Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.10.2018
Ran by Gerson (09-10-2018 14:49:49)
Running from C:\Users\Gerson\Desktop
Windows 7 Professional Service Pack 1 (X64) (2018-09-15 20:58:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-4092908975-4099347736-315434978-500 - Administrator - Disabled)
Gerson (S-1-5-21-4092908975-4099347736-315434978-1000 - Administrator - Enabled) => C:\Users\Gerson
Invitado (S-1-5-21-4092908975-4099347736-315434978-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: 360 Total Security (Disabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Disabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\uTorrent) (Version: 3.5.4.44632 - BitTorrent Inc.)
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 10.2.0.1101 - 360 Security Center)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Actualización de NVIDIA 31.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.2.0.0 - NVIDIA Corporation) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.008.20071 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.6.1.393 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_0_0) (Version: 22.0.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2018 (HKLM-x32\...\IDSN_13_0) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated)
ArtRage Lite (HKLM\...\{F9D1F820-4AF5-47CD-9A76-DFC81C5C7A48}) (Version: 5.0.4 - Ambient Design) Hidden
ArtRage Lite (HKLM-x32\...\ArtRage Lite 5.0.4) (Version: 5.0.4 - Ambient Design)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 399.24 - NVIDIA Corporation) Hidden
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 5.12 - NCH Software)
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.4.65 - Intel Corporation)
Killer Bandwidth Control Filter Driver (HKLM\...\{89A9DA12-B6F1-4966-95B3-574EEB6DF07E}) (Version: 1.1.65.1357 - Rivet Networks) Hidden
Killer E220x Drivers (HKLM\...\{E5914C89-E1DE-44D1-B172-DC00A3F1AA29}) (Version: 1.1.65.1357 - Rivet Networks) Hidden
Killer Network Manager (HKLM\...\{F2BE14C9-4659-4335-B964-0E76AE0D2EE7}) (Version: 1.1.65.1357 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{75269D5A-2CE7-48D1-8169-5744C83C574F}) (Version: 1.1.65.1357 - Rivet Networks)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
NVIDIA Controlador de 3D Vision 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 399.24 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 399.24 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.14.1.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.1.48 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Panel de control de NVIDIA 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 399.24 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7727 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 5.18.5025.0 - Hi-Rez Studios)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4092908975-4099347736-315434978-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4092908975-4099347736-315434978-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2018-09-15] ()
ContextMenuHandlers1: [FT360] -> {F2196025-497B-4A61-AEA7-27325149132A} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-09-07] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [FT360] -> {F2196025-497B-4A61-AEA7-27325149132A} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-09-07] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-09-05] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2018-09-15] ()
ContextMenuHandlers6: [FT360] -> {F2196025-497B-4A61-AEA7-27325149132A} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-09-07] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03C0121E-E68A-4576-AE3B-4A9A3CD0DC26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-06] (Adobe Systems Incorporated)
Task: {0402D9E4-37B7-4D67-80D8-BE958BEFE8D3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-10-06] (Adobe Systems Incorporated)
Task: {177AE570-022A-440B-B805-4D4A56877E84} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {31B9E6ED-8984-4B01-8F68-8DA5975EFE51} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-05] (NVIDIA Corporation)
Task: {4636FBD8-793D-45ED-B8E8-C02AD0C691DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {596C48B4-4602-4FF0-8E16-99F81184B4C0} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-09-05] (NVIDIA Corporation)
Task: {6473EEAF-F49A-459E-8C97-6476C7BB2ECC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-09-05] (NVIDIA Corporation)
Task: {64DC7A6D-3AC5-4CA0-91DA-8E1EB3EF06CE} - \NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {66AABBC9-5B86-4CEF-8DD0-B68893B4CD9F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-09-05] (NVIDIA Corporation)
