Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2019 Ran by rmz-j (11-03-2019 23:43:10) Running from C:\Users\rmz-j\Desktop Windows 10 Home Single Language Version 1803 17134.590 (X64) (2018-05-15 10:44:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-3999284927-2579937426-3450252919-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3999284927-2579937426-3450252919-503 - Limited - Disabled) Invitado (S-1-5-21-3999284927-2579937426-3450252919-501 - Limited - Disabled) JCPr0gs (S-1-5-21-3999284927-2579937426-3450252919-1003 - Limited - Enabled) => C:\Users\JCPr0gs jorge (S-1-5-21-3999284927-2579937426-3450252919-1002 - Limited - Enabled) => C:\Users\jorge rmz-j (S-1-5-21-3999284927-2579937426-3450252919-1001 - Administrator - Enabled) => C:\Users\rmz-j WDAGUtilityAccount (S-1-5-21-3999284927-2579937426-3450252919-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: SecureAPlus Antivirus (Enabled - Up to date) {960AC008-C14A-F383-107E-DE133276CBF1} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: 360 Total Security (Disabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: SecureAPlus (Disabled - Up to date) {2D6B21EC-E770-FC0D-2ACE-E56149F1814C} AS: 360 Total Security (Disabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 180324 (HKLM\...\{f7b7e01d-e8d3-4ca4-9aa2-9291f103cb32}) (Version: '18-03-24 - Wilenty) 360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 10.2.0.1251 - 360 Security Center) Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated) Advanced RAR Repair v1.2 (HKLM-x32\...\Advanced RAR Repair v1.2) (Version: - ) Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.2.1 - Advanced Micro Devices, Inc.) Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.141.333 - AVAST Software) Hidden AVI ReComp 1.5.2 (HKLM-x32\...\AVI ReComp) (Version: 1.5.2 - Mateusz Gola (aka Prozac)) AviSynth 2.5 (HKLM-x32\...\Avisynth) (Version: - ) Bandizip (HKLM\...\Bandizip) (Version: 6.21 - Bandisoft.com) CoreAAC (HKLM-x32\...\CoreAAC) (Version: - ) Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version: - ) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Freemake Video Converter versión 3.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.1.2 - Ellora Assets Corporation) GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.38.5300 - GOM & Company) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - ) HD Video Converter Factory 13.0 (HKLM-x32\...\HD Video Converter Factory) (Version: 13.0 - WonderFox Soft, Inc.) Honeyview (HKLM\...\Honeyview) (Version: 5.31 - Bandisoft.com) HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{31CBAB2C-ED4B-403C-8933-192833FEB2C6}) (Version: 12.10.49.21 - HP Inc.) HP Wireless Button Driver (HKLM-x32\...\{AF4C5F64-4E6A-438B-9832-8BDEE0E7B43D}) (Version: 1.1.17.1 - HP) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) MediaCoder 0.8.57 (HKLM\...\MediaCoder) (Version: 0.8.57 - Mediatronic) MediaCoder x64 0.8.53.5930 (HKLM\...\MediaCoder x64) (Version: 0.8.53.5930 - Mediatronic) MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219.473 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219.473 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219.473 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219.473 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2017 x64 Additional Runtime - 14.13.26020 (HKLM\...\{C5ECDB9A-D9B0-3107-BA85-1269998A5B3E}) (Version: 14.13.26020 - Microsoft Corporation) Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.13.26020 (HKLM\...\{221D6DB4-46E2-333C-B09B-5F49351D0980}) (Version: 14.13.26020 - Microsoft Corporation) Microsoft Visual C++ 2017 x86 Additional Runtime - 14.13.26020 (HKLM-x32\...\{895D5198-C5DB-375E-86AB-133F4DAA9FE2}) (Version: 14.13.26020 - Microsoft Corporation) Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.13.26020 (HKLM-x32\...\{8F271F6C-6E7B-3D0A-951B-6E7B694D78BD}) (Version: 14.13.26020 - Microsoft Corporation) MKVToolNix 27.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 27.0.0 - Moritz Bunkus) Mozilla Firefox 65.0.2 (x64 es-MX) (HKLM\...\Mozilla Firefox 65.0.2 (x64 es-MX)) (Version: 65.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.1 - Mozilla) MP3jam 1.1.5.0 (HKLM-x32\...\MP3jam_is1) (Version: 1.1.5.0 - MP3jam) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.9 - Notepad++ Team) Pac-Man World 3 (HKLM-x32\...