Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2019 Ran by Raudel (12-09-2019 21:55:57) Running from C:\Users\Raudel\Desktop Windows 10 Pro Version 1809 17763.737 (X64) (2019-05-12 02:40:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1258500712-2013476395-2823826765-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1258500712-2013476395-2823826765-503 - Limited - Disabled) Invitado (S-1-5-21-1258500712-2013476395-2823826765-501 - Limited - Disabled) narda (S-1-5-21-1258500712-2013476395-2823826765-1002 - Limited - Disabled) Raudel (S-1-5-21-1258500712-2013476395-2823826765-1003 - Administrator - Enabled) => C:\Users\Raudel WDAGUtilityAccount (S-1-5-21-1258500712-2013476395-2823826765-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG Antivirus (Disabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Antivirus (Disabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (HKLM\...\{3138F992-045B-4F55-825C-53B231E647CA}) (Version: 13.2.1 - Hewlett-Packard) Hidden Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.255 - Adobe) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.) Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team) Amazon Kindle (HKU\S-1-5-21-1258500712-2013476395-2823826765-1003\...\Amazon Kindle) (Version: 1.26.0.55076 - Amazon) Amazon Kindle (HKU\S-1-5-21-1258500712-2013476395-2823826765-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122019151833509\...\Amazon Kindle) (Version: 1.26.0.55076 - Amazon) Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.) Aplicación Blizzard (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) aSc TimeTables (HKLM-x32\...\aScTimeTables) (Version: 2019 - aSc Applied Software Consultants s.r.o) AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.7.3103 - AVG Technologies) Backup and Sync from Google (HKLM\...\{768C0072-2FD2-4934-9824-B2A1E81AEA5D}) (Version: 3.45.5545.5747 - Google, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) calibre 64bit (HKLM\...\{47DF5665-4C7E-46A0-8993-B147CE0E5A36}) (Version: 3.29.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform) CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) CodeTwo QR Code Desktop Reader (HKLM-x32\...\{D3A1FD3E-B0A9-46ED-89E9-D94EE0C3C9B6}) (Version: 1.0.1.5 - CodeTwo) CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.6603 - CyberLink Corp.) CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.) CyberLink PowerProducer 6 (HKLM-x32\...\InstallShield_{D7EACFE3-BC6A-48bb-B28C-4DBF318225E3}) (Version: 6.0.2406.0 - CyberLink Corp.) DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden Discord (HKU\S-1-5-21-1258500712-2013476395-2823826765-1003\...\Discord) (Version: 0.0.305 - Discord Inc.) Discord (HKU\S-1-5-21-1258500712-2013476395-2823826765-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122019151833509\...\Discord) (Version: 0.0.305 - Discord Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 80.4.126 - Dropbox, Inc.) Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.62.000 - SEIKO EPSON CORPORATION) Evernote v. 6.18.4 (HKLM-x32\...\{3E390FB8-703D-11E9-A27F-005056951CAD}) (Version: 6.18.4.8489 - Evernote Corp.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.6.0.25114 - Foxit Software Inc.) Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.3 - Ellora Assets Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.1 - Google LLC) Hidden Hard Disk Low Level Format Tool 4.40 (HKLM-x32\...\Hard Disk Low Level Format Tool_is1) (Version: - HDDGURU) HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company) HP LaserJet 400 M401 (HKLM-x32\...\{8989F6D9-550C-4178-A8CB-75B82A06621F}) (Version: - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8305.5282 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.8.24.33 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{21925AE1-929D-4222-B38B-80BC30BBE09C}) (Version: 12.12.32.3 - HP) HP System Event Utility (HKLM-x32\...\{1A13FE59-6F7E-44DC-9AA7-2D7B9E08C2D4}) (Version: 1.4.6 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard) HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard Company) hpbDSService (HKLM-x32\...\{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}) (Version: 002.002.07399 - Hewlett-Packard) Hidden hpbM401DSService (HKLM-x32\...\{82A58AA3-13AB-47FE-B519-82A7138050B1}) (Version: 001.001.05874 - Hewlett-Packard) Hidden HPDXP (HKLM-x32\...\{1A6A0DEA-3860-48DE-93C5-F5EDA8E521CA}) (Version: 3.0.26.1 - HP) Hidden HPLaserJet400-M401_HelpLearnCenter_SI (HKLM-x32\...\{4989DD05-86FB-4CA2-96C5-923DFAD89DA3}) (Version: 1.01.0000 - Hewlett-Packard) HPLJDXPHelper (HKLM-x32\...\{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}) (Version: 020.021.004 - HP) Hidden HPLJUTCore (HKLM-x32\...\{568C5D3E-5B79-47EC-A34B-8D7C8AEF1F8F}) (Version: 3.00.0003 - HP) Hidden HPLJUTM401 (HKLM-x32\...\{981EEE60-0CF6-48EB-923D-94A9D0F2B817}) (Version: 3.00.0003 - HP) Hidden hppLaserJetService (HKLM-x32\...