Task: {70916172-E7A6-48A2-8591-4785947EFAF8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-05] (NVIDIA Corporation)
Task: {72F47205-FC91-4CA0-A091-6F857FAB784A} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-05] (NVIDIA Corporation)
Task: {83152D87-E946-4912-A90C-9409357ABD48} - System32\Tasks\RzmVfSQvlkpVqKr2 => rundll32 "C:\Program Files (x86)\deoRkBcMU\oJFXfa.dll",#1
Task: {855B10D9-B4A8-4362-B584-FF869263FCF4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {9D0D6B06-3E5C-4F08-AAA3-6069F18AF81C} - System32\Tasks\GItHvXoKUgtwAW => rundll32 "C:\Program Files (x86)\pObWEjsjndqU2\hoIJJFsXLfoad.dll",#1
Task: {9F7C2E8A-2F37-4FAC-90C3-492A4BFBEF38} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {A04D6E4C-5F8D-4819-B5F6-DFBB43F52AA5} - \{FEAA4C2F-EB28-4B64-8B01-EACA56C3D861} -> No File <==== ATTENTION
Task: {AA87FC66-D0AF-4DDE-A05C-70C5779C4A65} - \{FD7A9FEC-7BE0-4C2D-AD08-6BA010E39391} -> No File <==== ATTENTION
Task: {ADADE9F3-EE13-449B-B876-78B4E39FD5FB} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-09-05] (NVIDIA Corporation)
Task: {C2FACB05-A10A-4589-AD87-862252D137E9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd)
Task: {C4896485-8649-4118-9CB2-28610828B869} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-09-05] (NVIDIA Corporation)
Task: {E0C0475A-DB15-41C1-9FCE-96829B276631} - System32\Tasks\AdobeGCInvoker-1.0-Gerson-PC-Gerson => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {E97E6180-9A9E-40BF-B033-4774F12B45B4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-09-05] (NVIDIA Corporation)
Task: {FFBDC378-440B-46B8-92E6-5619B9AEACE1} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-05] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-26 02:52 - 2017-09-26 02:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4092908975-4099347736-315434978-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2018-10-08 14:59 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4092908975-4099347736-315434978-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gerson\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 179.51.50.203 - 179.51.50.202
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SurfEasy => C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyVPN.exe startup
MSCONFIG\startupreg: uTorrent => "C:\Users\Gerson\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{32021F9B-6F3B-4F42-AC20-DBE894E6C453}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F92C2F8A-FC4D-4491-8BBA-52B38FB362C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{88F6644C-05DD-45D9-8377-6E5AAC5DE15D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{84C77961-37A2-4AF3-8FBD-192BA8143535}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{9C09EE9B-ECFF-467F-88E5-99E47ED8183E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{14F42D23-8C46-41BE-9099-E31C075C8942}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BD6BBA14-945B-4AA4-8409-2A76029E99B5}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{7A708CFB-ECC6-4E4A-B324-9A40A4D92EDE}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{3A4FF3F5-7BB5-4C40-A0D6-C30C83E4ABAF}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{193821F5-295B-4035-856B-39EB05387B81}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{A4E10423-78A3-4310-B5F5-6127C2D424AB}] => (Allow) C:\Users\Gerson\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C04F79B3-A0ED-4EC1-9F65-D250A194D8E0}] => (Allow) C:\Users\Gerson\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{4619DEC3-1C34-4074-AD53-9A7C9C2D84F2}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win64\smite.exe
FirewallRules: [UDP Query User{BDDE56F5-1F44-4D0F-B9A6-5EB023176AF4}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win64\smite.exe
FirewallRules: [{EE73C32C-823F-46E6-9201-2C543CD417EE}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{199CC35F-A3BD-4A8A-BCEC-6748BAAB3FAA}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{0CD1FE66-2062-47FC-8F41-C09E46DC4C31}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{5AB7962B-978E-470F-93DB-DFBEB6DE1912}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [TCP Query User{AEFCEAEE-6AEF-4E90-AF30-2CB5ED55FA7D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{0CDB1014-7492-45B4-AD74-B0547FA569D3}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{65005A4B-A25D-471D-A47B-3C6FD04489FF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{B9718691-6BC5-4179-8CD7-6A2EBC6E86A7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{C64D17FF-8E13-49E7-836C-5CF2359D718A}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{465937F0-98C3-4354-AF54-E1B7639A0075}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

