Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01 Ran by Absent (18-07-2019 10:42:57) Running from C:\Users\Absent\Desktop Windows 10 Pro Version 1809 17763.615 (X64) (2018-11-16 17:21:22) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Absent (S-1-5-21-3126805088-1096401988-3500408547-1000 - Administrator - Enabled) => C:\Users\Absent Administrador (S-1-5-21-3126805088-1096401988-3500408547-500 - Administrator - Enabled) DefaultAccount (S-1-5-21-3126805088-1096401988-3500408547-503 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3126805088-1096401988-3500408547-1002 - Limited - Enabled) Invitado (S-1-5-21-3126805088-1096401988-3500408547-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3126805088-1096401988-3500408547-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Actualización de NVIDIA 37.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 37.0.0.0 - NVIDIA Corporation) Hidden Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated) AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.) BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.32.75.1002 - BlueStack Systems, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform) Cheat Engine 6.8.3 (HKLM-x32\...\Cheat Engine 6.8.3_is1) (Version: - Cheat Engine) Crash Bandicoot N Sane Trilogy MULTi6 - ElAmigos versión 1.0 (HKLM-x32\...\{327BFB1B-E44E-4824-9EB7-EA92A8D3CAEC}_is1) (Version: 1.0 - Activision) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.9.0.0677 - Disc Soft Ltd) Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software) Diablo MULTi7 - ElAmigos versión 1.09b (HKLM-x32\...\{8B6583BB-A564-4AFB-A33F-1CAC35EC65F7}_is1) (Version: 1.09b - Blizzard) Epic Games Launcher (HKLM-x32\...\{BB514C00-3DAB-4E6E-8F41-58A61FA35851}) (Version: 1.1.206.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Fallout 4 Spanish Language Pack (HKLM-x32\...\Fallout 4 Spanish Language Pack_is1) (Version: - ) Far Cry 3 Complete Collection versión 1.05 (HKLM-x32\...\{831C540A-FBC9-4511-A7A8-67BC3FACF7F5}_is1) (Version: 1.05 - UBISoft) Far Cry 5 Gold Edition MULTi15 - ElAmigos versión 1.2.0 (HKLM-x32\...\{94EF50C3-1479-48BE-8E80-D54680BCB911}_is1) (Version: 1.2.0 - Ubisoft) FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Grand Theft Auto V MULTi12 - ElAmigos versión 1.41 build 1180.1 (HKLM-x32\...\{4959470E-EDAC-4710-A636-276D79A81B94}_is1) (Version: 1.41 build 1180.1 - Rockstar Games) Hi-Rez Studios Games (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Hotspot Shield 7.15.1 (HKLM-x32\...\{3e29a499-0bcd-49f6-aa46-3e9ff41419f3}) (Version: 7.15.1.11114 - AnchorFree Inc.) Hotspot Shield 7.15.1 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925C117BE8D}) (Version: 7.15.1.11114 - AnchorFree Inc.) Hidden Hotspot Shield 7.15.1 (HKLM-x32\...\HotspotShield) (Version: 7.15.1 - AnchorFree Inc.) Hidden HWiNFO64 Version 5.90 (HKLM\...\HWiNFO64_is1) (Version: 5.90 - Martin Malík - REALiX) Java 8 Update 211 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180211F0}) (Version: 8.0.2110.12 - Oracle Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Mafia III Digital Deluxe MULTi13 - ElAmigos versión 1.090.0 (HKLM-x32\...\{442AA57B-BC41-4150-92EA-C857F7EA2AC2}_is1) (Version: 1.090.0 - 2K) Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Mario Kart 8 MULTi8 - ElAmigos versión 4.1 (HKLM-x32\...\{0904BD9C-9992-4619-A26A-EE56ADC78D6F}_is1) (Version: 4.1 - Nintendo) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft Office 365 ProPlus - es-es (HKLM\...\O365ProPlusRetail - es-es) (Version: 16.0.10730.20348 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{2D1ED4EA-B59D-4665-ACB3-9325872A300D}) (Version: 1.0.4.0 - Mojang) MSI Afterburner 4.6.1 (HKLM-x32\...\Afterburner) (Version: 4.6.1 - MSI Co., LTD) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6 - Notepad++ Team) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden NVIDIA Controlador de audio HD 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation) NVIDIA Controlador de gráficos 431.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 431.36 - NVIDIA Corporation) NVIDIA GeForce Experience 3.19.0.107 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.107 - NVIDIA Corporation) NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20348 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20348 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20348 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.10730.20348 - Microsoft Corporation) Hidden Operation7 (HKLM-x32\...