\{028BF8B5-9143-4A68-84F3-A1A6D2E17889}) (Version: 009.022.00816 - Hewlett-Packard) Hidden hppM401LaserJetService (HKLM-x32\...\{B1F80E92-B702-4E7A-91A1-D7987F9C83EC}) (Version: 001.015.00029 - Hewlett-Packard) hpStatusAlerts (HKLM-x32\...\{7C960641-0A27-45C6-96F8-BE4E04A4CC2C}) (Version: 030.027.1140 - Hewlett Packard) Hidden hpStatusAlertsM401 (HKLM-x32\...\{71677768-D5DA-4785-8A44-2DFFE33CF70A}) (Version: 030.025.01810 - Hewlett-Packard) Hidden Image Resizer for Windows (64 bit) (HKLM\...\{617CA6E9-D5FB-4017-8130-82E68C56C34D}) (Version: 3.0.4802.35565 - Brice Lambson) Hidden Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson) Intel Extreme Tuning Utility (HKLM-x32\...\{4E53939F-5A1D-4D2D-9173-D0C7D0D0F87E}) (Version: 6.0.2.8 - Intel Corporation) Hidden Intel Extreme Tuning Utility (HKLM-x32\...\{e3931098-f44a-4c70-bf9c-f48d24bdd066}) (Version: 6.0.2.8 - Intel Corporation) Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.150 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4542 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation) Intel® Hardware Accelerated Execution Manager (HKLM\...\{6F73FF93-0B55-4194-AE45-C19DA1F33E97}) (Version: 6.0.3 - Intel Corporation) Intel® Software Guard Extensions Platform Software (HKLM\...\{10307C17-F7FD-405D-9F3B-0BF66EA43857}) (Version: 1.0.26920.1393 - Intel Corporation) Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation) Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation) Kodi (HKU\S-1-5-21-1258500712-2013476395-2823826765-1003\...\Kodi) (Version: - XBMC Foundation) Kodi (HKU\S-1-5-21-1258500712-2013476395-2823826765-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122019151833509\...\Kodi) (Version: - XBMC Foundation) LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.14.1 - LG Electronics) LGUP 8994 DLL (HKLM-x32\...\{4504D6ED-2584-4CCA-9B24-3B09277473DF}) (Version: 0.0.3.23 - LG Electronics) LGUP for Store (HKLM-x32\...\{27FDA0D1-5BEA-427A-913C-FF050C211674}) (Version: 1.14.3 - LG Electronics) Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains) LJDXPHelperUI (HKLM-x32\...\{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}) (Version: 020.021.004 - HP) Hidden Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) MEGA Link Downloader version 2.8.9 (HKLM-x32\...\{FF96FE94-6FCA-4026-BA7C-C86171F621DA}_is1) (Version: 2.8.9 - Shinchiro) Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.11929.20254 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1258500712-2013476395-2823826765-1003\...\OneDriveSetup.exe) (Version: 19.152.0801.0007 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1258500712-2013476395-2823826765-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122019151833509\...\OneDriveSetup.exe) (Version: 19.152.0801.0007 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation) Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility) Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC) Movie Studio Platinum 13.0 - Steam Powered (64-bit) (HKLM\...\{7870FDC0-8BF8-11E6-B436-F7EA595EA544}) (Version: 13.0.982 - VEGAS) Mozilla Firefox 69.0 (x64 es-MX) (HKLM\...\Mozilla Firefox 69.0 (x64 es-MX)) (Version: 69.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 69.0.0.7178 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MTG Arena (HKLM-x32\...\{F9E2B50D-94CC-4A20-A6E4-040198824E4A}) (Version: 0.1.909.0 - Wizards of the Coast) Hidden MTG Arena (HKLM-x32\...\MTG Arena 0.1.909.0) (Version: 0.1.909.0 - Wizards of the Coast) MuMu App Player (HKLM-x32\...\Nemu) (Version: 2.0.23.1 - Netease) NetSetMan 4.7.1 (HKLM-x32\...\NetSetMan_is1) (Version: 4.7.1 - NetSetMan GmbH) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20254 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20254 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.11929.20254 - Microsoft Corporation) Hidden Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.) PornTime (HKLM-x32\...\{6450E6AC-0E02-4E24-A13E-EE7DC5F1CFAF}_is1) (Version: 0.3.8.8 - PornTime) R2-D2 (HKLM-x32\...\{79B6AF86-4BE0-47CB-8A69-23607D467597}) (Version: 1.0.9 - Hewlett-Packard Company) REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.42 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.103 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7584 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.) RegSeeker (HKLM-x32\...\RegSeeker) (Version: 3.01.3680 - HoverDesk) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.) SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit Technologies Co.Ltd) SketchUp 2016 (HKLM\...\{9BAF512C-7517-4527-A323-4B006ACD1E65}) (Version: 16.1.1449 - Trimble Navigation Limited) Star Wars Command Center (HKLM-x32\...\{71479071-1DD0-4A66-B5A2-C3F1517AA424}) (Version: 1.0.30 - Hewlett-Packard Company) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated) TunnelBear (HKLM-x32\...