\{C2290E8D-152E-422E-A6BF-D1986C143F1E}) (Version: 1.00.0000 - Electronic Arts) Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security) PotPlayer (HKLM-x32\...\PotPlayer) (Version: 1.7.17508 - Kakao Corp.) PrivaZer (HKLM-x32\...\PrivaZer) (Version: 3.0.63.0 - Goversoft LLC) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.) Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.) SecureAPlus v5.3.0 (HKLM\...\SecureAPlus) (Version: 5.3.0 - SecureAge Technology) SoftMaker FreeOffice 2018 (HKLM-x32\...\{02B0F09C-4650-4F32-BB8A-F22606E9E320}) (Version: 1.0.4650 - SoftMaker Software GmbH) Subtitle Workshop 6.0b (HKLM-x32\...\SubtitleWorkshop) (Version: - ) Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated) Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation) VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) Videoder 1.0.9 (HKLM\...\808fc302-3d01-59ce-8094-e0443a55877e) (Version: 1.0.9 - GlennioTech) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN) VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: 2.23 - Gabest) Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) WinX HD Video Converter Deluxe 5.11.0 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.) Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare) Wondershare Video Converter Ultimate(Build 10.3.0.178) (HKLM-x32\...\Video Converter Ultimate_is1) (Version: 10.3.0.178 - Wondershare Software) Xvid 1.2.2 (HKLM-x32\...\Xvid_is1) (Version: 1.2.2 - Koepi's build) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3999284927-2579937426-3450252919-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6} CustomCLSID: HKU\S-1-5-21-3999284927-2579937426-3450252919-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft -> Bandisoft.com) CustomCLSID: HKU\S-1-5-21-3999284927-2579937426-3450252919-1001_Classes\CLSID\{9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF}\InprocServer32 -> C:\Program Files\Honeyview\HVShell64.dll (Bandisoft -> Bandisoft.com) CustomCLSID: HKU\S-1-5-21-3999284927-2579937426-3450252919-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated) CustomCLSID: HKU\S-1-5-21-3999284927-2579937426-3450252919-1001_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\WINDOWS\system32\kernel32.dll (Microsoft Windows -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ContextMenuHandlers1: [0HVContext] -> {9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF} => C:\Program Files\Honeyview\HVShell64.dll [2018-09-30] (Bandisoft -> Bandisoft.com) ContextMenuHandlers1: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-02-24] (Bandisoft -> Bandisoft.com) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-10-14] (Notepad++ -> ) ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => C:\WINDOWS\SysWOW64\ISCM64.dll [2015-02-27] () [File not signed] ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2017-12-07] () [File not signed] ContextMenuHandlers1: [SAScanShlExt] -> {94243EC1-AEE5-4d44-A6CF-6407ED967FED} => C:\Program Files\SecureAge\AntiVirus\SAScanCtx.dll [2018-09-25] (SecureAge Technology Pte Ltd -> SecureAge Technology) ContextMenuHandlers1: [SATrustCtxMenuExt] -> {E748C929-2F5A-475d-AB81-0632B725425C} => C:\Program Files\SecureAge\Whitelist\SATrustCtx.dll [2018-08-31] (SecureAge Technology Pte Ltd -> SecureAge Technology Pte. Ltd.) ContextMenuHandlers1: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2019-01-03] (QIHU 360 SOFTWARE CO. LIMITED -> ) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\WINDOWS\SysWOW64\WSCM64.dll [2012-09-21] (Wondershare Software Co., Ltd. -> ) ContextMenuHandlers2: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-02-24] (Bandisoft -> Bandisoft.com) ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2017-12-07] () [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2017-12-07] () [File not signed] ContextMenuHandlers4: [0HVContext] -> {9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF} => C:\Program Files\Honeyview\HVShell64.dll [2018-09-30] (Bandisoft -> Bandisoft.com) ContextMenuHandlers4: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-02-24] (Bandisoft -> Bandisoft.com) ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2017-12-07] () [File not