos de Windows 24-08-2018 17:34:47 Instalador de Módulos de Windows 31-08-2018 18:07:34 Punto de restauracion de antes de problemas florenci 31-08-2018 21:35:39 Instalador de Módulos de Windows 02-09-2018 07:35:34 Instalador de Módulos de Windows 03-09-2018 17:50:19 Instalador de Módulos de Windows 05-09-2018 07:22:08 Instalador de Módulos de Windows 13-09-2018 18:22:09 Windows Update 21-09-2018 18:33:28 Instalador de Módulos de Windows 28-09-2018 20:15:03 Windows Update 06-10-2018 07:38:14 Instalador de Módulos de Windows 19-10-2018 19:40:54 Windows Update 27-10-2018 17:23:50 Windows Update 06-12-2018 19:46:46 Instalador de Módulos de Windows 08-12-2018 14:45:46 Instalador de Módulos de Windows 08-12-2018 20:42:31 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/08/2018 04:12:54 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: El programa HxOutlook.exe, versión 16.0.11001.20106, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control. Identificador de proceso: 1a74 Hora de inicio: 01d48f0854e13747 Hora de finalización: 4294967295 Ruta de la aplicación: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20106.0_x64__8wekyb3d8bbwe\HxOutlook.exe Identificador de informe: ec78ce5b-db03-4f59-93bc-172363d9b0c2 Nombre completo de paquete con errores: microsoft.windowscommunicationsapps_16005.11001.20106.0_x64__8wekyb3d8bbwe Identificador de aplicación relativa del paquete con errores: microsoft.windowslive.mail Error: (12/06/2018 09:25:33 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15703 Error: (12/06/2018 09:25:33 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15703 Error: (12/06/2018 09:25:33 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/06/2018 09:22:31 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows no puede cargar el archivo DLL del contador extensible rdyboost. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error de Windows. Error: (12/06/2018 09:22:28 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: Error del procedimiento de apertura para el servicio "BITS" en el archivo DLL "C:\Windows\System32\bitsperf.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error. Error: (12/06/2018 08:43:45 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: El programa explorer.exe, versión 10.0.17134.165, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control. Identificador de proceso: 119c Hora de inicio: 01d48d94a6375826 Hora de finalización: 0 Ruta de la aplicación: C:\Windows\explorer.exe Identificador de informe: 7e3c6571-c13d-4f43-a329-c2167aae3d45 Nombre completo de paquete con errores: Identificador de aplicación relativa del paquete con errores: Error: (12/06/2018 07:40:53 PM) (Source: COM) (EventID: 10031) (User: ) Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {41FD88F7-F295-4D39-91AC-A85F3149A05B} System errors: ============= Error: (12/08/2018 08:44:21 PM) (Source: DCOM) (EventID: 10010) (User: Florenci-PC) Description: El servidor microsoft.windowscommunicationsapps_16005.11001.20106.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca no se registró con DCOM dentro del tiempo de espera requerido. Error: (12/08/2018 08:41:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID Windows.SecurityCenter.WscDataProtection y APPID No disponible al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (12/08/2018 08:41:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID Windows.SecurityCenter.WscDataProtection y APPID No disponible al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (12/08/2018 08:41:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID Windows.SecurityCenter.WscBrokerManager y APPID No disponible al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (12/08/2018 08:38:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} y APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (12/08/2018 08:35:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio Windows Remediation Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio. Error: (12/08/2018 08:35:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio Instalador de módulos de Windows terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio. Error: (12/08/2018 08:35:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: El servicio SynTPEnh Caller Service se terminó de manera inesperada. Esto ha sucedido 1 veces. Windows Defender: =================================== Date: 2018-12-08 17:01:39.088 Description: El examen de Antivirus de Windows Defender se detuvo antes de completarse. Id. de examen: {127DFF3F-920C-496A-B3AE-CA4D0DC4603F} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM Date: 2018-10-19 21:35:21.771 Description: Antivirus de Windows Defender detectó un comportamiento sospechoso. Nombre: Informational:Behavior/ModifiedKernel Id.: 3446656250 Gravedad: Baja Categoría: Comportamiento sospechoso Ruta de acceso encontrada: process:_0 Origen de detección: Desconocido