\{0d6e112b-ecd9-4b6a-92ed-6e708fb7de2f}) (Version: 3.6.3.0 - TunnelBear) TunnelBear (HKLM-x32\...\{95EAEB10-FF80-47E1-BAF7-4B46C4D6A46C}) (Version: 3.6.3.0 - TunnelBear) Hidden Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.) WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH) Packages: ========= Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-08] (Microsoft Corporation) [MS Ad] Deezer Music -> C:\Program Files\WindowsApps\Deezer.62021768415AF_4.15.2.0_x86__q7m17pa7q8kj0 [2019-09-02] (Deezer SA) Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2191.46880.0_x86__8xx8rvfyw5nnt [2019-05-11] (Facebook Inc) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-07-25] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad] Microsoft Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-08-27] (Microsoft Studios) [MS Ad] MSN Deportes -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-25] (Microsoft Corporation) [MS Ad] MSN Dinero -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-25] (Microsoft Corporation) [MS Ad] MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.478.0_x64__mcm4njqhnhss8 [2019-07-25] (Netflix, Inc.) Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2017-01-30] (Samsung Electronics Co. Ltd.) TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2016-11-18] (TripAdvisor LLC) Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2019-05-11] (Twitter Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1258500712-2013476395-2823826765-1003_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated) CustomCLSID: HKU\S-1-5-21-1258500712-2013476395-2823826765-1003_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Raudel\Dropbox [2016-02-16 22:46] ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google) ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\warma\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () [File not signed] ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\warma\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () [File not signed] ContextMenuHandlers1-x32: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\warma\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () [File not signed] ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-09-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google) ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2013-02-23] (Brice Lambson) [File not signed] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4-x32: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\warma\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () [File not signed] ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxDTCM.dll [2017-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-09-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Raudel\Desktop\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --show-app-list ShortcutWithArgument: C:\Users\Raudel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --show-app-list ShortcutWithArgument: C:\Users\Raudel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Booktrack Studio.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=kidknbkmfcapkiepmhchinffchkjglog ShortcutWithArgument: C:\Users\Raudel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Fair AdBlocker App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=dcnofaichneijfbkdkghmhjjbepjmble ShortcutWithArgument: C:\Users\Raudel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Lucidchart Diagramas - Escritorio.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=djejicklhojeokkfmdelnempiecmdomj ShortcutWithArgument: C:\Users\Raudel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Readium.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=fepbnnnkkadjhjahcafoaglimekefifl ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Linio.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=none&locale=es_pe&pf=all&s=Linio&tp=dticon ==================== Loaded Modules (Whitelisted) ============== 2014-04-07 08:31 - 2014-04-07 08:31 - 000172032 _____ () [File not signed] C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll 2018-09-11 23:15 - 2018-09-11 23:15 - 000167424 _____ () [File not signed] C:\Program Files (x86)\TunnelBear\TunnelBear.VigilantBear.Wrapper.dll 2019-09-12 19:31 - 2019-09-12 19:31 - 000113664 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\_ctypes.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000173568 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\_elementtree.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 001800192 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\_hashlib.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000032256 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\_multiprocessing.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000046080 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\_psutil_windows.