\Operation7_is1) (Version: 1 - Softnyx Co., Ltd.) Panel de control de NVIDIA 431.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 431.36 - NVIDIA Corporation) Hidden PUBG Lite (HKLM-x32\...\PUBG Lite_is1) (Version: 1.0.0.6 - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek) Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.) RivaTuner Statistics Server 7.2.2 (HKLM-x32\...\RTSS) (Version: 7.2.2 - Unwinder) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - ) WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH) World War Z MULTi10 - ElAmigos versión 1.10 (HKLM-x32\...\{27121E3A-7489-4CBE-A815-D01BE1B719AF}_is1) (Version: 1.10 - Focus Home Interactive) Worms Clan Wars (HKLM-x32\...\Worms Clan Wars_is1) (Version: - Team17 Digital Ltd) Packages: ========= Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-10] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-12] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-12] (Microsoft Corporation) [MS Ad] MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.478.0_x64__mcm4njqhnhss8 [2019-06-27] (Netflix, Inc.) SoundCloud for Windows (Beta) -> C:\Program Files\WindowsApps\SoundcloudLtd.SoundCloudforWindowsBeta_1.1.36.0_x64__2xc63xn306dnw [2019-01-14] (Soundcloud Ltd.) Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.7.33.0_x64__43tkc6nmykmb6 [2019-07-13] (Ookla) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0 [2019-07-02] (Spotify AB) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3126805088-1096401988-3500408547-1000_Classes\CLSID\{6807C9E2-7EB5-4451-AE11-85E34F294E7A} -> [MEGA] => C:\Users\Absent\Downloads\MEGA [2019-02-01 12:18] CustomCLSID: HKU\S-1-5-21-3126805088-1096401988-3500408547-1000_Classes\CLSID\{EF7E71C9-8012-4BE3-BB46-AC5A0D278A19} -> [Tesis] => C:\Users\Absent\Desktop\Tesis [2019-05-22 14:37] ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-11-12] (Notepad++ -> ) ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-07-03] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Absent\Juegos\Mario Kart 8.lnk -> H:\Mario Kart 8\cemu\StartGame.bat () ==================== Loaded Modules (Whitelisted) ============== 2018-11-16 17:31 - 2018-11-16 17:30 - 000662016 _____ () [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll 2018-11-16 17:32 - 2011-07-12 18:14 - 000147456 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll 2018-11-16 17:32 - 2012-10-08 16:07 - 000972288 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll 2018-11-16 17:32 - 2010-09-08 20:25 - 000053248 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\cpuutil.dll 2018-11-16 17:33 - 2013-05-08 16:22 - 001040896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll 2018-11-16 17:32 - 2010-10-05 07:22 - 000208896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll 2018-11-16 17:32 - 2010-10-05 07:22 - 000253952 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll 2018-11-16 17:32 - 2012-05-28 20:27 - 001622528 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll 2018-11-16 17:32 - 2009-08-12 19:15 - 000253952 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll 2018-11-16 17:32 - 2013-04-15 13:19 - 000883712 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll 2018-11-16 17:32 - 2011-09-19 19:18 - 001243136 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll 2018-11-16 17:32 - 2011-07-21 08:06 - 000846848 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll 2018-11-16 17:32 - 2012-08-29 17:09 - 000875520 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll 2018-11-16 17:33 - 2018-11-16 17:30 - 000043520 ____N () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll 2018-11-16 17:33 - 2013-08-19 16:21 - 000253952 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll 2018-11-16 17:31 - 2018-11-16 17:30 - 000104448 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll 2018-11-16 17:31 - 2019-07-18 10:32 - 000033792 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll 2019-04-21 04:33 - 2019-04-21 04:33 - 000232448 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll 2019-04-21 04:32 - 2019-04-21 04:32 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll 2019-04-21 04:33 - 2019-04-21 04:33 - 000649216 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2019-04-21 04:32 - 2019-04-21 04:32 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2019-04-21 04:33 - 2019-04-21 04:33 - 000367104 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll 