Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-05-2019 Ran by walter (05-06-2019 00:02:15) Running from C:\Users\walter\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-07-14 02:53:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-3193159865-2815699795-1142240979-500 - Administrator - Disabled) Invitado (S-1-5-21-3193159865-2815699795-1142240979-501 - Limited - Enabled) => C:\Users\TEMP.walter-PC.000 KOOL (S-1-5-21-3193159865-2815699795-1142240979-1011 - Administrator - Enabled) => C:\Users\KOOL UpdatusUser (S-1-5-21-3193159865-2815699795-1142240979-1001 - Limited - Enabled) => C:\Users\TEMP.walter-PC.000 walter (S-1-5-21-3193159865-2815699795-1142240979-1000 - Administrator - Enabled) => C:\Users\walter ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3193159865-2815699795-1142240979-1000\...\uTorrent) (Version: 3.5.5.45231 - BitTorrent Inc.) Activador Windows 7 (HKLM\...\Activador Windows 7) (Version: - ) Actualización de NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated) Adobe Flash Player 31 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated) Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.101 - Adobe Systems Incorporated) Adobe Shockwave Player 12.3 (HKLM\...\{3BD13111-2F32-4AB7-B9BB-16E07C9AA894}) (Version: 12.3.4.204 - Adobe Systems, Inc) Advanced PDF Password Recovery (HKU\S-1-5-21-3193159865-2815699795-1142240979-1000\...\Advanced PDF Password Recovery) (Version: 5.0 - ElcomSoft Co. Ltd.) Advanced RAR Repair v1.2 (HKLM\...\Advanced RAR Repair v1.2) (Version: - ) AIMP (HKLM\...\AIMP) (Version: v4.50.2058, 27.12.2017 - AIMP DevTeam) AirDroid 3.3.5.3 (HKLM\...\AirDroid) (Version: 3.3.5.3 - Sand Studio) Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.5.1 - Sereby Corporation) AMP Font Viewer (HKLM\...\AMP Font Viewer) (Version: - ) AnyTrans (HKLM\...\AnyTrans) (Version: 6.3.3.0 - iMobie Inc.) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.5.2378 - AVAST Software) Batch Picture Resizer 7.2 (HKLM\...\Batch Picture Resizer_is1) (Version: 7.2 - SoftOrbits) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Camtasia Studio 8 (HKLM\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation) Capturador de Links versión 2.0 creada por Luciano Aibar (HKLM\...\Capturador de Links_is1) (Version: 2.0 creada por Luciano Aibar - ) Card Reader Patch 1.0 for Windows 7 (HKLM\...\Card Reader Windows 7 Patch_is1) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.48 - Piriform) Compatibilidad con Aplicaciones de Apple (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Cuestionator (HKLM\...\Cuestionator) (Version: - ) Cyotek WebCopy version 1.3.0.405 (HKLM\...\{D5FAF1F8-C903-41b2-AC66-2682A02A78CB}_is1) (Version: 1.3.0.405 - Cyotek Ltd) Descargador de Video de Apowersoft V6.2.4 (HKLM\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.2.4 - APOWERSOFT LIMITED) Dexpot (HKU\S-1-5-21-3193159865-2815699795-1142240979-1000\...\Dexpot) (Version: 1.6.14 - Dexpot GbR) DFX (HKLM\...\DFX) (Version: 12.023.0.0 - Power Technology) DGE-560T Gigabit PCI Express Ethernet Adapter (HKLM\...\{6E01C07D-A44B-406E-A0DC-DEF62181E6E7}) (Version: 7.47.706.2011 - D-Link) Diagnóstico de impresoras Samsung (HKLM\...