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000047616 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\_socket.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 002230784 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\_ssl.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000026112 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\_yappi.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000080896 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\bz2.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 006277632 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\cello.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000014848 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\common.time34.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000007680 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\hashobjs_ext.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000301568 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\PIL._imaging.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000169472 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\pyexpat.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 001084416 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\pysqlite2._sqlite.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000548864 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\pythoncom27.dll 2019-09-12 19:31 - 2019-09-12 19:31 - 000137728 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\pywintypes27.dll 2019-09-12 19:31 - 2019-09-12 19:31 - 000010752 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\select.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000020992 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\thumbnails_ext.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000689664 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\unicodedata.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000118784 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\usb_ext.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000128512 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\win32api.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000438784 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\win32com.shell.shell.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000011776 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\win32crypt.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000023040 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\win32event.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000149504 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\win32file.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000223232 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\win32gui.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000048128 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\win32inet.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000029696 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\win32pdh.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000027648 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\win32pipe.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000044032 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\win32process.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000020480 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\win32profile.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000136192 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\win32security.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000026624 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\win32ts.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000034304 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\windows.conditional.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000038400 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\windows.connectivity.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000073216 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\windows.device_monitor.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000110592 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\windows.volumes.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000020480 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\windows.winwrap.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 001325056 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\wx._controls_.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 001489408 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\wx._core_.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 001007104 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\wx._gdi_.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000103424 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\wx._html2.