Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-12-2019 Ran by Guillermo (06-12-2019 21:31:46) Running from C:\Users\Guillermo\Desktop Windows 10 Pro Version 1903 18362.476 (X64) (2019-08-11 21:05:00) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1651002052-1764723500-360319929-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1651002052-1764723500-360319929-503 - Limited - Disabled) Guillermo (S-1-5-21-1651002052-1764723500-360319929-1001 - Administrator - Enabled) => C:\Users\Guillermo Invitado (S-1-5-21-1651002052-1764723500-360319929-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-1651002052-1764723500-360319929-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} FW: ESET Cortafuegos (Enabled) {B066057A-E576-007C-D591-56C163D3B33B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1651002052-1764723500-360319929-1001\...\uTorrent) (Version: 3.5.5.45311 - BitTorrent Inc.) Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.021.20056 - Adobe Systems Incorporated) Android USB Driver (HKLM-x32\...\Z5 Android USB Driver_is1) (Version: - ) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software) Backup and Sync from Google (HKLM\...\{93EBD8BA-7A14-4636-8F1F-E929ADF2C3A9}) (Version: 3.47.7654.0300 - Google, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform) Chrome Remote Desktop Host (HKLM-x32\...\{738276A2-92E7-4313-9E4D-D090F7DA98EC}) (Version: 79.0.3945.10 - Google Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 87.3.125 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.243.1 - Dropbox, Inc.) Hidden Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden ESET Security (HKLM\...\{6D46484B-0BE2-4060-9CD3-FA87ED960ED9}) (Version: 13.0.22.0 - ESET, spol. s r.o.) Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group) GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.45.5307 - GOM & Company) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden IBM SPSS Statistics 24 (HKLM\...\{4762AE15-E5A3-43BF-8822-1CFC70FB147A}) (Version: 24.0.0.0 - IBM Corp) Intel(R) Chipset Device Software (HKLM-x32\...\{b2573549-8593-4d8d-b795-d0eed7b6d412}) (Version: 10.1.1.45 - Intel(R) Corporation) Intel® Hardware Accelerated Execution Manager (HKLM\...\{73D60EDA-FD00-4CB4-8723-212AFB2219CF}) (Version: 7.3.0 - Intel Corporation) Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1651002052-1764723500-360319929-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Nitro Pro 10 (HKLM\...\{7242D889-1E07-40C9-8FC6-670707B34EE1}) (Version: 10.5.9.9 - Nitro) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.) Prerequisite installer (HKLM-x32\...\{37E15A76-F310-4C62-9D32-EE96C83BBD2C}) (Version: 20.2.0001 - Nero AG) Hidden R for Windows 3.5.2 (HKLM\...\R for Windows 3.5.2_is1) (Version: 3.5.2 - R Core Team) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.30.815.2018 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.) RStudio (HKLM-x32\...\RStudio) (Version: 1.1.463 - RStudio) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) USB Drive Antivirus 3.01 (HKLM-x32\...\USB Drive Antivirus_is1) (Version: - USB Antivirus) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN) vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden WhatsApp (HKU\S-1-5-21-1651002052-1764723500-360319929-1001\...\WhatsApp) (Version: 0.3.9308 - WhatsApp) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) Packages: ========= Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.) Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20276.0_x64__8wekyb3d8bbwe [2019-11-26] (Microsoft Corporation) [MS Ad] Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.3587.0_x64__rz1tebttyb220 [2019-10-05] (Dolby Laboratories) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-08-11] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-25] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-25] (Microsoft Corporation) [MS Ad] Microsoft Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-14] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-10] (Microsoft Studios) [MS Ad] MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-24] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1651002052-1764723500-360319929-1001_Classes\CLSID\{47F4F762-C23D-4233-B103-999538479649} -> [MEGAsync] => C:\Users\Guillermo\Documents\MEGAsync [2018-05-21 18:14] CustomCLSID: HKU\S-1-5-21-1651002052-1764723500-360319929-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Guillermo\Dropbox [2018-05-21 18:15] ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-10-03] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-24] (Google LLC -> Google) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 10\NPShellExtension.dll [2016-07-22] (Nitro Software, Inc. -> Nitro PDF) ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-10-03] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-29] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-24] (Google LLC -> Google) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Guillermo\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-16] (Mega Limited -> ) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-10] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-10-03] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-29] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Guillermo\Desktop\Guillermo - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Guillermo\Desktop\Primer usuario - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\Guillermo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Escritorio Remoto de Chrome (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\Guillermo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Escritorio Remoto de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\Guillermo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Simple EPUB Reader.