Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-12-2019 01 Ran by Edwin (24-12-2019 09:19:38) Running from C:\Users\Edwin\AppData\Local\Temp\scoped_dir9032_382537280 Windows 10 Home Version 1703 15063.1387 (X64) (2019-07-07 16:31:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1084882763-4263514591-1534289575-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1084882763-4263514591-1534289575-503 - Limited - Disabled) Edwin (S-1-5-21-1084882763-4263514591-1534289575-1001 - Administrator - Enabled) => C:\Users\Edwin Invitado (S-1-5-21-1084882763-4263514591-1534289575-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: 360 Total Security (Enabled - Up to date) {2ACC6E6C-C52C-B3B4-DA13-A43E20B1E26D} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: 360 Total Security (Enabled - Up to date) {91AD8F88-E316-BC3A-E0A3-9F4C5B36A8D0} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 10.6.0.1133 - 360 Security Center) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe) Adobe Shockwave Player 12.2 (HKLM-x32\...\{A2116AF9-FA9D-41EA-9874-1E40B227D4DE}) (Version: 12.2.5.195 - Adobe Systems, Inc) Age of Empires II HD (c) Microsoft Studios version 1 (HKLM-x32\...\QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1) (Version: 1 - ) Age of Mythology + The Titans (HKLM-x32\...\Age of Mythology + The Titans Expansion_is1) (Version: - ) Age of Mythology: Extended Edition (HKLM-x32\...\QWdlb2ZNeXRob2xvZ3lFeHRlbmRlZEVkaXRpb24=_is1) (Version: 1 - ) CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform) CyberLink YouCam 6 (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2326.0 - CyberLink Corp.) EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.3.1.606 - Foxit Corporation) GameRanger (HKU\S-1-5-21-1084882763-4263514591-1534289575-1001\...\GameRanger) (Version: - GameRanger Technologies) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Intel® Processor Identification Utility (HKU\S-1-5-21-1084882763-4263514591-1534289575-1001\...\Utilidad Intel® para identificación de procesadores 6.1.0731) (Version: 6.1.0731 - Intel Corporation) Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation) Java 8 Update 102 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180102F0}) (Version: 8.0.1020.14 - Oracle Corporation) K-Lite Mega Codec Pack 10.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.2.0 - ) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Mendeley Desktop 1.19.4 (HKLM-x32\...\Mendeley Desktop) (Version: 1.19.4 - Mendeley Ltd.) Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1084882763-4263514591-1534289575-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{82f2609e-68ba-408d-963f-530ad8809435}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{577ff5ba-39aa-4d8c-a3a9-f95012763438}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24406 (HKLM-x32\...\{7c8a1675-0fe9-41fd-a2ed-aa4871816197}) (Version: 14.0.24406.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24406 (HKLM-x32\...\{b5e24db9-876e-4af2-ac7f-00d0e8bc162c}) (Version: 14.0.24406.0 - Microsoft Corporation) MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios) Opera Stable 65.0.3467.78 (HKU\S-1-5-21-1084882763-4263514591-1534289575-1001\...\Opera 65.0.3467.78) (Version: 65.0.3467.78 - Opera Software) Oracle VM VirtualBox 6.1.0 (HKLM\...\{B9B53CFE-C4E3-47FB-9BC0-8022F0AB6814}) (Version: 6.1.0 - Oracle Corporation) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1220 - SUPERAntiSpyware.com) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{2E8B8BDD-03DF-4C1C-8C99-E6A4BCBF43CE}) (Version: 2.51.0.0 - Microsoft Corporation) UsbFix (HKLM-x32\...\Usbfix) (Version: 8.247 - El Desaparecido - www.usb-antivirus.com - www.sosvirus.net) Utilidad Intel® para identificación de procesadores (HKLM-x32\...