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 000916992 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\wx._misc_.pyd 2019-09-12 19:31 - 2019-09-12 19:31 - 001039872 _____ () [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\wx._windows_.pyd 2013-02-23 12:47 - 2013-02-23 12:47 - 000166400 _____ (Brice Lambson) [File not signed] C:\Program Files\Image Resizer for Windows\ShellExtensions.dll 2019-08-27 17:33 - 2019-09-06 10:25 - 062488048 _____ (Google LLC -> Google LLC) [File not signed] C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\chrome.dll 2009-09-16 19:44 - 2009-09-16 19:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hptcpmib.dll 2009-09-16 19:45 - 2009-09-16 19:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\HpTcpMon.dll 2009-09-16 12:44 - 2009-09-16 12:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hpzjrd01.dll 2016-03-04 12:52 - 2011-09-28 10:44 - 000467456 _____ (Hewlett-Packard Corporation) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\hpcpp117.DLL 2015-06-23 16:00 - 2015-06-23 16:00 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll 2015-06-23 16:00 - 2015-06-23 16:00 - 000285696 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll 2009-09-16 19:45 - 2009-09-16 19:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\HPTcpMUI.dll 2019-05-11 20:33 - 2019-05-11 20:33 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL 2016-01-26 00:49 - 2016-01-26 00:49 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll 2016-01-26 00:49 - 2016-01-26 00:49 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll 2019-09-12 19:31 - 2019-09-12 19:31 - 003042304 _____ (Python Software Foundation) [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\python27.dll 2015-11-03 09:07 - 2013-04-01 23:19 - 000574464 _____ (Realtek Semiconductor Corp. ) [File not signed] C:\WINDOWS\system32\Rtlihvs.dll 2019-09-12 19:31 - 2019-09-12 19:31 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\wxbase30u_net_vc90_x64.dll 2019-09-12 19:31 - 2019-09-12 19:31 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\wxbase30u_vc90_x64.dll 2019-09-12 19:31 - 2019-09-12 19:31 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\wxmsw30u_adv_vc90_x64.dll 2019-09-12 19:31 - 2019-09-12 19:31 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\wxmsw30u_core_vc90_x64.dll 2019-09-12 19:31 - 2019-09-12 19:31 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\wxmsw30u_html_vc90_x64.dll 2019-09-12 19:31 - 2019-09-12 19:31 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\Raudel\AppData\Local\Temp\_MEI116322\wxmsw30u_webview_vc90_x64.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 05:04 - 2019-09-12 15:10 - 000000904 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 activation.freemake.com 127.0.0.1 www.activation.freemake.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\;C:\Program Files\Intel\IntelSGXPSW\bin\win32\Release\;C:\adb;C:\Program Files\Calibre2\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122019151833455\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122019151833485\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-1258500712-2013476395-2823826765-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Raudel\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{c9a8b4e0-e5e7-469d-a956-bc677ef8400e}.jpg HKU\S-1-5-21-1258500712-2013476395-2823826765-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09122019151833509\Control Panel\Desktop\\Wallpaper -> C:\Users\Raudel\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{c9a8b4e0-e5e7-469d-a956-bc677ef8400e}.jpg DNS Servers: 192.168.8.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{F00F1182-731D-42E2-9E79-312ABD973908}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{4E0D9F34-E4BE-4F74-BF54-D3CA2C1063DE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{2663B81E-73C8-46E1-BC91-D70870DC945B}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> ) FirewallRules: [TCP Query User{570633EA-4B62-4B33-B529-6B69D46544CE}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> ) FirewallRules: [UDP Query User{A7A48E2F-1589-4D30-93E6-6C5D757BB04B}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe (NetEase(Hangzhou) Network Co. Ltd. -> 网易游戏) FirewallRules: [TCP Query User{17CB4AD8-68D8-474D-A8AD-B93394704F9A}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe (NetEase(Hangzhou) Network Co. Ltd. -> 网易游戏) FirewallRules: [UDP Query User{BF997159-7127-43A7-A53F-8B01DF0545F4}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> ) FirewallRules: [TCP Query User{E3C8BB83-74B6-45A4-83AC-54B2B26BE692}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> ) FirewallRules: [{C625F3AD-9C10-4CDE-BD0D-AF04FF5C7351}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Bay Asylum\Launcher.exe () [File not signed] FirewallRules: [{A8705D2C-CF28-4CE3-AF43-7DB9D1FE2C13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Bay Asylum\Launcher.exe () [File not signed] FirewallRules: [{53265DC1-00F6-4387-922E-4578FC3BEA54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Higurashi When They Cry\HigurashiEp01.exe () [File not signed] FirewallRules: [{99BDBE07-3414-4C58-8038-B6DBBBEB3F26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Higurashi When They Cry\HigurashiEp01.exe () [File not signed] FirewallRules: [{E78D52BF-589F-40E4-9877-B0AC64B4E79C}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.) FirewallRules: [{5BF737A7-D5F9-4438-9A9C-5739A91A5DDC}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.) FirewallRules: [{9BF790D5-1867-429D-BCEF-7A5F1AA33A4B}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.) FirewallRules: [{FC27ACF5-CF73-4C13-8A41-D233A0E825EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MovieStudioPlatinum130\Movie Studio Platinum 13.0\MovieStudioPlatinum130.exe (MAGIX Software GmbH -> MAGIX Computer Products Intl. Co.) FirewallRules: [{7B70C75B-5DC5-430B-A116-FD64CA2D0670}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MovieStudioPlatinum130\Movie Studio Platinum 13.0\MovieStudioPlatinum130.exe (MAGIX Software GmbH -> MAGIX Computer Products Intl. Co.) FirewallRules: [{C1B2A6A6-FF63-4E29-805E-2E93DFA9BFE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DuckTales Remastered\executable\DuckTales.exe () [File not signed] FirewallRules: [{8124B051-4201-4F94-B165-F0DD12B3BB17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DuckTales Remastered\executable\DuckTales.exe () [File not signed] FirewallRules: [{9125DB73-98E6-434A-A7C4-5DAAA4D4A506}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{70720896-C354-4BB8-BEE2-2B708B4EEE52}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{5AC76FF3-3EBC-4092-8060-4B4319216D22}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{DE278778-EDE7-4337-80D4-DC3B03AE9C48}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{006077F7-366D-479E-BCF1-3FAFE458AC3F}C:\program files\java\jdk1.8.0_102\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_102\bin\java.exe FirewallRules: [TCP Query User{059C38A7-60B1-4C59-A589-C4180A66A881}C:\program files\java\jdk1.8.0_102\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_102\bin\java.exe FirewallRules: [UDP Query User{ABD07192-70B5-4B35-97C6-EFA109B6CD93}C:\program files\java\jdk1.8.0_102\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_102\bin\java.exe FirewallRules: [TCP Query User{85CF2DCE-D346-484B-8F27-18F677FD9799}C:\program files\java\jdk1.8.0_102\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_102\bin\java.exe FirewallRules: [{1DDFE186-F771-4BA3-A1AE-FD79755D8DF2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{ABF4F188-F894-40DD-92A3-7A9F6F0993F6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{EDFC7B24-F19D-4AA9-B37C-0DC9B038B5D3}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 400 M401\bin\EWSProxy.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{5E631B34-2518-476B-8A23-6E5E4798E48A}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 400 M401\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{4050197B-E082-42C4-8C74-88210185ADDB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{79596341-73E4-49E7-A25D-620817DCAB15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D8F939FE-CDFA-4026-A36F-A5C07C951793}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{9D27B0C8-8EE5-466B-AFF8-201508CB6EDD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{53383C58-21AB-4330-B00D-9ACCFB47B896}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{AF739D45-41C6-4C0E-B2B8-F571E1F61194}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3B93379D-A69C-49E8-953B-932499282340}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc) FirewallRules: [{BCB5626B-2DC9-46E3-9378-9C6CA7A985A1}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc) FirewallRules: [{C5CB4F65-F95C-483A-8F2B-3C727E43F635}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd) FirewallRules: [{99645F94-AD37-4529-824E-108364B1C565}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd) FirewallRules: [{7A089231-B875-4D63-B435-B45CFF8BB80F}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc) FirewallRules: [{DDEA71BB-8366-4C7C-AABB-3DB085BABEB2}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc) FirewallRules: [{0469B268-617F-49E9-BEA2-42450C7B51BF}] => (Allow) C:\Program Files (x86)\Common Files\PT\updater.exe (PornTime) [File not signed] FirewallRules: [{36E2068F-E108-4B46-B539-8230B9907048}] => (Allow) C:\Program Files (x86)\Common Files\PT\updater.exe (PornTime) [File not signed] FirewallRules: [{4F3C749B-A8C7-4D75-982A-926A15B96A87}] => (Allow) C:\Program Files (x86)\PornTime\PornTime.exe (PornTime) [File not signed] FirewallRules: [{288CD873-5717-411D-A025-65DBB9AC143A}] => (Allow) C:\Program Files (x86)\PornTime\PornTime.exe (PornTime) [File not signed] FirewallRules: [TCP Query User{67E613CC-C5EE-4AD5-ACE2-7966D81E3304}C:\program files (x86)\porntime\porntime.exe] => (Allow) C:\program