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=ojhbgcchcbdjdenibfmjofobklkkhofc ShortcutWithArgument: C:\Users\Guillermo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Guillermo - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============= 2019-12-06 00:26 - 2019-12-06 00:26 - 000114176 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\_ctypes.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000173056 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\_elementtree.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 001808896 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\_hashlib.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000032256 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\_multiprocessing.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000046080 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\_psutil_windows.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000047616 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\_socket.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 002241024 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\_ssl.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000026112 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\_yappi.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000080896 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\bz2.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000016384 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\common.time34.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000007680 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\hashobjs_ext.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000301568 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\PIL._imaging.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000169472 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\pyexpat.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 001084416 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\pysqlite2._sqlite.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000548864 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\pythoncom27.dll 2019-12-06 00:26 - 2019-12-06 00:26 - 000137728 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\pywintypes27.dll 2019-12-06 00:26 - 2019-12-06 00:26 - 000010752 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\select.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000020992 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\thumbnails_ext.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000689664 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\unicodedata.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000119808 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\usb_ext.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000128512 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\win32api.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000438784 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\win32com.shell.shell.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000011776 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\win32crypt.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000023040 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\win32event.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000149504 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\win32file.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000223232 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\win32gui.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000048128 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\win32inet.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000029696 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\win32pdh.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000027648 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\win32pipe.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000044032 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\win32process.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000020480 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\win32profile.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000136192 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\win32security.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000026624 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\win32ts.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000034816 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\windows.conditional.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000038400 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\windows.connectivity.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000071680 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\windows.device_monitor.