\{990439B4-E0AD-4088-8A34-34CA0E27B4AE}) (Version: 6.1.0731 - Intel Corporation) Hidden WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare) Packages: ========= Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.) Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.4.4.0_x86__kgqvnymyfvs32 [2019-12-11] (king.com) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.154.400.0_x86__kgqvnymyfvs32 [2019-12-11] (king.com) Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20116.0_x64__8wekyb3d8bbwe [2019-07-09] (Microsoft Corporation) [MS Ad] March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.5.1.3_x86__h6adky7gbf63m [2019-12-17] (Gameloft.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-09] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-09] (Microsoft Corporation) [MS Ad] Microsoft Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-07-09] (Microsoft Studios) [MS Ad] MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad] Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.16.0_x64__nfy108tqq3p12 [2019-09-26] (Thumbmunkeys Ltd) [MS Ad] Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2019-07-09] (Plex) WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2019-07-09] (WinZip Computing) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2019-06-20] (QIHU 360 SOFTWARE CO. LIMITED -> ) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers4: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2019-06-20] (QIHU 360 SOFTWARE CO. LIMITED -> ) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_8a9535cd18c90bc3\igfxDTCM.dll [2018-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2019-06-20] (QIHU 360 SOFTWARE CO. LIMITED -> ) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3554304 2013-03-17] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [258560 2011-06-24] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3649536 2013-03-17] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2013-12-20] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Edwin\Desktop\mikanet - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\Edwin\Desktop\panda - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Edwin\Desktop\Venus - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\Edwin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Persona 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============= 2019-12-13 16:01 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2019-12-13 16:01 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2019-07-07 12:05 - 2019-07-07 12:05 - 001093632 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6229_none_cbee8c4a4710d003\MFC80U.DLL 2019-12-13 16:01 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice => HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\UserChoice => HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\UserChoice => HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\UserChoice => HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\UserChoice => HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice => HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\UserChoice => ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 16:03 - 2019-10-19 10:07 - 000004972 _____ C:\Windows\system32\drivers\etc\hosts 0.0.0.0 a.ads1.msn.com 0.0.0.0 a.ads2.msads.net 0.0.0.0 a.ads2.msn.com 0.0.0.0 a.rad.msn.com 0.0.0.0 a-0001.a-msedge.net 0.0.0.0 a-0002.a-msedge.net 0.0.0.0 a-0003.a-msedge.net 0.0.0.0 a-0004.a-msedge.net 0.0.0.0 a-0005.a-msedge.net 0.0.0.0 a-0006.a-msedge.net 0.0.0.0 a-0007.a-msedge.net 0.0.0.0 a-0008.a-msedge.net 0.0.0.0 a-0009.a-msedge.net 0.0.0.0 ac3.msn.com 0.0.0.0 ad.doubleclick.net 0.0.0.0 adnexus.net 0.0.0.0 adnxs.com 0.0.0.0 ads.msn.com 0.0.0.0 ads1.msads.net 0.0.0.0 ads1.msn.com 0.0.0.0 aidps.atdmt.com 0.0.0.0 aka-cdn-ns.adtech.de 0.0.0.0 a-msedge.net 0.0.0.0 apps.skype.com 0.0.0.0 az361816.vo.msecnd.net 0.0.0.0 az512334.vo.msecnd.net 0.0.0.0 b.ads1.msn.com 0.0.0.0 b.ads2.msads.net 0.0.0.0 b.rad.msn.com 0.0.0.0 bs.serving-sys.com There are 93 more lines. ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ HKU\S-1-5-21-1084882763-4263514591-1534289575-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Edwin\Desktop\thumb-1920-1003880.png DNS Servers: 200.48.225.146 - 200.48.225.130 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. Network Binding: ============= Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{AE598D2D-F3DC-4840-A8D3-783220CA5C60}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{EEC475D3-163B-42D8-B332-E34447EA94C9}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{97977F6C-F652-4D89-894C-ADF4FF690117}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FE0FE3F8-73D7-4D38-A0A1-37D5837CE732}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{73A41FC4-7A80-4A40-9C63-02529BA0372B}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{266E3E26-85F9-4AEF-8573-E9F510BB5323}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) FirewallRules: [{FAFA13A5-88CD-4E2E-A09D-F9F726A232B8}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) FirewallRules: [{1C2A9A70-D4E2-4112-9C46-603B9EE29675}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.) FirewallRules: [{F13F680A-048F-4C06-AE2A-42B8121BF844}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe (QIHU 360 SOFTWARE CO. LIMITED -> Qihoo 360 Technology Co. Ltd.) FirewallRules: [{8408A931-8777-4FD5-979C-188D3DE5E876}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) FirewallRules: [{12479F5B-F364-43A7-9351-29E4018C8C0E}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) FirewallRules: [{C3BBC444-79A4-413E-8CF7-DCE22582FB7A}] => (Allow) LPort=1688 FirewallRules: [{31685EF2-E1C8-454D-AE53-C71838B9DAC7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{7FB1170F-0C2F-446F-95FE-47F054B6652C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{98E68193-996A-472D-A930-BBE04CCBAD43}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{C5D9B2F5-6C0B-4E4F-B12C-EB21FF1300C6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{6046C4EF-4A97-44B8-B78B-C345A1F0966C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{543BA8E9-6290-40F1-BCC5-92E47E6F84DF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{50809AB7-4A5B-4069-B82F-353DC3C0A55D}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File FirewallRules: [{160A28E5-8D83-4D4C-8A8E-D552B0DB2374}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) FirewallRules: [{BABA9735-351B-454C-88FE-3A43C30C9BA4}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) FirewallRules: [{7A3707B8-F104-42F1-A85E-0ECAB1BA29F8}] => (Allow) C:\Users\Edwin\AppData\Local\Programs\Opera\65.0.3467.72\opera.exe No File FirewallRules: [{6EA012C3-7B46-40E0-A4B0-AC91CF066CEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{8613C4DA-5787-49D7-973C-2C1448588127}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{04D73CB9-B83C-491E-8221-C21D60CB2B44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{22F4F350-4ED1-4DF2-BC87-D6DF3288F8B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [TCP Query User{3A5C7779-0B3F-4CE4-BA55-AD9E4478728E}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [UDP Query User{8866C5BF-2DC6-4DC8-A592-B803F334C296}C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [TCP Query User{740E9D75-CE45-4518-A6D4-496049843F1F}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.) FirewallRules: [UDP Query User{DE658A33-CA7D-40FB-9AD0-73B4D775D5EA}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe (Hi-Rez Studios, Inc. -> Hirez Studios, Inc.) FirewallRules: [{F97E6588-4BBC-4911-AE10-5E4136FF4C17}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{AFE40EE4-8690-42FC-9FD1-4FD5A42772A8}] => (Allow) C:\Users\Edwin\AppData\Local\Programs\Opera\65.0.3467.78\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [TCP