files (x86)\porntime\porntime.exe (PornTime) [File not signed] FirewallRules: [UDP Query User{C8A9E3D1-AC2E-4F4E-8C7F-3038C7C51CFF}C:\program files (x86)\porntime\porntime.exe] => (Allow) C:\program files (x86)\porntime\porntime.exe (PornTime) [File not signed] FirewallRules: [TCP Query User{9295AB5A-24AC-4776-A595-C84208C6B896}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed] FirewallRules: [UDP Query User{6B71892F-B5B2-428D-803B-63ACF0D3C68D}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed] FirewallRules: [TCP Query User{66AA6F22-576A-4519-8A1D-8DE0C4D1F6BF}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed] FirewallRules: [UDP Query User{1B716077-5082-4AD4-B7D7-519D8578E73F}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed] FirewallRules: [{2D9AA88A-C6CD-4279-BA5C-D7D5C8D18DD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed] FirewallRules: [{8C4784EC-28CA-4552-863F-74AAF077F789}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed] FirewallRules: [{D488D0B8-505A-4890-A1E7-979DFAB7A0FF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{31E9E188-9CE9-41C5-906A-288F6C9DDBEA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C9445B9D-86EA-414A-8C5A-BDFB0DA1CC93}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) ==================== Restore Points ========================= 23-08-2019 11:46:35 Punto de control programado 30-08-2019 18:30:50 Punto de control programado 04-09-2019 13:54:41 Revo Uninstaller's restore point - aSc TimeTables 04-09-2019 14:16:27 Revo Uninstaller's restore point - aSc TimeTables 10-09-2019 10:09:38 ZHPcleaner ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/12/2019 03:18:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: mbamtray.exe, versión: 3.1.0.1838, marca de tiempo: 0x5d13b12f Nombre del módulo con errores: Qt5Core.dll, versión: 5.11.1.0, marca de tiempo: 0x5cba0161 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x0018dc19 Identificador del proceso con errores: 0x1c2c Hora de inicio de la aplicación con errores: 0x01d569ae8b11448a Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Identificador del informe: 7bd53729-7164-4997-80af-b0aa8d0a6b44 Nombre completo del paquete con errores: Identificador de aplicación relativa del paquete con errores: Error: (09/12/2019 03:13:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: roz.exe, versión: 1.0.0.1, marca de tiempo: 0x577e5fa3 Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x42398576 Identificador del proceso con errores: 0x25ec Hora de inicio de la aplicación con errores: 0x01d569aef59eae22 Ruta de acceso de la aplicación con errores: C:\Horarios\roz.exe Ruta de acceso del módulo con errores: unknown Identificador del informe: c0f41aff-8763-4233-a974-6c5da8d696a2 Nombre completo del paquete con errores: Identificador de aplicación relativa del paquete con errores: Error: (09/12/2019 03:10:25 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 7531 ms DPTF Build Version: 8.3.10207.5567 DPTF Build Date: Nov 2 2017 14:28:00 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 1027 Executing Function: PolicyBase::takeControlOfOsc Message: Critical Policy: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.3.10207.5567 DPTF Build Date: Nov 2 2017 14:28:00 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 649 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202] Policy: Critical Policy [3] Error: (09/12/2019 03:10:25 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 7373 ms DPTF Build Version: 8.3.10207.5567 DPTF Build Date: Nov 2 2017 14:28:00 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 1027 Executing Function: PolicyBase::takeControlOfOsc Message: Active Policy: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.3.10207.5567 DPTF Build Date: Nov 2 2017 14:28:00 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 649 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202] Policy: Active Policy [0] Error: (09/12/2019 01:36:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: roz.exe, versión: 1.0.0.1, marca de tiempo: 0x577e5fa3 Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x42398576 Identificador del proceso con errores: 0x37c4 Hora de inicio de la aplicación con errores: 0x01d569a160921d49 Ruta de acceso de la aplicación con errores: C:\Horarios\roz.exe Ruta de acceso del módulo con errores: unknown Identificador del informe: 122b06a8-5012-44c1-b70a-e68b4a502f5f Nombre completo del paquete con errores: Identificador de aplicación relativa del paquete con errores: Error: (09/12/2019 01:03:32 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 7827 ms DPTF Build Version: 8.3.10207.5567 DPTF Build Date: Nov 2 2017 14:28:00 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 1027 Executing Function: PolicyBase::takeControlOfOsc Message: Critical Policy: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.3.10207.5567 DPTF Build