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000109056 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\windows.volumes.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 000020480 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\windows.winwrap.pyd 2019-12-06 00:27 - 2019-12-06 00:27 - 001325056 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\wx._controls_.pyd 2019-12-06 00:27 - 2019-12-06 00:27 - 001489408 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\wx._core_.pyd 2019-12-06 00:27 - 2019-12-06 00:27 - 001007104 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\wx._gdi_.pyd 2019-12-06 00:27 - 2019-12-06 00:27 - 000103424 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\wx._html2.pyd 2019-12-06 00:27 - 2019-12-06 00:27 - 000916992 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\wx._misc_.pyd 2019-12-06 00:27 - 2019-12-06 00:27 - 001039872 _____ () [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\wx._windows_.pyd 2019-12-06 00:26 - 2019-12-06 00:26 - 003042816 _____ (Python Software Foundation) [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\python27.dll 2017-09-14 03:37 - 2017-09-14 03:37 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Users\Guillermo\AppData\Local\MEGAsync\imageformats\qgif.dll 2017-09-14 03:42 - 2017-09-14 03:42 - 000033280 _____ (The Qt Company Ltd) [File not signed] C:\Users\Guillermo\AppData\Local\MEGAsync\imageformats\qicns.dll 2017-09-14 03:37 - 2017-09-14 03:37 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\Users\Guillermo\AppData\Local\MEGAsync\imageformats\qico.dll 2017-09-14 03:37 - 2017-09-14 03:37 - 000245760 _____ (The Qt Company Ltd) [File not signed] C:\Users\Guillermo\AppData\Local\MEGAsync\imageformats\qjpeg.dll 2017-09-14 03:42 - 2017-09-14 03:42 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Users\Guillermo\AppData\Local\MEGAsync\imageformats\qsvg.dll 2017-09-14 03:42 - 2017-09-14 03:42 - 000020992 _____ (The Qt Company Ltd) [File not signed] C:\Users\Guillermo\AppData\Local\MEGAsync\imageformats\qtga.dll 2017-09-14 03:42 - 2017-09-14 03:42 - 000316416 _____ (The Qt Company Ltd) [File not signed] C:\Users\Guillermo\AppData\Local\MEGAsync\imageformats\qtiff.dll 2017-09-14 03:42 - 2017-09-14 03:42 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\Users\Guillermo\AppData\Local\MEGAsync\imageformats\qwbmp.dll 2017-09-14 03:42 - 2017-09-14 03:42 - 000322560 _____ (The Qt Company Ltd) [File not signed] C:\Users\Guillermo\AppData\Local\MEGAsync\imageformats\qwebp.dll 2017-09-14 03:37 - 2017-09-14 03:37 - 001010688 _____ (The Qt Company Ltd) [File not signed] C:\Users\Guillermo\AppData\Local\MEGAsync\platforms\qwindows.dll 2019-12-06 00:27 - 2019-12-06 00:27 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\wxbase30u_net_vc90_x64.dll 2019-12-06 00:27 - 2019-12-06 00:27 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\wxbase30u_vc90_x64.dll 2019-12-06 00:27 - 2019-12-06 00:27 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\wxmsw30u_adv_vc90_x64.dll 2019-12-06 00:27 - 2019-12-06 00:27 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\wxmsw30u_core_vc90_x64.dll 2019-12-06 00:27 - 2019-12-06 00:27 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\wxmsw30u_html_vc90_x64.dll 2019-12-06 00:27 - 2019-12-06 00:27 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\Guillermo\AppData\Local\Temp\_MEI24122\wxmsw30u_webview_vc90_x64.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Guillermo\Documents\2018-02-01 17.50.30.jpg:com.dropbox.attributes [778] AlternateDataStreams: C:\Users\Guillermo\Documents\2018-02-01 17.50.30.jpg:com.dropbox.attrs [58] AlternateDataStreams: C:\Users\Guillermo\Documents\2018-02-01 17.50.30.jpg:com.dropbox.internal [284] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20440832.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20440832.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-04-11 20:38 - 2018-04-11 20:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1651002052-1764723500-360319929-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 200.42.4.198 - 200.49.130.41 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "BbInstallUser" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "Nero BackItUp" HKLM\...\StartupApproved\Run32: => "DriveSpan" HKU\S-1-5-21-1651002052-1764723500-360319929-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1651002052-1764723500-360319929-1001\...\StartupApproved\Run: => "FreeAC" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{D5254E73-53E3-49E5-89B0-8578D273EC3F}C:\program files\rstudio\bin\x64\rsession.exe] => (Allow) C:\program files\rstudio\bin\x64\rsession.exe (RStudio, Inc.) [File not signed] FirewallRules: [TCP Query User{7E75B2D7-678D-4335-B55B-518D54AC1F80}C:\program files\rstudio\bin\x64\rsession.exe] => (Allow) C:\program files\rstudio\bin\x64\rsession.exe (RStudio, Inc.) [File not signed] FirewallRules: [UDP Query User{C1F9436F-A35C-430F-BE3B-91DCA76C4FCF}C:\users\guillermo\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\guillermo\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{554E50BE-898D-4232-ACD5-AE168490B958}C:\users\guillermo\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\guillermo\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{993BB3A5-A534-40FB-958D-B406518DED8E}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\stats.com (IBM -> IBM Corp.) [File not signed] FirewallRules: [{DA4C8929-E41D-4120-8069-82CB6B8BFF2B}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\stats.exe (IBM -> IBM Corp.) [File not signed] FirewallRules: [{531E7E8C-D1FD-438D-A8C3-2E48E22860FF}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\WinWrapIDE.exe (IBM -> IBM Corp.) [File not signed] FirewallRules: [{4AF8D8D5-CC73-4E65-95CC-5AE7DE0F1230}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\stats.com (IBM -> IBM Corp.) [File not signed] FirewallRules: [{B77A277C-8A53-496B-8D00-4E6055739C1E}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\WinWrapIDE.exe (IBM -> IBM Corp.) [File not signed] FirewallRules: [{155C2B41-64EC-4651-BF15-9A5B94313D99}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\24\stats.exe (IBM -> IBM Corp.) [File not signed] FirewallRules: [{2FE9AFF0-0D8C-48CB-972F-B83C5F77BBCA}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.) FirewallRules: [{AFABF74D-B587-44B1-868A-C21A6E8A7115}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.) FirewallRules: [UDP Query User{13F16139-0880-4827-A00D-1607133ED890}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [TCP Query User{7DE9E608-92C9-4564-AD89-9094B2EB107E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{A396439E-B9CE-4C59-8DEF-EB9E026AF715}C:\users\guillermo\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\guillermo\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{05350E37-8144-4F58-80B5-4C0294753720}C:\users\guillermo\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\guillermo\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{81173155-28F6-40E0-99D3-8F4B6AAA2B2A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{98CB03CB-CCEC-4390-80AE-F65160D3B783}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{E776CD86-1272-4C6B-9F58-D917290AF910}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe (Google LLC -> Google Inc.) FirewallRules: [{1DA896D1-5588-4A46-B257-0C86C0D03136}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{BDD9AD54-F6CD-48EA-84BB-387264DBF945}] => (Allow) C:\Program Files (x86)\Nero\Nero 2019\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG) FirewallRules: [{E0E26BAE-B702-417E-8E3A-9BF1AB4E4B83}] => (Allow) C:\Program Files (x86)\Nero\Nero 2019\Nero MediaHome\NMDllHost.exe (Nero AG -> Nero AG) FirewallRules: [{328E71BE-0E25-4F3C-84F9-1A6AB78D6068}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 22-11-2019 12:28:49 Punto de control programado 29-11-2019 12:07:35 Removed Nero 2019. 29-11-2019 14:13:36 JRT Pre-Junkware Removal 03-12-2019 17:48:29 JRT Pre-Junkware Removal 04-12-2019 01:38:15 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (12/06/2019 09:28:41 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (5264,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/06/2019 09:27:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Error de la activación de licencia (slui.exe) con el siguiente código: hr=0xC004F074 Argumentos de línea de comandos: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/06/2019 05:06:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Error de la activación de licencia (slui.exe) con el siguiente código: hr=0xC004F074 Argumentos de línea de comandos: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/06/2019 04:05:14 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3576,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/06/2019 03:20:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Error de la activación de licencia (slui.exe) con el siguiente código: hr=0xC004F074 Argumentos de línea de comandos: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/06/2019 02:16:20 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (7984,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/06/2019 02:10:55 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY) Description: El tamaño del búfer necesario es mayor que el tamaño del búfer que se llevó a la función Collect del archivo DLL del contador extensible "C:\Windows\System32\perfts.dll" del servicio "LSM". El tamaño del búfer indicado era 29304 y el tamaño necesario es 34696. Error: (12/06/2019 01:26:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Error de la activación de licencia (slui.exe) con el siguiente código: hr=0xC004F074 Argumentos de línea de comandos: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable System errors: ============= Error: (12/06/2019 12:52:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: Se ha bloqueado la descarga de este controlador Error: (12/06/2019 12:52:32 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\GUILLE~1\AppData\Local\Temp\ehdrv.sys Error: (12/06/2019 12:52:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: Se ha bloqueado la descarga de este controlador Error: (12/06/2019 12:52:31 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\GUILLE~1\AppData\Local\Temp\ehdrv.sys Error: (12/06/2019 12:52:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: Se ha bloqueado la descarga de este controlador Error: (12/06/2019 12:52:31 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\GUILLE~1\AppData\Local\Temp\ehdrv.sys Error: (12/06/2019 12:52:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: Se ha bloqueado la descarga de este controlador Error: (12/06/2019 12:52:31 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\GUILLE~1\AppData\Local\Temp\ehdrv.sys Windows Defender: =================================== Date: 2019-08-13 12:09:34.079 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para más información, consulta lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Hadsruda!bit&threatid=213971&enterprise=0 Nombre: Program:Win32/Hadsruda!bit Id.: 213971 Gravedad: Media Categoría: Software potencialmente no deseado Ruta de acceso: file:_C:\Users\Guillermo\Desktop\bluebeam.revu.extreme.2017.