Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-07-2019 Ran by koneko (08-07-2019 01:43:02) Running from C:\Users\koneko\Downloads\instaladores Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2018-09-16 05:33:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-214190906-2147722573-1573341451-500 - Administrator - Disabled) Invitado (S-1-5-21-214190906-2147722573-1573341451-501 - Limited - Disabled) koneko (S-1-5-21-214190906-2147722573-1573341451-1000 - Administrator - Enabled) => C:\Users\koneko ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Illustrator CC 2018 (32 Bit) (HKLM\...\ILST_22_0_0_32) (Version: 22.0.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2018 (32 Bit) (HKLM\...\PHSP_19_1_6_32) (Version: 19.1.6 - Adobe Systems Incorporated) aTube Catcher versión 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) AutoHotkey 1.1.30.00 (HKLM\...\AutoHotkey) (Version: 1.1.30.00 - Lexikos) Brackets (HKLM\...\{9CB3A036-0B7E-49B7-A60B-291E245CA6B2}) (Version: 1.13.17696 - brackets.io) calibre (HKLM\...\{55763553-9485-4117-88D9-46237F7A5F08}) (Version: 3.36.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform) Cheat Engine 6.8.3 (HKLM\...\Cheat Engine 6.8.3_is1) (Version: - Cheat Engine) Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0190 - Disc Soft Ltd) Driver Easy 5.6.2 (HKLM\...\DriverEasy_is1) (Version: 5.6.2 - Easeware) Dropbox (HKLM\...\Dropbox) (Version: 75.4.141 - Dropbox, Inc.) Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden Final Fantasy VII Steam Edition version 1.0.9 (HKLM\...\{625A041D-65DA-4E68-9010-419ECD204314}_is1) (Version: 1.0.9 - Square Enix) Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.2.0.9297 - Foxit Software Inc.) Git version 2.22.0.windows.1 (HKLM\...\Git_is1) (Version: 2.22.0.windows.1 - The Git Development Community) Google Chrome (HKLM\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Hero Editor V1.04 (HKLM\...\ST6UNST #1) (Version: - ) ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel Learning Series Device Control Package (HKLM\...\{472686B5-1E04-402F-BDA1-8EBF1856C97B}) (Version: 2.0.11364.0 - Intel) Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.49.06.2016 - Intel Corporation) Java 8 Update 181 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation) Java 8 Update 192 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180192F0}) (Version: 8.0.1920.12 - Oracle Corporation) K-Lite Mega Codec Pack 15.0.0 (32-bit) (HKLM\...\KLiteCodecPack_is1) (Version: 15.0.0 - KLCP) Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Microsoft .NET Framework 4.7.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.02558 - Microsoft Corporation) Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual Studio Code (HKLM\...\{F8A2A208-72B3-4D61-95FC-8A65D340689B}_is1) (Version: 1.36.0 - Microsoft Corporation) Microsoft Visual Studio Code Insiders (HKLM\...\{C26E74D1-022E-4238-8B9D-1E7564A36CC9}_is1) (Version: 1.36.0 - Microsoft Corporation) Microsoft Web Platform Installer 5.0 (HKLM\...\{1D39E015-C3D2-45DE-B070-A69C5F2FB309}) (Version: 5.0.50430.0 - Microsoft Corporation) Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation) Mozilla Firefox 63.0.3 (x86 es-ES) (HKLM\...\Mozilla Firefox 63.0.3 (x86 es-ES)) (Version: 63.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming) NFS Underground 2 Mega Trainer (HKLM\...\ST6UNST #2) (Version: - ) NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version: - ) Node.js (HKLM\...\{D1D51467-044A-4A87-8AAB-BB7A99EE69DC}) (Version: 8.12.0 - Node.js Foundation) OpenOffice 4.1.6 (HKLM\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation) Opera Stable 60.0.3255.170 (HKU\S-1-5-21-214190906-2147722573-1573341451-1000\...\Opera 60.0.3255.170) (Version: 60.0.3255.170 - Opera Software) Phase Shift (HKLM\...\Phase Shift) (Version: 1.27 - DWSK) PPSSPP (HKLM\...\PPSSPP_is1) (Version: 1.7.1.0 - PPSSPP Team) Project64 version 2.3.2.202 (HKLM\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - ) Python 3.7.3 (32-bit) (HKU\S-1-5-21-214190906-2147722573-1573341451-1000\...\{24ac8299-2abd-4ddd-8be3-031debb6093c}) (Version: 3.7.3150.0 - Python Software Foundation) Python 3.7.3 Add to Path (32-bit) (HKLM\...\{2DB1318D-E51C-419B-99D5-D15F7120BD09}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden Python 3.7.3 Core Interpreter (32-bit) (HKLM\...\{33AB9CEA-621E-4064-9FB0-7048E79DB5B5}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden Python 3.7.3 Development Libraries (32-bit) (HKLM\...\{52DDE5D8-B45C-4C1D-81DD-D72317DE8B08}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden Python 3.7.3 Documentation (32-bit) (HKLM\...\{2BC067C0-B392-49C0-988B-C839C62D8B65}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden Python 3.7.3 Executables (32-bit) (HKLM\...\{E3E61712-C062-45E7-8348-D7DBF66FACFD}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden Python 3.7.3 pip Bootstrap (32-bit) (HKLM\...\{9846DC93-4A39-496F-8AE3-0E3AB4EF4385}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden Python 3.7.3 Standard Library (32-bit) (HKLM\...\{DC6190E7-D05E-465A-9FB6-7418BC901991}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden Python 3.7.3 Tcl/Tk Support (32-bit) (HKLM\...\{1341418F-C713-4943-ACB2-9F4D4743D193}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden Python 3.7.3 Test Suite (32-bit) (HKLM\...\{FE5E4BF9-7487-4CE8-A2AC-F78C6B4BE487}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden Python 3.7.3 Utility Scripts (32-bit) (HKLM\...