Date: Nov 2 2017 14:28:00 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 649 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202] Policy: Critical Policy [3] Error: (09/12/2019 01:03:32 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 7588 ms DPTF Build Version: 8.3.10207.5567 DPTF Build Date: Nov 2 2017 14:28:00 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 1027 Executing Function: PolicyBase::takeControlOfOsc Message: Active Policy: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.3.10207.5567 DPTF Build Date: Nov 2 2017 14:28:00 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 649 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202] Policy: Active Policy [0] Error: (09/12/2019 08:53:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: backgroundTaskHost.exe, versión: 10.0.17763.1, marca de tiempo: 0x6fe3727f Nombre del módulo con errores: twinapi.appcore.dll, versión: 10.0.17763.292, marca de tiempo: 0x270a22eb Código de excepción: 0xc000027b Desplazamiento de errores: 0x00000000000bd588 Identificador del proceso con errores: 0x24bc Hora de inicio de la aplicación con errores: 0x01d56979cf104538 Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\backgroundTaskHost.exe Ruta de acceso del módulo con errores: C:\Windows\System32\twinapi.appcore.dll Identificador del informe: 77ba5e71-af0b-44ca-8555-06603e539d09 Nombre completo del paquete con errores: Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe Identificador de aplicación relativa del paquete con errores: x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x System errors: ============= Error: (09/12/2019 09:45:56 PM) (Source: DCOM) (EventID: 10016) (User: RAUDELDT) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario RAUDELDT\Raudel con SID (S-1-5-21-1258500712-2013476395-2823826765-1003) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (09/12/2019 09:45:13 PM) (Source: DCOM) (EventID: 10016) (User: RAUDELDT) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario RAUDELDT\Raudel con SID (S-1-5-21-1258500712-2013476395-2823826765-1003) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (09/12/2019 07:31:44 PM) (Source: DCOM) (EventID: 10016) (User: RAUDELDT) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario RAUDELDT\Raudel con SID (S-1-5-21-1258500712-2013476395-2823826765-1003) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (09/12/2019 07:31:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} y APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (09/12/2019 07:31:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} y APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} al usuario NT AUTHORITY\LOCAL SERVICE con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (09/12/2019 07:04:12 PM) (Source: DCOM) (EventID: 10010) (User: RAUDELDT) Description: El servidor Microsoft.WindowsStore_11909.1001.7.0_x64__8wekyb3d8bbwe!App no se registró con DCOM dentro del tiempo de espera requerido. Error: (09/12/2019 07:04:10 PM) (Source: DCOM) (EventID: 10010) (User: RAUDELDT) Description: El servidor {B9B05098-3E30-483F-87F7-027CA78DA287} no se registró con DCOM dentro del tiempo de espera requerido. Error: (09/12/2019 04:26:51 PM) (Source: Schannel) (EventID: 4114) (User: NT AUTHORITY) Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate. CodeIntegrity: =================================== Date: 2019-09-09 18:08:43.506 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-09-09 18:08:43.464 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-09-09 18:08:43.396 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-09-09 18:08:43.371 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-09-09 18:08:43.329 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-09-09 18:08:43.269 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-09-09 18:08:33.128 Description: Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-09-03 13:03:03.841 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== BIOS: Insyde F.43 08/07/2015 Motherboard: HP 80A1 Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz Percentage of memory in use: 41% Total physical RAM: 16222.84 MB Available physical RAM: 9445.83 MB Total Virtual: 18654.84 MB Available Virtual: 11015.33 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:420.11 GB) (Free:45.66 GB) NTFS Drive e: () (Removable) (Total:119.22 GB) (Free:58.19 GB) exFAT \\?\Volume{1a845b69-611d-4d1e-a549-e528ed9941b5}\ () (Fixed) (Total:0.93 GB) (Free:0.31 GB) NTFS \\?\Volume{13dd3089-0dd7-4c3c-9f81-ae6fe6784058}\ (RECOVERY) (Fixed) (Total:25.71 GB) (Free:2.92 GB) NTFS \\?\Volume{650bd6a1-c4ce-4faa-a65e-c4ea52a86079}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 447.1 GB) (Disk ID: 81D61500) Partition: GPT. ======================================================== Disk: 1 (Protective MBR) (Size: 119.3 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================