2019-03-09 03:50 - 2019-03-09 03:50 - 000057344 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll 2019-03-09 03:51 - 2019-03-09 03:51 - 000072704 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll 2019-03-09 03:50 - 2019-03-09 03:50 - 000364544 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll 2018-11-16 17:31 - 2018-11-16 17:30 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\ASACPI.DLL 2018-11-16 17:32 - 2010-08-09 20:33 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\AsAcpi.dll 2018-11-16 17:32 - 2010-09-08 20:25 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\asacpi.dll 2018-11-16 17:33 - 2013-08-19 16:21 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\ASACPI.DLL 2018-11-16 17:33 - 2018-11-16 17:30 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsAcpi.dll 2018-11-16 17:31 - 2018-11-16 17:30 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\asacpiEx.dll 2018-11-16 17:32 - 2010-08-12 06:52 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\asacpiEx.dll 2018-11-16 17:32 - 2010-10-05 07:22 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\AsMultiLang.dll 2019-06-17 13:14 - 2013-01-15 10:52 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\AsMultiLang.dll 2019-06-17 13:14 - 2013-01-15 10:52 - 001086464 _____ (ASUSTek Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll 2018-11-16 17:32 - 2010-09-08 20:25 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\AsMultiLang.dll 2018-11-16 17:32 - 2010-09-08 20:25 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\asacpiEx.dll 2018-11-16 17:32 - 2010-09-08 20:25 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\AsMultiLang.dll 2018-11-16 17:32 - 2013-08-26 13:00 - 001016320 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\CpuFrequency.dll 2018-11-16 17:33 - 2012-11-12 13:56 - 001095680 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\FAN Xpert\FANXpert.dll 2018-11-16 17:32 - 2010-03-08 16:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AsMultiLang.dll 2018-11-16 17:32 - 2010-03-08 16:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Splitter\AsMultiLang.dll 2018-11-16 17:33 - 2012-12-25 10:55 - 001236992 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\System Information\SystemInfo.dll 2018-11-16 17:32 - 2010-03-08 16:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\AsMultiLang.dll 2018-11-16 17:33 - 2013-08-19 16:21 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\asacpiEx.dll 2018-11-16 17:33 - 2013-08-19 16:21 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\AsMultiLang.dll 2018-11-16 17:33 - 2013-08-19 16:21 - 001876992 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\IccHelper_old.dll 2018-11-16 17:33 - 2013-08-19 16:21 - 001643008 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVEVO.dll 2018-11-16 17:33 - 2013-08-19 16:21 - 001108992 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe 2018-11-16 17:33 - 2010-03-08 16:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\AsMultiLang.dll 2018-11-16 17:33 - 2014-02-17 14:03 - 000886272 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\Express.dll 2018-11-16 17:33 - 2018-11-16 17:30 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\asacpiEx.dll 2018-11-16 17:33 - 2018-11-16 17:31 - 001632256 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe 2017-09-14 02:37 - 2017-09-14 02:37 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qgif.dll 2017-09-14 02:42 - 2017-09-14 02:42 - 000033280 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qicns.dll 2017-09-14 02:37 - 2017-09-14 02:37 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qico.dll 2017-09-14 02:37 - 2017-09-14 02:37 - 000245760 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qjpeg.dll 2017-09-14 02:42 - 2017-09-14 02:42 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qsvg.dll 2017-09-14 02:42 - 2017-09-14 02:42 - 000020992 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qtga.dll 2017-09-14 02:42 - 2017-09-14 02:42 - 000316416 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qtiff.dll 2017-09-14 02:42 - 2017-09-14 02:42 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qwbmp.dll 2017-09-14 02:42 - 2017-09-14 02:42 - 000322560 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\imageformats\qwebp.dll 2017-09-14 02:37 - 2017-09-14 02:37 - 001010688 _____ (The Qt Company Ltd) [File not signed] C:\Users\Absent\AppData\Local\MEGAsync\platforms\qwindows.