\{AE9303AD-EBD0-4C85-A9D0-55B1BA972D11}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden Python Launcher (HKLM\...\{A28C27E4-A725-482A-9C65-61EDC0E4D583}) (Version: 3.7.6657.0 - Python Software Foundation) qBittorrent 4.1.2 (HKLM\...\qBittorrent) (Version: 4.1.2 - The qBittorrent project) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.100.422.2016 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8639 - Realtek Semiconductor Corp.) Realtek PC Camera (HKLM\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10275 - Realtek Semiconductor Corp.) Realtek PCI-E Wireless LAN Driver (HKLM\...\InstallShield_{70714FB7-4084-4202-A599-2D5935DECB67}) (Version: Drv_3.00.0015 - REALTEK Semiconductor Corp.) Revo Uninstaller Pro 4.1.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.1.0 - VS Revo Group, Ltd.) Ruby 2.5.3-1-x86 with MSYS2 (HKU\S-1-5-21-214190906-2147722573-1573341451-1000\...\RubyInstaller-2.5-i386-mingw32_is1) (Version: 2.5.3-1 - RubyInstaller Team) Sakura Dungeon (HKLM\...\DARKSiDERS - Sakura Dungeon) (Version: - DARKSiDERS) Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) TinyTask 1.70 (HKLM\...\TinyTask_is1) (Version: - TinyTask) TRENDnet TEW-807ECH AC1200 Dual Band Wireless PCIe Adapter (HKLM\...\{526BEFE2-30FF-4123-98F4-01554316DF3B}) (Version: 1.00.0212 - TRENDnet) VLC media player (HKLM\...\VLC media player) (Version: 3.0.7.1 - VideoLAN) WarCraft III versión 1.26a (HKLM\...\WarCraft III_is1) (Version: 1.26a - Blizzard Entertainment) WeMod (HKU\S-1-5-21-214190906-2147722573-1573341451-1000\...\WeMod) (Version: 5.4.1 - WeMod) WinDS PRO 2019.04.19 (HKLM\...\{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}_is1) (Version: 2019.04.19 - WinDS PRO Central) WinRAR 5.60 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH) XAMPP (HKLM\...\xampp) (Version: 7.1.11-0 - Bitnami) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2018-07-13] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-12-14] (Intel Corporation) [File not signed] ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2018-07-13] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2019-03-29] (VS Revo Group Ltd. -> VS Revo Group) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ==================== Loaded Modules (Whitelisted) ============== 2019-02-28 10:56 - 2019-02-28 10:56 - 000303104 _____ (Intel Corporation) [File not signed] C:\Windows\system32\igfxrESP.lrc 2018-09-16 01:36 - 2012-02-14 19:37 - 000535040 _____ (Realtek Semiconductor Corp. ) [File not signed] C:\Windows\system32\Rtlihvs.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000047104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000027136 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmlsettingsplugin.dll 2019-07-08 00:08 - 2019-02-01 09:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000037888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\dialogsprivateplugin.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000086016 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qml_winextras.dll 2019-07-08 00:08 - 2019-02-01 09:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\koneko\Downloads\guitar.ogg:com.dropbox.attributes [168] AlternateDataStreams: C:\Users\koneko\Downloads\guitar.ogg:com.dropbox.attrs [58] AlternateDataStreams: C:\Users\koneko\Downloads\MEGA-RECOVERYKEY.txt:com.dropbox.attributes [168] AlternateDataStreams: C:\Users\koneko\Downloads\MEGA-RECOVERYKEY.txt:com.dropbox.attrs [58] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-01-27 11:06 - 2019-06-27 07:25 - 000003378 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Ruby25\bin;C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Brackets\command;C:\Program Files\nodejs\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft VS Code\bin;C:\Program Files\Calibre2\;C:\Program Files\Git\cmd;C:\Program Files\Microsoft VS Code Insiders\bin HKU\S-1-5-21-214190906-2147722573-1573341451-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\koneko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: AdobeUpdateService => 2 MSCONFIG\Services: AGMService => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: DbxSvc => 2 MSCONFIG\Services: Device Control Service => 2 MSCONFIG\Services: Disc Soft Lite Bus Service => 3 MSCONFIG\Services: esifsvc => 2 MSCONFIG\Services: FileZilla Server => 2 MSCONFIG\Services: hshld => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun MSCONFIG\startupreg: Dropbox => "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6F21582C-7D92-4649-849A-63496B9E4596}] => (Allow) C:\Users\koneko\AppData\Local\Programs\Opera\60.0.3255.151\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{0101BE14-4DC0-4316-9DE8-0E022A9E711B}] => (Allow) C:\Users\koneko\AppData\Local\Programs\Opera\60.0.3255.170\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{935933A8-476A-4F7A-9D2B-9B7E9F472785}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{94DF0D13-09BD-40F2-AB24-F62950AB7B50}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) ==================== Restore Points ========================= 04-07-2019 00:00:03 Punto de control programado ==================== Faulty Device Manager Devices ============= Name: Unknown Device Description: Unknown Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Controladora de host USB estándar) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (07/07/2019 07:04:48 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema. Error: (07/07/2019 06:55:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema. Error: (07/07/2019 06:52:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema. Error: (07/07/2019 06:34:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: mbamtray.exe, versión: 3.1.0.1731, marca de tiempo: 0x5c5485d2 Nombre del módulo con errores: Qt5Core.dll, versión: 5.11.1.0, marca de tiempo: 0x5bfee344 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x001a86be Id. del proceso con errores: 0x384 Hora de inicio de la aplicación con errores: 0x01d5351400961a1c Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Id. del informe: 5b15cece-a107-11e9-abb6-c89cdc849008 Error: (07/07/2019 05:49:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: mbamservice.exe, versión: 3.2.0.765, marca de tiempo: 0x5c508a4a Nombre del módulo con errores: ScanControllerImpl.dll, versión: 3.2.0.922, marca de tiempo: 0x5c40a339 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x00051855 Id. del proceso con errores: 0x430 Hora de inicio de la aplicación con errores: 0x01d534f880db2290 Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Ruta de acceso del módulo con errores: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll Id. del informe: 16f1d511-a101-11e9-abb6-c89cdc849008 Error: (07/07/2019 12:28:40 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema. Error: (07/07/2019 12:20:56 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: No se puede abrir el objeto de rendimiento del servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado. Error: (07/07/2019 11:43:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema. System errors: ============= Error: (07/07/2019 11:11:05 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Se recibió la siguiente alerta irrecuperable: 40. Error: (07/07/2019 11:11:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Se recibió la siguiente alerta irrecuperable: 70. Error: (07/07/2019 11:11:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Se recibió la siguiente alerta irrecuperable: 70. Error: (07/07/2019 09:21:03 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: No se pudo registrar el nombre "WORKGROUP :1d" en la interfaz con dirección IP 192.168.1.104. El equipo la con dirección IP 192.168.1.106 no admite el nombre reclamado por este equipo. Error: (07/07/2019 09:15:51 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: No se pudo registrar el nombre "WORKGROUP :1d" en la interfaz con dirección IP 192.168.1.104. El equipo la con dirección IP 192.168.1.106 no admite el nombre reclamado por este equipo. Error: (07/07/2019 08:13:08 PM) (Source: bowser) (EventID: 8003) (User: ) Description: El explorador maestro recibió una notificación del equipo CRISTINA-PC que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{ADF7F01B-4FC2-4611-898C-462162. El explorador maestro está detenido o se está forzando una elección. Error: (07/07/2019 06:29:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio Malwarebytes Service terminó inesperadamente. Esto se ha repetido 2 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio. Error: (07/07/2019 05:51:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio Malwarebytes Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio. Windows Defender: =================================== Date: 2018-09-18 01:58:52.939 Description: El examen de Windows Defender se detuvo antes de completarse. Id. de examen:{0F9D2345-EE40-4D49-B430-3D327FC66ECB} Tipo de examen:AntiSpyware Parámetros de examen:Examen rápido Usuario:koneko-PC\koneko CodeIntegrity: =================================== Date: 2019-06-24 22:49:51.310 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Cheat Engine 6.8.3\dbk32.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2019-06-24 22:49:51.248 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Cheat Engine 6.8.3\dbk32.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2019-06-24 22:49:51.154 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Cheat Engine 6.8.3\dbk32.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2019-06-24 22:49:51.092 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Cheat Engine 6.8.3\dbk32.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2019-06-21 00:34:30.168 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Cheat Engine 6.8.3\dbk32.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2019-06-21 00:34:30.137 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Cheat Engine 6.8.3\dbk32.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2019-06-21 00:34:30.090 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Cheat Engine 6.8.3\dbk32.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2019-06-21 00:34:30.059 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Cheat Engine 6.8.3\dbk32.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema. ==================== Memory info =========================== BIOS: Phoenix ACRSYS - 6040000 04/05/2012 Motherboard: Intel Corporation Intel powered classmate PC Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz Percentage of memory in use: 72% Total physical RAM: 2037.36 MB Available physical RAM: 557.89 MB Total Virtual: 4074.72 MB Available Virtual: 1406.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:65.23 GB) NTFS \\?\Volume{34bbfee1-b975-11e8-ae3c-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 10D4E367) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================