signed] ContextMenuHandlers4: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2019-01-03] (QIHU 360 SOFTWARE CO. LIMITED -> ) ContextMenuHandlers5: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-02-24] (Bandisoft -> Bandisoft.com) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll [2017-12-07] () [File not signed] ContextMenuHandlers6: [SAScanShlExt] -> {94243EC1-AEE5-4d44-A6CF-6407ED967FED} => C:\Program Files\SecureAge\AntiVirus\SAScanCtx.dll [2018-09-25] (SecureAge Technology Pte Ltd -> SecureAge Technology) ContextMenuHandlers6: [SATrustCtxMenuExt] -> {E748C929-2F5A-475d-AB81-0632B725425C} => C:\Program Files\SecureAge\Whitelist\SATrustCtx.dll [2018-08-31] (SecureAge Technology Pte Ltd -> SecureAge Technology Pte. Ltd.) ContextMenuHandlers6: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2019-01-03] (QIHU 360 SOFTWARE CO. LIMITED -> ) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1_S-1-5-21-3999284927-2579937426-3450252919-1001: [0HVContext] -> {9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF} => C:\Program Files\Honeyview\HVShell64.dll [2018-09-30] (Bandisoft -> Bandisoft.com) ContextMenuHandlers1_S-1-5-21-3999284927-2579937426-3450252919-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-02-24] (Bandisoft -> Bandisoft.com) ContextMenuHandlers2_S-1-5-21-3999284927-2579937426-3450252919-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-02-24] (Bandisoft -> Bandisoft.com) ContextMenuHandlers4_S-1-5-21-3999284927-2579937426-3450252919-1001: [0HVContext] -> {9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF} => C:\Program Files\Honeyview\HVShell64.dll [2018-09-30] (Bandisoft -> Bandisoft.com) ContextMenuHandlers4_S-1-5-21-3999284927-2579937426-3450252919-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-02-24] (Bandisoft -> Bandisoft.com) ContextMenuHandlers5_S-1-5-21-3999284927-2579937426-3450252919-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll [2019-02-24] (Bandisoft -> Bandisoft.com) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {150B02F6-A21D-4E4E-9525-79E08265D777} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.) Task: {26245E9B-767E-4706-90F5-B05B17D189C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {42E6F7CF-568C-44C3-9C76-48F54C7DC133} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> HP Inc.) Task: {5F6EE00F-A3C2-4571-BC4E-C193ABF6E371} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {8125541D-B8B5-40E2-8D29-0A998EEF87ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.) Task: {818C0B72-4140-4343-876A-CBFFA43FCE2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {839A94AA-5658-49D7-BDA5-2C4B24843366} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {95DBEAB8-F4DE-46A8-A5EF-ECA9E43C14B8} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe (Goversoft LLC -> Goversoft LLC) Task: {9B0D2C6A-9BFE-45A8-8973-5B5102576231} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.) Task: {9E5D4045-DD49-4BA2-A7C8-98BF03C3129E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.) Task: {AA77F288-E183-4905-AA9D-555FC142EFB0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {B79F0406-11EF-465A-9713-BB06CBAC6BE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.) Task: {C6891532-F6E4-4767-8285-FAA4909AB00C} - System32\Tasks\SoftMakerUpdater => C:\Program Files (x86)\SoftMaker FreeOffice 2018\SoftMakerUpdaterTool.exe (SoftMaker Software GmbH -> ) Task: {D98F8D63-892A-4694-BFFE-4AF58FCB94DA} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) Task: {F97B787A-74D7-4044-A42B-CFA190FA5DC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-12-07 17:09 - 2017-12-07 17:09 - 003525431 _____ () [File not signed] C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll 2018-02-18 20:56 - 2015-02-27 14:38 - 000721263 _____ () [File not signed] C:\WINDOWS\SysWOW64\ISCM64.dll 2014-08-14 01:42 - 2014-08-14 01:42 - 000068096 _____ () [File not signed] C:\WINDOWS\SYSTEM32\Everything64.dll 2015-08-13 21:20 - 2015-08-13 21:20 - 005454848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\SecureAge\Whitelist\Qt5Core.dll 2015-07-07 11:35 - 2015-07-07 11:35 - 005824000 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\SecureAge\Whitelist\Qt5Gui.dll 2015-07-07 11:42 - 2015-07-07 11:42 - 000313856 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\SecureAge\Whitelist\Qt5Svg.dll 