==================== Restore Points =========================

04-10-2018 20:58:52 Installed ArtRage Lite
08-10-2018 22:47:42 Windows Update
08-10-2018 22:56:42 Windows Update

==================== Faulty Device Manager Devices =============

Name: Controladora de bus SM
Description: Controladora de bus SM
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2018 02:43:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/09/2018 11:55:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/09/2018 10:37:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/09/2018 08:31:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Error al agregar certificado al almacén de entidades de certificación raíz de terceros: Intento de operación ilegal en una clave del Registro que estaba marcada para su eliminación.

Error: (10/09/2018 08:30:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/09/2018 08:25:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (10/09/2018 08:25:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: rundll32.exe, versión: 6.1.7601.23755, marca de tiempo: 0x58dd1d09
Nombre del módulo con errores: msvcrt.dll, versión: 7.0.7601.17744, marca de tiempo: 0x4eeaf722
Código de excepción: 0x40000015
Desplazamiento de errores: 0x0005620a
Id. del proceso con errores: 0x978
Hora de inicio de la aplicación con errores: 0x01d45fdbc7d6acba
Ruta de acceso de la aplicación con errores: C:\Windows\SysWOW64\rundll32.exe
Ruta de acceso del módulo con errores: C:\Windows\syswow64\msvcrt.dll
Id. del informe: 261d7bf3-cbcf-11e8-bdb5-fcaa147fd64e

Error: (10/09/2018 08:17:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


System errors:
=============
Error: (10/09/2018 02:44:34 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Se recibió la siguiente alerta irrecuperable: 20.

Error: (10/09/2018 10:59:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (10/09/2018 10:59:18 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Se bloqueó la carga de \??\C:\Users\Gerson\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.

Error: (10/09/2018 10:59:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (10/09/2018 10:59:17 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Se bloqueó la carga de \??\C:\Users\Gerson\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.

Error: (10/09/2018 10:59:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (10/09/2018 10:59:17 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Se bloqueó la carga de \??\C:\Users\Gerson\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.

Error: (10/09/2018 10:59:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador


Windows Defender:
===================================
Date: 2018-10-08 21:26:45.706
Description: 
Windows Defender detectó spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Adload&threatid=17567
Nombre:TrojanDownloader:Win32/Adload
Id.:17567
Gravedad:Alta
Categoría:Descargador troyano
Ruta de acceso encontrada:file:C:\Users\Gerson\Downloads\Reimage Pc Repair Serial Number 2018\Reimage Pc Repair Serial Number 2018.exe
Tipo de detección:Concreto
Origen de detección:Protección en tiempo real
Estado:Desconocido
Usuario:\
Nombre de proceso:

Date: 2018-10-08 21:36:45.655
Description: 
Windows Defender encontró un error al tomar medidas ante spyware u otro software potencialmente no deseado.
Para obtener más información, consulte lo siguiente:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Adload&threatid=17567
Usuario:\
Nombre:TrojanDownloader:Win32/Adload
Id.:17567
Gravedad:Alta
Categoría:Descargador troyano
Ruta de acceso:
Acción:Quitar
Código de error:0x80508023
Descripción de error:El programa no encontró spyware ni cualquier otro software potencialmente no deseado en este equipo. 
Estado:

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 12124.46 MB
Available physical RAM: 9951.61 MB
Total Virtual: 24247.07 MB
Available Virtual: 21394.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.54 GB) (Free:375.86 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 14F57CED)

Partition: GPT.

==================== End of Addition.txt ============================