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Absent\Datos de programa:7dd1e1189f9fcf05a559dccee48d89c6 [362] AlternateDataStreams: C:\Users\Absent\Datos de programa:fbd50e2f7662a5c33287ddc6e65ab5a1 [394] AlternateDataStreams: C:\Users\Absent\AppData\Roaming:7dd1e1189f9fcf05a559dccee48d89c6 [362] AlternateDataStreams: C:\Users\Absent\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [440] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\sharepoint.com -> hxxps://inacapmailcl-files.sharepoint.com IE trusted site: HKU\S-1-5-21-3126805088-1096401988-3500408547-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07182019103922936\...\sharepoint.com -> hxxps://inacapmailcl-files.sharepoint.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2019-06-21 19:34 - 000000002 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07182019103922889\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07182019103922914\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Absent\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20190526_121859.jpg HKU\S-1-5-21-3126805088-1096401988-3500408547-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07182019103922936\Control Panel\Desktop\\Wallpaper -> C:\Users\Absent\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20190526_121859.jpg DNS Servers: 1.1.1.1 - 1.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "SecurityHealth" HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\StartupApproved\Run: => "ZUKR35S3BSTZNSD" HKU\S-1-5-21-3126805088-1096401988-3500408547-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07182019103922936\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3126805088-1096401988-3500408547-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07182019103922936\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3126805088-1096401988-3500408547-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07182019103922936\...\StartupApproved\Run: => "ZUKR35S3BSTZNSD" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{9A426C59-CFE4-4B08-AFFA-6F0E7FCBB450}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [{5B970E7D-3798-4862-BE8E-5A8898C46230}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [{661B969A-3BF7-4B8E-B881-1B74ED55E69F}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) FirewallRules: [{ACB7B0C9-F0E4-4D31-A79C-D8D431E52CF2}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) FirewallRules: [TCP Query User{6E0CBAC0-CE26-462F-8D5B-81D06256847A}F:\games\worms clan wars\wormsclanwars.exe] => (Allow) F:\games\worms clan wars\wormsclanwars.exe () [File not signed] FirewallRules: [UDP Query User{06CC0256-211D-4698-B27E-5DF46D7581CE}F:\games\worms clan wars\wormsclanwars.exe] => (Allow) F:\games\worms clan wars\wormsclanwars.exe () [File not signed] FirewallRules: [{D166D9F2-C150-4158-AC9A-C32B50A1C825}] => (Block) LPort=9150 FirewallRules: [{63DB08A4-C520-40B4-9B88-7652286A43AD}] => (Block) LPort=9150 FirewallRules: [{B36CB414-E39C-4CE5-AAB2-8068464A5D0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{BC94B87A-3073-47FB-AEB9-69A6B5011F5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{43C44605-3869-4DCC-806B-5C1EF1A04484}] => (Allow) F:\SteamLibrary\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{91218BA7-6BDE-459F-9BB4-A039EE1CF18F}] => (Allow) F:\SteamLibrary\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{DA7D07C9-866A-4B43-BD40-21F1D1DA8F22}] => (Allow) F:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{8C91BEA3-F7D0-4143-A6B4-7CBAA1F8F239}] => (Allow) F:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [TCP Query User{D6B5C219-68DB-4E9A-994A-F4B692D54E39}F:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) F:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [UDP Query User{925174D1-9ED0-46BA-A9B3-6BA3FDACFD0B}F:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) F:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [{7B7498F4-30FD-4A92-987C-D8A8BB6B02A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B8DDC3AE-5682-4F55-A967-05FC76B6FC39}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{6952FD5E-2946-471B-B0E2-006AFA7E8D04}] => (Allow) H:\gta\Grand Theft Auto V\GTA5.exe (Rockstar Games) [File not signed] FirewallRules: [{3D5412FC-7F3B-4DC0-ABC9-6395CC05CE9D}] => (Allow) H:\gta\Grand Theft Auto V\GTA5.exe (Rockstar Games) [File not signed] FirewallRules: [TCP Query User{7B6EB7A0-7E2D-45C6-B0CA-DC225343D2E4}E:\games\crash bandicoot n sane trilogy\crashbandicootnsanetrilogy.exe] => (Allow) E:\games\crash