2015-07-07 11:37 - 2015-07-07 11:37 - 005476864 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\SecureAge\Whitelist\Qt5Widgets.dll 2015-07-07 11:38 - 2015-07-07 11:38 - 001221120 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\SecureAge\UI\plugins\platforms\qwindows.dll 2015-07-07 11:38 - 2015-07-07 11:38 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\SecureAge\UI\plugins\imageformats\qico.dll 2015-07-07 11:42 - 2015-07-07 11:42 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\SecureAge\UI\plugins\imageformats\qsvg.dll 2018-07-24 13:09 - 2019-02-01 09:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll 2018-07-24 13:09 - 2019-02-01 09:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll 2018-07-24 13:09 - 2019-02-01 09:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll 2018-07-24 13:09 - 2019-02-01 09:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll 2018-07-24 13:09 - 2019-02-01 09:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll 2018-07-24 13:09 - 2019-02-01 09:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll 2018-07-24 13:09 - 2019-02-01 09:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll 2019-02-10 14:59 - 2019-02-01 09:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll 2019-02-10 14:59 - 2019-02-01 09:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll 2019-02-10 14:59 - 2019-02-01 09:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll 2019-02-10 14:59 - 2019-02-01 09:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll 2018-07-24 13:09 - 2019-02-01 09:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll 2019-02-10 14:59 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll 2019-02-10 14:59 - 2019-02-01 09:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll 2019-02-10 14:59 - 2019-02-01 09:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll 2019-02-10 14:59 - 2019-02-01 09:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll 2019-02-10 14:59 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll 2019-02-10 14:59 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll 2019-02-10 14:59 - 2019-02-01 09:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll 2019-02-10 14:59 - 2019-02-01 09:56 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll 2018-02-23 14:57 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2018-02-23 14:57 - 2017-03-23 09:49 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2018-02-23 14:57 - 2017-03-23 09:52 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\rmz-j\Downloads:CruxP2P.GUID [16] AlternateDataStreams: C:\Users\rmz-j\Downloads:Shareaza.GUID [16] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\saappsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\saappsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sascansvc => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-12-04 13:02 - 2019-03-11 08:24 - 000002103 _____ C:\WINDOWS\system32\drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 rp.yefeneri2.com 0.0.0.0 os.yefeneri2.com 0.0.0.0 os2.yefeneri2.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3999284927-2579937426-3450252919-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rmz-j\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 208.67.222.222 - 208.67.220.220 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe (Microsoft Windows -> ) FirewallRules: [UDP Query User{7C594223-8F44-4D91-844A-878294B6B61D}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team) [File not signed] FirewallRules: [TCP Query User{C307344D-7F8D-413A-A029-0FFBB5A8268E}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe (Deluge Team) [File not signed] FirewallRules: [{BB97BCBA-66CA-4123-8694-28256FA85EC6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{1113331D-F2CE-4AF4-A283-534EE2E31134}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{C33B655A-57E0-459C-92F1-6E2625CF3272}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{CD4999B8-A0FD-4662-9575-B0A148CDFF35}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{FF288B23-D1E6-4A68-BF50-BC28E6358F32}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.) FirewallRules: [{C696A09B-52EE-4362-9386-8C0388248383}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.) FirewallRules: [{D691AB00-4EC4-48EE-8AEB-CD0E1EBCA895}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.) FirewallRules: [{34D25A5A-8323-4067-AE96-06E17277B276}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.) FirewallRules: [{23FD6E19-70BB-4979-8994-D42A15651DFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.) FirewallRules: [{DD3AF5A9-9CF3-4FC7-A5E9-CC5F1C0AE6A9}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.) FirewallRules: [{77ECC1E4-E383-4D33-9164-6DB163FF5C4D}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.) ==================== Restore Points ========================= 01-03-2019 12:08:46 Windows Update 09-03-2019 19:21:51 Punto de control programado 10-03-2019 22:07:41 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/11/2019 08:24:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: tbaseprovisioning.exe, versión: 1.0.0.0, marca de tiempo: 0x56b4dcb7 Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.17134.556, marca de tiempo: 0xadca2670 Código de excepción: 0xe0434352 Desplazamiento de errores: 0x001118a2 Identificador del proceso con errores: 0x868 Hora de inicio de la aplicación con errores: 0x01d4d81619b84ba4 Ruta de acceso de la aplicación con errores: C:\WINDOWS\SysWOW64\tbaseprovisioning.exe Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll Identificador del informe: c6ee9f00-4caa-419d-8c22-9c152e312491 Nombre completo del paquete con errores: Identificador de aplicación relativa del paquete con errores: Error: (03/11/2019 08:24:17 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Aplicación: tbaseprovisioning.exe Versión de Framework: v4.0.30319 Descripción: el proceso terminó debido a una excepción no controlada. Información de la excepción: System.InvalidOperationException en System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean) en System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress) en System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object) en System.ServiceModel.Configuration.X509RecipientCertificateServiceElement.ApplyConfiguration(System.ServiceModel.Security.X509CertificateRecipientServiceCredential) en System.ServiceModel.Configuration.ServiceCredentialsElement.ApplyConfiguration(System.ServiceModel.Description.ServiceCredentials) en System.ServiceModel.Configuration.ServiceCredentialsElement.CreateBehavior() en System.ServiceModel.Description.ConfigLoader.LoadBehaviors[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ServiceModel.Configuration.ServiceModelExtensionCollectionElement`1, System.Collections.Generic.KeyedByTypeCollection`1, Boolean) en System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(System.ServiceModel.ServiceHostBase, System.ServiceModel.Description.ServiceDescription, System.ServiceModel.Configuration.ServiceElement, System.Action`1, Boolean) en System.ServiceModel.ServiceHostBase.LoadConfigurationSectionInternal(System.ServiceModel.Description.ConfigLoader, System.ServiceModel.Description.ServiceDescription, System.ServiceModel.Configuration.ServiceElement) en System.ServiceModel.ServiceHostBase.ApplyConfiguration() en System.ServiceModel.ServiceHost.ApplyConfiguration() en System.ServiceModel.ServiceHostBase.InitializeDescription(System.ServiceModel.UriSchemeKeyedCollection) en System.ServiceModel.ServiceHost.InitializeDescription(System.Type, System.ServiceModel.UriSchemeKeyedCollection) en System.ServiceModel.ServiceHost..ctor(System.Type, System.Uri[]) en RootPaApp.RootPaWindowsService.startThread() en System.Threading.ThreadHelper.ThreadStart_Context(System.Object) en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) en System.Threading.ThreadHelper.ThreadStart() Error: (03/10/2019 10:23:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: tbaseprovisioning.exe, versión: 1.0.0.0, marca de tiempo: 0x56b4dcb7 Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.17134.556, marca de tiempo: 0xadca2670 Código de excepción: 0xe0434352 Desplazamiento de errores: 0x001118a2 Identificador del proceso con errores: 0x818 Hora de inicio de la aplicación con errores: 0x01d4d7c232c5e450 Ruta de acceso de la aplicación con errores: C:\WINDOWS\SysWOW64\tbaseprovisioning.exe Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll Identificador del informe: dcc8ba58-f1c6-49af-9388-0dda75aa0003 Nombre