(17.0.10)-MPT.exe Origen de detección: Equipo local Tipo de detección: Concreto Origen de detección: Protección en tiempo real Usuario: GUILLERMO-PC\Guillermo Nombre de proceso: C:\Windows\explorer.exe Versión de inteligencia de seguridad: AV: 1.299.1823.0, AS: 1.299.1823.0, NIS: 1.299.1823.0 Versión de motor: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-12 12:15:49.467 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para más información, consulta lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Hadsruda!bit&threatid=213971&enterprise=0 Nombre: Program:Win32/Hadsruda!bit Id.: 213971 Gravedad: Media Categoría: Software potencialmente no deseado Ruta de acceso: file:_C:\Users\Guillermo\Desktop\.tmp.drivedownload\1630278.driveupload; file:_C:\Users\Guillermo\Desktop\.tmp.drivedownload\tmp4zzdpi.drivedownload; file:_C:\Users\Guillermo\Desktop\bluebeam.revu.extreme.2017.(17.0.10)-MPT.exe Origen de detección: Equipo local Tipo de detección: Concreto Origen de detección: Protección en tiempo real Usuario: GUILLERMO-PC\Guillermo Nombre de proceso: C:\Windows\explorer.exe Versión de inteligencia de seguridad: AV: 1.299.1813.0, AS: 1.299.1813.0, NIS: 1.299.1813.0 Versión de motor: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-12 12:15:46.107 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para más información, consulta lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Hadsruda!bit&threatid=213971&enterprise=0 Nombre: Program:Win32/Hadsruda!bit Id.: 213971 Gravedad: Media Categoría: Software potencialmente no deseado Ruta de acceso: file:_C:\Users\Guillermo\Desktop\.tmp.drivedownload\1630278.driveupload; file:_C:\Users\Guillermo\Desktop\.tmp.drivedownload\tmp4zzdpi.drivedownload Origen de detección: Equipo local Tipo de detección: Concreto Origen de detección: Protección en tiempo real Usuario: GUILLERMO-PC\Guillermo Nombre de proceso: C:\Program Files\Google\Drive\googledrivesync.exe Versión de inteligencia de seguridad: AV: 1.299.1813.0, AS: 1.299.1813.0, NIS: 1.299.1813.0 Versión de motor: AM: 1.1.16200.1, NIS: 1.1.16200.1 Date: 2019-08-12 12:15:46.053 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para más información, consulta lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Hadsruda!bit&threatid=213971&enterprise=0 Nombre: Program:Win32/Hadsruda!bit Id.: 213971 Gravedad: Media Categoría: Software potencialmente no deseado Ruta de acceso: file:_C:\Users\Guillermo\Desktop\.tmp.drivedownload\tmp4zzdpi.drivedownload Origen de detección: Equipo local Tipo de detección: Concreto Origen de detección: Protección en tiempo real Usuario: GUILLERMO-PC\Guillermo Nombre de proceso: C:\Program Files\Google\Drive\googledrivesync.exe Versión de inteligencia de seguridad: AV: 1.299.1813.0, AS: 1.299.1813.0, NIS: 1.299.1813.0 Versión de motor: AM: 1.1.16200.1, NIS: 1.1.16200.1 CodeIntegrity: =================================== Date: 2019-12-06 21:24:08.066 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-12-06 21:24:08.048 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements. Date: 2019-12-06 21:24:08.038 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-12-06 21:24:08.014 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements. Date: 2019-12-06 21:24:07.835 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-12-06 21:24:07.811 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements. Date: 2019-12-06 21:24:07.799 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-12-06 21:24:07.772 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: SAMSUNG ELECTRONICS CO.,LTD 06OV 10/22/2012 Motherboard: SAMSUNG ELECTRONICS CO.,LTD SAMSUNG_DT1234567890 Processor: Intel(R) Core(TM) i5-2390T CPU @ 2.70GHz Percentage of memory in use: 80% Total physical RAM: 6089.97 MB Available physical RAM: 1171.5 MB Total Virtual: 11209.97 MB Available Virtual: 4747.77 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:442.62 GB) (Free:312.62 GB) NTFS Drive d: (My Passport) (Fixed) (Total:298.02 GB) (Free:81.64 GB) FAT32 Drive e: (Datos) (Fixed) (Total:488.28 GB) (Free:366.58 GB) NTFS \\?\Volume{5a9c3286-0000-0000-0000-100000000000}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{5a9c3286-0000-0000-0000-10ae6e000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 5A9C3286) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=442.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=522 MB) - (Type=27) Partition 4: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (Size: 298.1 GB) (Disk ID: 5B6AC646) Partition 1: (Not Active) - (Size=298.1 GB) - (Type=0C) ==================== End of Addition.txt =======================