bandicoot n sane trilogy\crashbandicootnsanetrilogy.exe (Activision Publishing Inc -> ) [File not signed] FirewallRules: [UDP Query User{578D5B46-7B7A-4FF8-A61B-D6B75C03CA88}E:\games\crash bandicoot n sane trilogy\crashbandicootnsanetrilogy.exe] => (Allow) E:\games\crash bandicoot n sane trilogy\crashbandicootnsanetrilogy.exe (Activision Publishing Inc -> ) [File not signed] FirewallRules: [{1C34547E-D997-4A2A-9DC6-2D64E1D98280}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{A947FDCC-8E84-4E9B-AD54-61F06BE0841F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{BFA584A9-1F62-4BFC-BC51-1998FECE61CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{DACD4A41-7546-4797-AD75-8032A37F56AF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{AF3F5425-FF37-44CF-8B04-7D14AD66C2FB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{B0CCA880-7009-420C-91D6-BFAA465F0B22}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D906C437-4550-48B7-8902-8400DD122F70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{4F556003-2D29-4AAD-A850-36F3576FB8F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{9019B4CE-36B2-409F-A91A-5C6455B4218E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{8A48955F-0DFC-4A3F-83AB-E9BFBE89BB1D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{3B34938B-B5E5-4B90-A965-23CCC6398F02}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6C5B577F-2668-407C-845A-1F858443B49D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{49B67A4F-9439-4349-AD7F-122E65C35C2A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6E4E82C3-04AF-4676-B8D1-9109687E33D4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{30DC43D2-D05B-45A8-A82E-27C4BCFA0C65}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{5F117B1F-EECE-4B3B-A0AF-9E926BAC76B9}D:\games\far cry 3 complete collection\far cry 3\bin\farcry3.exe] => (Block) D:\games\far cry 3 complete collection\far cry 3\bin\farcry3.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [UDP Query User{943EDA77-6450-461C-83C0-F9E5DBEE904D}D:\games\far cry 3 complete collection\far cry 3\bin\farcry3.exe] => (Block) D:\games\far cry 3 complete collection\far cry 3\bin\farcry3.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [TCP Query User{AF52E683-2729-4771-950B-7F3154DEBD89}D:\games\far cry 3 complete collection\far cry 3\bin\farcry3_d3d11.exe] => (Block) D:\games\far cry 3 complete collection\far cry 3\bin\farcry3_d3d11.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [UDP Query User{FE0EE2C3-49D1-4FDC-A019-84A25B7A1722}D:\games\far cry 3 complete collection\far cry 3\bin\farcry3_d3d11.exe] => (Block) D:\games\far cry 3 complete collection\far cry 3\bin\farcry3_d3d11.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment) FirewallRules: [TCP Query User{0EF935CB-AB2E-446A-99F2-765B0501C1D7}D:\games\world war z\en_us\client\bin\pc\wwzretailegs.exe] => (Block) D:\games\world war z\en_us\client\bin\pc\wwzretailegs.exe (Saber Interactive) [File not signed] FirewallRules: [UDP Query User{1504FD53-9062-4B3F-909C-E6032A584294}D:\games\world war z\en_us\client\bin\pc\wwzretailegs.exe] => (Block) D:\games\world war z\en_us\client\bin\pc\wwzretailegs.exe (Saber Interactive) [File not signed] FirewallRules: [TCP Query User{FAAC5A13-7779-4975-B352-D508C2DC91D8}D:\games\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\games\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe (PUBG CORPORATION -> PUBG Works) FirewallRules: [UDP Query User{18F88133-5D7D-4131-A6A7-8002E21C176B}D:\games\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\games\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe (PUBG CORPORATION -> PUBG Works) FirewallRules: [{2DAE158B-45D6-44CA-BD91-7607C2EF8D2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{BFE50C83-38FC-4F79-9E14-2AB393C764E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{D7B60F55-5301-4D9C-B807-05B2AE3D14F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{E35C5A6D-9F06-4C44-9CE2-560EB2141930}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{685E5532-C3D3-4D0E-9BD7-EBE9BDD184E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 01-07-2019 12:41:21 Revo Uninstaller's restore point - CCleaner 01-07-2019 12:44:13 Revo Uninstaller's restore point - Desktop Capture Engine 01-07-2019 12:53:56 Restore Point Created by FRST 02-07-2019 12:42:21 Restore Point Created by FRST 02-07-2019 20:58:27 Revo Uninstaller's restore point - Office 02-07-2019 21:01:10 Revo Uninstaller's