completo del paquete con errores: Identificador de aplicación relativa del paquete con errores: Error: (03/10/2019 10:23:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Aplicación: tbaseprovisioning.exe Versión de Framework: v4.0.30319 Descripción: el proceso terminó debido a una excepción no controlada. Información de la excepción: System.InvalidOperationException en System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean) en System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress) en System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object) en System.ServiceModel.Configuration.X509RecipientCertificateServiceElement.ApplyConfiguration(System.ServiceModel.Security.X509CertificateRecipientServiceCredential) en System.ServiceModel.Configuration.ServiceCredentialsElement.ApplyConfiguration(System.ServiceModel.Description.ServiceCredentials) en System.ServiceModel.Configuration.ServiceCredentialsElement.CreateBehavior() en System.ServiceModel.Description.ConfigLoader.LoadBehaviors[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ServiceModel.Configuration.ServiceModelExtensionCollectionElement`1, System.Collections.Generic.KeyedByTypeCollection`1, Boolean) en System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(System.ServiceModel.ServiceHostBase, System.ServiceModel.Description.ServiceDescription, System.ServiceModel.Configuration.ServiceElement, System.Action`1, Boolean) en System.ServiceModel.ServiceHostBase.LoadConfigurationSectionInternal(System.ServiceModel.Description.ConfigLoader, System.ServiceModel.Description.ServiceDescription, System.ServiceModel.Configuration.ServiceElement) en System.ServiceModel.ServiceHostBase.ApplyConfiguration() en System.ServiceModel.ServiceHost.ApplyConfiguration() en System.ServiceModel.ServiceHostBase.InitializeDescription(System.ServiceModel.UriSchemeKeyedCollection) en System.ServiceModel.ServiceHost.InitializeDescription(System.Type, System.ServiceModel.UriSchemeKeyedCollection) en System.ServiceModel.ServiceHost..ctor(System.Type, System.Uri[]) en RootPaApp.RootPaWindowsService.startThread() en System.Threading.ThreadHelper.ThreadStart_Context(System.Object) en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) en System.Threading.ThreadHelper.ThreadStart() Error: (03/10/2019 03:01:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: El programa explorer.exe, versión 10.0.17134.165, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control. Identificador de proceso: 4c6c Hora de inicio: 01d4d783b55d9050 Hora de finalización: 0 Ruta de la aplicación: C:\Windows\explorer.exe Identificador de informe: 735369fd-5758-4291-83f3-bc20f5f06c79 Nombre completo de paquete con errores: Identificador de aplicación relativa del paquete con errores: Error: (03/10/2019 02:57:21 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: El programa explorer.exe, versión 10.0.17134.165, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control. Identificador de proceso: 1a64 Hora de inicio: 01d4d752bd9339d6 Hora de finalización: 0 Ruta de la aplicación: C:\Windows\explorer.exe Identificador de informe: 47cbd3e8-cece-45be-96d7-2a433073ce2b Nombre completo de paquete con errores: Identificador de aplicación relativa del paquete con errores: Error: (03/10/2019 09:05:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: tbaseprovisioning.exe, versión: 1.0.0.0, marca de tiempo: 0x56b4dcb7 Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.17134.556, marca de tiempo: 0xadca2670 Código de excepción: 0xe0434352 Desplazamiento de errores: 0x001118a2 Identificador del proceso con errores: 0x880 Hora de inicio de la aplicación con errores: 0x01d4d752afe35ff7 Ruta de acceso de la aplicación con errores: C:\WINDOWS\SysWOW64\tbaseprovisioning.exe Ruta de acceso del módulo con errores: C:\WINDOWS\System32\KERNELBASE.dll Identificador del informe: b64a215a-a63e-4b19-b99c-d1de45e6451e Nombre completo del paquete con errores: Identificador de aplicación relativa del paquete con errores: Error: (03/10/2019 09:05:28 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Aplicación: tbaseprovisioning.exe Versión de Framework: v4.0.30319 Descripción: el proceso terminó debido a una excepción no controlada. Información de la excepción: System.InvalidOperationException