Tipo de detección: Sospechoso Fuente de detección: Protección en tiempo real Estado: Ejecutando Usuario: Unknown\Unknown Nombre de proceso: Unknown Id. de firma: 717259538435 Versión de firma: AV: 1.279.102.0, AS: 1.279.102.0 Versión de motor: 1.1.15400.4 Etiqueta de fidelidad: Medio Nombre de archivo de destino: c:\windows\\system32\drivers\ndis.sys Date: 2018-09-28 21:48:29.558 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:DOS/EICAR_Test_File&threatid=2147519003&enterprise=0 Nombre: Virus:DOS/EICAR_Test_File Id.: 2147519003 Gravedad: Grave Categoría: Virus Ruta de acceso: file:_C:\Users\Florenci\Downloads\No confirmat 81227.crdownload Origen de detección: Equipo local Tipo de detección: Concreto Fuente de detección: Protección en tiempo real Usuario: Florenci-PC\Florenci Nombre de proceso: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Versión de firma: AV: 1.277.240.0, AS: 1.277.240.0, NIS: 1.277.240.0 Versión de motor: AM: 1.1.15300.6, NIS: 1.1.15300.6 Date: 2018-09-13 19:58:22.196 Description: El examen de Antivirus de Windows Defender se detuvo antes de completarse. Id. de examen: {B4325B08-0467-48C9-AD16-33150923F99E} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM Date: 2018-08-31 19:57:05.766 Description: El examen de Antivirus de Windows Defender se detuvo antes de completarse. Id. de examen: {4C227123-4D7E-4048-B382-E234DCB7DFDF} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM Date: 2018-12-08 15:05:06.444 Description: Antivirus de Windows Defender encontró un error al intentar actualizar las firmas. Nueva versión de firma: Versión de firma anterior: 1.283.135.0 Origen de actualización: Servidor de Microsoft Update Tipo de firma: AntiVirus Tipo de actualización: Completa Usuario: NT AUTHORITY\SYSTEM Versión de motor actual: Versión de motor anterior: 1.1.15500.2 Código de error: 0x80240438 Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. Date: 2018-12-08 14:48:18.591 Description: La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error: Característica: Durante el acceso Código de error: 0x8007043c Descripción del error: El servicio no puede iniciarse en modo a prueba de errores Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema. Date: 2018-12-07 10:18:58.856 Description: La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error: Característica: Durante el acceso Código de error: 0x8007043c Descripción del error: El servicio no puede iniciarse en modo a prueba de errores Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema. Date: 2018-09-28 21:00:21.269 Description: Antivirus de Windows Defender encontró un error al intentar actualizar las firmas. Nueva versión de firma: Versión de firma anterior: 1.277.237.0 Origen de actualización: Centro de protección contra malware de Microsoft Tipo de firma: AntiVirus Tipo de actualización: Completa Usuario: NT AUTHORITY\Servicio de red Versión de motor actual: Versión de motor anterior: 1.1.15300.6 Código de error: 0x80070670 Descripción del error: No se encontró ninguna secuencia válida para el conjunto de actualizaciones. Date: 2018-09-28 21:00:21.268 Description: Antivirus de Windows Defender encontró un error al intentar actualizar las firmas. Nueva versión de firma: Versión de firma anterior: 1.277.237.0 Origen de actualización: Centro de protección contra malware de Microsoft Tipo de firma: AntiSpyware Tipo de actualización: Completa Usuario: NT AUTHORITY\Servicio de red Versión de motor actual: Versión de motor anterior: 1.1.15300.6 Código de error: 0x80070670 Descripción del error: No se encontró ninguna secuencia válida para el conjunto de actualizaciones. CodeIntegrity: =================================== Date: 2018-06-09 15:45:46.591 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2018-05-31 21:13:04.645 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-05-31 21:13:04.063 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-05-31 21:13:03.138 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-05-31 21:13:03.122 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-05-31 21:13:03.000 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-05-31 21:13:02.338 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-05-31 21:09:32.904 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz Percentage of memory in use: 22% Total physical RAM: 7862.7 MB Available physical RAM: 6115.64 MB Total Virtual: 15798.7 MB Available Virtual: 14282.18 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:351.59 GB) NTFS \\?\Volume{117a4172-a2e8-11e3-aced-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{117a4171-a2e8-11e3-aced-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:16 GB) (Free:2.8 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: AD5CD5F4) Partition 1: (Not Active) - (Size=16 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=449.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================