Query User{43C61DBF-6CCE-42D5-A4EF-FA6F823672AE}C:\users\edwin\desktop\left 4 dead\left 4 dead\left4dead.exe] => (Allow) C:\users\edwin\desktop\left 4 dead\left 4 dead\left4dead.exe No File FirewallRules: [UDP Query User{51FE87AA-E4CD-4097-92CF-C6D4AE367584}C:\users\edwin\desktop\left 4 dead\left 4 dead\left4dead.exe] => (Allow) C:\users\edwin\desktop\left 4 dead\left 4 dead\left4dead.exe No File FirewallRules: [{827C8A24-C114-4D8A-9712-A18C6084BA9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead Dedicated Server\srcds.exe (Valve -> ) FirewallRules: [{9E0A45D4-0894-43F7-938F-A33BB0CCFE72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead Dedicated Server\srcds.exe (Valve -> ) FirewallRules: [TCP Query User{C3725A7F-D8D8-4701-A5BC-793C5BFAA01D}C:\left 4 dead\left 4 dead\left4dead.exe] => (Allow) C:\left 4 dead\left 4 dead\left4dead.exe () [File not signed] FirewallRules: [UDP Query User{FFF13BD5-B5BF-4CF2-8A2C-602FF0E25D9B}C:\left 4 dead\left 4 dead\left4dead.exe] => (Allow) C:\left 4 dead\left 4 dead\left4dead.exe () [File not signed] FirewallRules: [TCP Query User{CA0A5A86-81DB-4E31-869D-EE60AFC6F478}C:\users\edwin\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Block) C:\users\edwin\appdata\roaming\gameranger\gameranger\gameranger.exe (GameRanger Technologies -> GameRanger Pty Ltd) FirewallRules: [UDP Query User{04FA5E27-C9ED-4475-A67A-634072017429}C:\users\edwin\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Block) C:\users\edwin\appdata\roaming\gameranger\gameranger\gameranger.exe (GameRanger Technologies -> GameRanger Pty Ltd) FirewallRules: [{5E6219A9-062E-4865-83B9-D6CAB0AD36BF}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) FirewallRules: [{7C94873C-3CEB-4EE8-B67C-F37CF01B8A12}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) ==================== Restore Points ========================= 21-12-2019 08:58:49 Installed Oracle VM VirtualBox 6.1.0 23-12-2019 19:19:26 ZHPcleaner ==================== Faulty Device Manager Devices ============ Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ======================== Application errors: ================== Error: (12/24/2019 07:08:40 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Error de la activación de licencia (slui.exe) con el siguiente código: hr=0x8007232B Argumentos de línea de comandos: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/23/2019 07:33:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Error de la activación de licencia (slui.exe) con el siguiente código: hr=0x8007232B Argumentos de línea de comandos: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/23/2019 07:33:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Error de la activación de licencia (slui.exe) con el siguiente código: hr=0x8007232B Argumentos de línea de comandos: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (12/23/2019 06:51:32 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: Error del procedimiento de apertura para el servicio "BITS" en el archivo DLL "C:\Windows\System32\bitsperf.dll". Los datos de rendimiento para este servicio no estarán disponibles. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error. Error: (12/23/2019 06:47:53 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Error de la activación de licencia (slui.exe) con el siguiente código: hr=0x8007232B Argumentos de línea de comandos: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/23/2019 06:47:36 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Error de la activación de licencia (slui.exe) con el siguiente código: hr=0x8007232B Argumentos de línea de comandos: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (12/23/2019 04:46:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-6PTSECI) Description: No se pudo activar la aplicación Microsoft.Windows.Photos_8wekyb3d8bbwe!App debido al error: -2147023170. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información. Error: (12/23/2019 04:42:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-6PTSECI) Description: Se detuvo el paquete Microsoft.Windows.Photos_2019.18112.20220.0_x64__8wekyb3d8bbwe+App porque se tardó demasiado en suspender. System errors: ============= Error: (12/24/2019 07:09:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} y APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (12/24/2019 07:05:22 AM) (Source: TPM) (EventID: 15) (User: ) Description: El controlador de dispositivo para el Módulo de plataforma segura (TPM) encontró en el hardware de TPM un error irrecuperable que impide que se usen los servicios de TPM (como el cifrado de datos). Para obtener más ayuda, póngase en contacto con el fabricante del equipo. Error: (12/24/2019 02:27:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} y APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (12/23/2019 07:35:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: El servicio Optimización de entrega no respondió después de iniciar. Error: (12/23/2019 07:31:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} y APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (12/23/2019 07:31:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} y APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (12/23/2019 07:31:28 PM) (Source: VBoxNetLwf) (EventID: 12) (User: ) Description: El controlador detectó un error interno del controlador en \Device\VBoxNetLwf. Error: (12/23/2019 07:31:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio KMSEmulator no pudo iniciarse debido al siguiente error: El sistema no puede encontrar el archivo especificado. Windows Defender: =================================== Date: 2019-07-07 12:11:10.069 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Nombre: HackTool:Win32/AutoKMS Id.: 2147685180 Gravedad: Media Categoría: Herramienta Ruta de acceso: file:_C:\ProgramData\KMSAutoS\bin.dat;file:_C:\ProgramData\KMSAutoS\bin\KMSSS.exe;file:_C:\ProgramData\KMSAutoS\KMSAuto Net.exe;file:_C:\ProgramData\KMSAuto\bin.dat;file:_C:\ProgramData\KMSAuto\bin\KMSSS.exe;file:_C:\ProgramData\KMSAuto\KMSAuto Net.exe;file:_C:\Users\Edwin\AppData\Local\Temp\Rar$EXa0.590\KMSAuto Net 2015 v1.3.9 Portable\KMSAuto Net.exe;process:_pid:5216,ProcessStart:132069930694570344;process:_pid:7032,ProcessStart:132069930286390816 Origen de detección: Equipo local Tipo de detección: Concreto Fuente de detección: Protección en tiempo real Usuario: DESKTOP-6PTSECI\Edwin Nombre de proceso: C:\ProgramData\KMSAuto\bin\KMSSS.exe Versión de firma: AV: 1.237.0.0, AS: 1.237.0.0, NIS: 116.1.0.0 Versión de motor: AM: 1.1.13504.0, NIS: 2.1.12706.0 Date: 2019-07-07 12:11:10.002 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Nombre: HackTool:Win32/AutoKMS Id.: 2147685180 Gravedad: Media Categoría: Herramienta Ruta de acceso: file:_C:\ProgramData\KMSAutoS\bin.dat;file:_C:\ProgramData\KMSAutoS\bin\KMSSS.exe;file:_C:\ProgramData\KMSAutoS\KMSAuto Net.exe;file:_C:\ProgramData\KMSAuto\bin.dat;file:_C:\ProgramData\KMSAuto\bin\KMSSS.exe;file:_C:\ProgramData\KMSAuto\KMSAuto Net.exe;file:_C:\Users\Edwin\AppData\Local\Temp\Rar$EXa0.590\KMSAuto Net 2015 v1.3.9 Portable\KMSAuto Net.exe;process:_pid:7032,ProcessStart:132069930286390816 Origen de detección: Equipo local Tipo de detección: Concreto Fuente de detección: Protección en tiempo real Usuario: DESKTOP-6PTSECI\Edwin Nombre de proceso: C:\Users\Edwin\AppData\Local\Temp\Rar$EXa0.590\KMSAuto Net 2015 v1.3.9 Portable\KMSAuto Net.exe Versión de firma: AV: 1.237.0.0, AS: 1.237.0.0, NIS: 116.1.0.0 Versión de motor: AM: 1.1.13504.0, NIS: 2.1.12706.0 Date: 2019-07-07 12:11:08.483 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Nombre: HackTool:Win32/AutoKMS