en System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean) en System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress) en System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object) en System.ServiceModel.Configuration.X509RecipientCertificateServiceElement.ApplyConfiguration(System.ServiceModel.Security.X509CertificateRecipientServiceCredential) en System.ServiceModel.Configuration.ServiceCredentialsElement.ApplyConfiguration(System.ServiceModel.Description.ServiceCredentials) en System.ServiceModel.Configuration.ServiceCredentialsElement.CreateBehavior() en System.ServiceModel.Description.ConfigLoader.LoadBehaviors[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ServiceModel.Configuration.ServiceModelExtensionCollectionElement`1, System.Collections.Generic.KeyedByTypeCollection`1, Boolean) en System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(System.ServiceModel.ServiceHostBase, System.ServiceModel.Description.ServiceDescription, System.ServiceModel.Configuration.ServiceElement, System.Action`1, Boolean) en System.ServiceModel.ServiceHostBase.LoadConfigurationSectionInternal(System.ServiceModel.Description.ConfigLoader, System.ServiceModel.Description.ServiceDescription, System.ServiceModel.Configuration.ServiceElement) en System.ServiceModel.ServiceHostBase.ApplyConfiguration() en System.ServiceModel.ServiceHost.ApplyConfiguration() en System.ServiceModel.ServiceHostBase.InitializeDescription(System.ServiceModel.UriSchemeKeyedCollection) en System.ServiceModel.ServiceHost.InitializeDescription(System.Type, System.ServiceModel.UriSchemeKeyedCollection) en System.ServiceModel.ServiceHost..ctor(System.Type, System.Uri[]) en RootPaApp.RootPaWindowsService.startThread() en System.Threading.ThreadHelper.ThreadStart_Context(System.Object) en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) en System.Threading.ThreadHelper.ThreadStart() System errors: ============= Error: (03/11/2019 08:55:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} y APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (03/11/2019 11:46:41 AM) (Source: DCOM) (EventID: 10010) (User: JCHP-BLU3) Description: El servidor microsoft.windowscommunicationsapps_16005.11231.20192.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca no se registró con DCOM dentro del tiempo de espera requerido. Error: (03/11/2019 09:12:36 AM) (Source: DCOM) (EventID: 10016) (User: JCHP-BLU3) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} y APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} al usuario JCHP-BLU3\rmz-j con SID (S-1-5-21-3999284927-2579937426-3450252919-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (03/11/2019 09:10:59 AM) (Source: Disk) (EventID: 11) (User: ) Description: El controlador detectó un error de controladora en \Device\Harddisk1\DR1. Error: (03/11/2019 09:08:35 AM) (Source: DCOM) (EventID: 10016) (User: JCHP-BLU3) Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} y APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} al usuario JCHP-BLU3\rmz-j con SID (S-1-5-21-3999284927-2579937426-3450252919-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (03/11/2019 08:54:35 AM) (Source: DCOM) (EventID: 10016) (User: JCHP-BLU3) Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} y APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} al usuario JCHP-BLU3\rmz-j con SID (S-1-5-21-3999284927-2579937426-3450252919-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (03/11/2019 08:46:37 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys Error: (03/11/2019 08:42:35 AM) (Source: DCOM) (EventID: 10016) (User: JCHP-BLU3) Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} y APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} al usuario JCHP-BLU3\rmz-j con SID (S-1-5-21-3999284927-2579937426-3450252919-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Windows Defender: =================================== Date: 2018-11-14 09:25:48.709 Description: El examen de Antivirus de Windows Defender se detuvo antes de completarse. Id. de examen: {53C81269-790D-48F3-9C02-BCAB882B0099} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM Date: 2018-11-14 01:34:57.878 Description: El examen de Antivirus de Windows Defender se detuvo antes de completarse. Id. de examen: {B9AEAE8A-95AB-4D0F-A7AF-0F6DD7A267A4} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM Date: 2018-11-13 23:06:47.570 Description: El acceso controlado a carpetas bloqueó C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe para que no pueda modificar %userprofile%\Videos\BULL [ MICHAEL WEATHERLY ]\. Hora de detección: 2018-11-14T05:06:47.569Z Usuario: JCHP-BLU3\rmz-j Ruta de acceso: %userprofile%\Videos\BULL [ MICHAEL WEATHERLY ]\ Nombre del proceso: C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe Versión de la firma: 1.281.47.0 Versión del motor: 1.1.15400.5 Versión del producto: 4.18.1810.5 Date: 2018-11-13 00:47:55.619 Description: El acceso controlado a carpetas bloqueó C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe para que no pueda modificar %userprofile%\Videos\MACGYVER - Serie 2016\. Hora de detección: 2018-11-13T06:47:55.618Z Usuario: JCHP-BLU3\rmz-j Ruta de acceso: %userprofile%\Videos\MACGYVER - Serie 2016\ Nombre del proceso: C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe Versión de la firma: 1.279.1713.0 Versión del motor: 1.1.15400.4 Versión del producto: 4.18.1810.5 Date: 2018-11-13 00:05:52.117 Description: El acceso controlado a carpetas bloqueó C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe para que no pueda modificar %userprofile%\Videos\MACGYVER - Serie 2016\. Hora de detección: 2018-11-13T06:05:52.116Z Usuario: JCHP-BLU3\rmz-j Ruta de acceso: %userprofile%\Videos\MACGYVER - Serie 2016\ Nombre del proceso: C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe Versión de la firma: 1.279.1713.0 Versión del motor: 1.1.15400.4 Versión del producto: 4.18.1810.5 Date: 2018-11-08 07:55:42.250 Description: Antivirus de Windows Defender encontró un error al intentar actualizar las firmas. Nueva versión de firma: Versión de firma anterior: 1.279.1380.0 Origen de actualización: Servidor de Microsoft Update Tipo de firma: AntiVirus Tipo de actualización: Completa Usuario: NT AUTHORITY\SYSTEM Versión de motor actual: Versión de motor anterior: 1.1.15400.4 Código de error: 0x80240438 Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulta Ayuda y soporte técnico. Date: 2018-11-07 07:38:59.555 Description: Antivirus de Windows Defender encontró un error al intentar actualizar las firmas. Nueva versión de firma: Versión de firma anterior: 1.279.1307.0 Origen de actualización: Servidor de Microsoft Update Tipo de firma: AntiVirus Tipo de actualización: Completa Usuario: NT AUTHORITY\SYSTEM Versión de motor actual: Versión de motor anterior: 1.1.15400.4 Código de error: 0x80240438 Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulta Ayuda y soporte técnico. CodeIntegrity: =================================== Date: 2019-03-10 04:11:46.598 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements. Date: 2019-03-10 04:11:44.427 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements. Date: 2019-03-10 04:11:41.296 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements. Date: 2019-03-10 04:11:36.747 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements. Date: 2019-03-10 04:11:29.807 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements. Date: 2019-03-10 04:11:13.392 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements. Date: 2019-03-10 04:11:12.973 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements. Date: 2019-03-10 04:10:59.705 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\I18N64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: AMD A10-8700P Radeon R6, 10 Compute Cores 4C+6G Percentage of memory in use: 34% Total physical RAM: 11724.22 MB Available physical RAM: 7664.36 MB Total Virtual: 13516.22 MB Available Virtual: 9103.79 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:911.37 GB) (Free:8.39 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:18.92 GB) (Free:0 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (Elements) (Fixed) (Total:1863.01 GB) (Free:1.16 GB) NTFS \\?\Volume{e5063fac-1358-4a13-bbfd-4bc0bbc871c4}\ () (Fixed) (Total:0.84 GB) (Free:0.33 GB) NTFS \\?\Volume{adfad6f0-aa97-433e-aee6-d07dbe19d5f5}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 028F9E6E) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00123D72) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================