restore point - OneNote 07-07-2019 20:02:12 Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 08-07-2019 10:38:18 Instalador de Módulos de Windows 15-07-2019 10:57:01 Punto de control programado ==================== Faulty Device Manager Devices ============= Name: Controladora de sonido multimedia Description: Controladora de sonido multimedia Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/18/2019 10:31:00 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido. . Operación: Ejecutando operación asincrónica Contexto: Estado actual: DoSnapshotSet Error: (07/18/2019 10:30:30 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado. . A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud. Operación: Recopilando datos del escritor Contexto: Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220} Nombre del escritor: System Writer Id. de instancia del escritor: {d21b83ee-3c98-4aba-b79c-144445a579a7} Error: (07/18/2019 10:18:46 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (07/17/2019 12:59:59 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (07/16/2019 06:22:57 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (07/15/2019 11:20:35 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY) Description: Windows no puede descargar su archivo de Registro. No se ha liberado la memoria usada por el Registro. La causa de este problema suelen ser servicios ejecutándose como cuentas de usuario. Intente configurar los servicios para ejecutarse en la cuenta LocalService o NetworkService. DETALLE - Acceso denegado. Error: (07/15/2019 11:20:35 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1512) (User: NT AUTHORITY) Description: Windows no puede descargar su archivo de Registro. No se ha liberado la memoria usada por el Registro. La causa de este problema suelen ser servicios ejecutándose como cuentas de usuario. Intente configurar los servicios para ejecutarse en la cuenta LocalService o NetworkService. DETALLE - Acceso denegado. Error: (07/15/2019 10:16:55 AM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: El servicio Windows Search no pudo procesar la lista de ubicaciones incluidas y excluidas. Error: <30, 0x80040d07, "iehistory://{S-1-5-21-3126805088-1096401988-3500408547-1000}/">. System errors: ============= Error: (07/18/2019 10:35:33 AM) (Source: DCOM) (EventID: 10016) (User: ABSENTPPC) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario AbsentpPC\Absent con SID (S-1-5-21-3126805088-1096401988-3500408547-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (07/18/2019 10:32:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID Windows.SecurityCenter.SecurityAppBroker y APPID No disponible al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (07/18/2019 10:32:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID Windows.SecurityCenter.WscDataProtection y APPID No disponible al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (07/18/2019 10:32:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID Windows.SecurityCenter.WscBrokerManager y APPID No disponible al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (07/18/2019 10:32:53 AM) (Source: DCOM) (EventID: 10016) (User: ABSENTPPC) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario AbsentpPC\Absent con SID (S-1-5-21-3126805088-1096401988-3500408547-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0 (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (07/18/2019 10:30:58 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: El Administrador de control de servicios intentó realizar una acción correctora (Reiniciar el servicio) después de la terminación inesperada del servicio Windows Search, pero ocurrió el siguiente error: Ya se está ejecutando una instancia de este servicio. Error: (07/18/2019 10:30:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: El servicio Disc Soft Lite Bus Service se terminó de manera inesperada. Esto ha sucedido 1 veces. Error: (07/18/2019 10:30:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio. Windows Defender: =================================== Date: 2019-07-09 16:54:01.255 Description: El examen de Antivirus de Windows Defender se detuvo antes de completarse. Id. de examen: {7862B270-90C6-459A-85BF-CB3B1B13D6B2} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM Date: 2019-07-02 21:24:48.666 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0 Nombre: Trojan:Win32/Tiggre!plock Id.: 2147723626 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: driver:_e0357e2a3fca78a2; file:_C:\WINDOWS\system32\drivers\e0357e2a3fca78a2.sys Origen de detección: Equipo local Tipo de detección: FastPath Fuente de detección: Sistema Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: C:\Windows\explorer.exe Versión de firma: AV: 1.297.318.0, AS: 1.297.318.0, NIS: 1.297.318.0 Versión de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4 Date: 2019-07-02 21:24:09.643 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0 Nombre: Trojan:Win32/Tiggre!plock Id.: 2147723626 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: driver:_e0357e2a3fca78a2; file:_C:\WINDOWS\system32\drivers\e0357e2a3fca78a2.sys Origen de detección: Equipo local Tipo de detección: FastPath Fuente de detección: Sistema Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Versión de firma: AV: 1.297.318.0, AS: 1.297.318.0, NIS: 1.297.318.0 Versión de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4 Date: 2019-07-02 21:21:59.131 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0 Nombre: Trojan:Win32/Tiggre!plock Id.: 2147723626 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: driver:_e0357e2a3fca78a2; file:_C:\WINDOWS\system32\drivers\e0357e2a3fca78a2.sys Origen de detección: Equipo local Tipo de detección: FastPath Fuente de detección: Sistema Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: C:\Windows\explorer.exe Versión de firma: AV: 1.297.318.0, AS: 1.297.318.0, NIS: 1.297.318.0 Versión de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4 Date: 2019-07-02 21:18:32.749 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0 Nombre: Trojan:Win32/Tiggre!plock Id.: 2147723626 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: driver:_e0357e2a3fca78a2; file:_C:\WINDOWS\system32\drivers\e0357e2a3fca78a2.sys Origen de detección: Equipo local Tipo de detección: FastPath Fuente de detección: Sistema Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: Unknown Versión de firma: AV: 1.297.318.0, AS: 1.297.318.0, NIS: 1.297.318.0 Versión de motor: AM: 1.1.16100.4, NIS: 1.1.16100.4 CodeIntegrity: =================================== Date: 2019-07-15 11:21:41.469 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-07-15 11:21:41.443 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-07-15 11:21:41.401 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-07-15 11:21:41.378 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-07-05 19:51:04.449 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system. Date: 2019-07-05 19:04:27.416 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system. Date: 2019-07-05 18:15:00.328 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system. Date: 2019-07-05 17:27:00.195 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: American Megatrends Inc. 2501 04/09/2014 Motherboard: ASUSTeK COMPUTER INC. M5A97 LE R2.0 Processor: AMD FX(tm)-8320 Eight-Core Processor Percentage of memory in use: 52% Total physical RAM: 8093.12 MB Available physical RAM: 3833.48 MB Total Virtual: 16541.12 MB Available Virtual: 10356.62 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:110.87 GB) (Free:39.13 GB) NTFS Drive d: (Windows) (Fixed) (Total:442.83 GB) (Free:136.31 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (Disco de Multimedia) (Fixed) (Total:146.48 GB) (Free:76.18 GB) NTFS Drive f: (Disco Juegos) (Fixed) (Total:195.31 GB) (Free:46.59 GB) NTFS Drive g: (RECOVERY) (Fixed) (Total:21.35 GB) (Free:2.16 GB) NTFS ==>[system with boot components (obtained from drive)] Drive h: (Cosas) (Fixed) (Total:123.84 GB) (Free:11.99 GB) NTFS \\?\Volume{a8801747-ae00-11e8-94fb-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS \\?\Volume{3fc227da-7ec8-4f27-809d-9e9948a6d1d3}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.13 GB) NTFS \\?\Volume{bff38b3a-b677-43ff-aa5f-0111e0f152b1}\ () (Fixed) (Total:0.81 GB) (Free:0.34 GB) NTFS \\?\Volume{1240bd0f-0000-0000-0000-00be1b000000}\ () (Fixed) (Total:0.82 GB) (Free:0.34 GB) NTFS \\?\Volume{b457c898-625e-472f-bdcc-804d38a32003}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 1240BD0F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=110.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=839 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 2DFD2DFC) Partition: GPT. ======================================================== Disk: 2 (Size: 465.8 GB) (Disk ID: 1E1F4777) Partition: GPT. ==================== End of Addition.txt ============================