Id.: 2147685180 Gravedad: Media Categoría: Herramienta Ruta de acceso: file:_C:\ProgramData\KMSAutoS\bin.dat;file:_C:\ProgramData\KMSAutoS\bin\KMSSS.exe;file:_C:\ProgramData\KMSAutoS\KMSAuto Net.exe;file:_C:\ProgramData\KMSAuto\bin.dat;file:_C:\ProgramData\KMSAuto\bin\KMSSS.exe;file:_C:\ProgramData\KMSAuto\KMSAuto Net.exe;file:_C:\Users\Edwin\AppData\Local\Temp\Rar$EXa0.590\KMSAuto Net 2015 v1.3.9 Portable\KMSAuto Net.exe;process:_pid:7032,ProcessStart:132069930286390816 Origen de detección: Equipo local Tipo de detección: Concreto Fuente de detección: Protección en tiempo real Usuario: DESKTOP-6PTSECI\Edwin Nombre de proceso: C:\Users\Edwin\AppData\Local\Temp\Rar$EXa0.590\KMSAuto Net 2015 v1.3.9 Portable\KMSAuto Net.exe Versión de firma: AV: 1.237.0.0, AS: 1.237.0.0, NIS: 116.1.0.0 Versión de motor: AM: 1.1.13504.0, NIS: 2.1.12706.0 Date: 2019-07-07 12:11:06.635 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Nombre: HackTool:Win32/AutoKMS Id.: 2147685180 Gravedad: Media Categoría: Herramienta Ruta de acceso: file:_C:\ProgramData\KMSAutoS\bin.dat;file:_C:\ProgramData\KMSAutoS\bin\KMSSS.exe;file:_C:\ProgramData\KMSAutoS\KMSAuto Net.exe;file:_C:\ProgramData\KMSAuto\bin.dat;file:_C:\ProgramData\KMSAuto\bin\KMSSS.exe;file:_C:\ProgramData\KMSAuto\KMSAuto Net.exe;file:_C:\Users\Edwin\AppData\Local\Temp\Rar$EXa0.590\KMSAuto Net 2015 v1.3.9 Portable\KMSAuto Net.exe;process:_pid:7032,ProcessStart:132069930286390816 Origen de detección: Equipo local Tipo de detección: Concreto Fuente de detección: Protección en tiempo real Usuario: DESKTOP-6PTSECI\Edwin Nombre de proceso: C:\ProgramData\KMSAuto\bin.dat Versión de firma: AV: 1.237.0.0, AS: 1.237.0.0, NIS: 116.1.0.0 Versión de motor: AM: 1.1.13504.0, NIS: 2.1.12706.0 Date: 2019-07-07 12:11:05.459 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Nombre: HackTool:Win32/AutoKMS Id.: 2147685180 Gravedad: Media Categoría: Herramienta Ruta de acceso: file:_C:\ProgramData\KMSAutoS\bin.dat;file:_C:\ProgramData\KMSAutoS\bin\KMSSS.exe;file:_C:\ProgramData\KMSAutoS\KMSAuto Net.exe;file:_C:\ProgramData\KMSAuto\bin.dat;file:_C:\ProgramData\KMSAuto\bin\KMSSS.exe;file:_C:\ProgramData\KMSAuto\KMSAuto Net.exe;file:_C:\Users\Edwin\AppData\Local\Temp\Rar$EXa0.590\KMSAuto Net 2015 v1.3.9 Portable\KMSAuto Net.exe;process:_pid:7032,ProcessStart:132069930286390816 Origen de detección: Equipo local Tipo de detección: Concreto Fuente de detección: Protección en tiempo real Usuario: DESKTOP-6PTSECI\Edwin Nombre de proceso: C:\Windows\System32\cmd.exe Versión de firma: AV: 1.237.0.0, AS: 1.237.0.0, NIS: 116.1.0.0 Versión de motor: AM: 1.1.13504.0, NIS: 2.1.12706.0 CodeIntegrity: =================================== Date: 2019-12-23 19:42:21.216 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-23 19:42:21.125 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-23 19:42:21.041 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-23 19:42:20.640 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-23 19:42:20.612 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-23 19:42:20.521 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-23 19:42:20.372 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-23 19:42:10.959 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: LENOVO 3JCN19WW 08/10/2016 Motherboard: LENOVO Torronto 5C2 Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz Percentage of memory in use: 61% Total physical RAM: 8092.22 MB Available physical RAM: 3133.9 MB Total Virtual: 18844.22 MB Available Virtual: 12993.65 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.02 GB) (Free:735.63 GB) NTFS \\?\Volume{aaddb1ba-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.49 GB) (Free:0.12 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: AADDB1BA) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================