\Samsung Printer Diagnostics) (Version: 1.0.0.15 - Samsung Electronics Co., Ltd.) Direct Video Downloader version 2.12 (HKLM\...\{5FB07C70-45DA-45C9-AAD3-F805D4C463D5}_is1) (Version: 2.12 - Major Share, MajorShare.com) D-Link DFE-520TX (HKLM\...\{9629C9A1-74F7-4DD0-B99B-9066925E63F8}) (Version: - D-Link) Hidden D-Link DFE-520TX (HKLM\...\InstallShield_{9629C9A1-74F7-4DD0-B99B-9066925E63F8}) (Version: - D-Link) D-Link DFE-530TX+ (HKLM\...\{2D6A5BD9-FE4B-49CD-8D96-2C4746302A82}) (Version: - D-Link) Hidden D-Link DFE-530TX+ (HKLM\...\InstallShield_{2D6A5BD9-FE4B-49CD-8D96-2C4746302A82}) (Version: - D-Link) Driver Easy 5.6.5 (HKLM\...\DriverEasy_is1) (Version: 5.6.5 - Easeware) Dropbox (HKLM\...\Dropbox) (Version: 73.4.118 - Dropbox, Inc.) Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden Duplicate Cleaner Pro 4.0.4 (HKLM\...\Duplicate Cleaner Pro) (Version: 4.0.4 - DigitalVolcano Software Ltd) DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink Instal) DVD2one V2.4.2 (HKLM\...\DVD2one V2) (Version: 2.4.2 - Eximius B.V.) EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) EaseUS Partition Master 12.5 Trial Edition (HKLM\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS) f.lux (HKU\S-1-5-21-3193159865-2815699795-1142240979-1000\...\Flux) (Version: - f.lux Software LLC) FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes) FindThatWord 0.1 (HKLM\...\{1409F1B5-726C-47D5-9642-A6B4716E2823}_is1) (Version: - Jonny and Ieuan Jones) Flash Online Scanner 1.0 (HKLM\...\Flash Online Scanner_is1) (Version: - ZGW Software, Inc.) FLOW3D Version 9.3.2 (HKLM\...\{28D7F279-2398-489E-87A9-D03AAAE8ADDA}) (Version: 9.3.2 - Flow Science, Inc.) Hidden FLOW3D Version 9.3.2 (HKLM\...\InstallShield_{28D7F279-2398-489E-87A9-D03AAAE8ADDA}) (Version: 9.3.2 - Flow Science, Inc.) Folder Size 3.4.0.0 (HKLM\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.) FormatFactory 3.8.0.0 (HKLM\...\FormatFactory) (Version: 3.8.0.0 - Free Time) ForSamplingUpdate (HKU\S-1-5-21-3193159865-2815699795-1142240979-1000\...\7bec5a913a80bf0f) (Version: 1.3.2.3 - ForSampling) Foxit PDF Preview Handler (HKLM\...\{6FE22909-D0D6-4111-ABCE-7F8D986C4A2A}) (Version: 1.0.0 - Tim Heuer) Foxit PhantomPDF Business (HKLM\...\{4699E810-3A23-11E6-97B8-000C2992F709}) (Version: 8.0.0.624 - Foxit Software Inc.) Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.4.1.16828 - Foxit Software Inc.) Free Sound Recorder v10.8.8 (HKLM\...\Free Sound Recorder_is1) (Version: - Copyright(C) 2005-2015 FreeSoundRecorder Technologies, Inc.) Free Video to DVD Converter (HKLM\...\Free Video to DVD Converter_is1) (Version: 5.0.99.823 - Digital Wave Ltd) GeoGebra 5 (HKLM\...\GeoGebra 5) (Version: 5.0.341.0 - International GeoGebra Institute) Glary Utilities PRO 5.79 (HKLM\...\Glary Utilities 5) (Version: 5.79.0.100 - Glarysoft Ltd) Google Chrome (HKLM\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 3.1.29 - GridinSoft LLC) GridMove V1.19.57 (HKLM\...\GridMove_is1) (Version: - DonationCoder.com) HandBrake 1.0.7 (HKLM\...\HandBrake) (Version: 1.0.7 - ) HAZARES (HKLM\...\ST6UNST #1) (Version: - ) HidenGate (HKLM\...\{6AE85624-C2DA-4547-B0EF-8B424A03252B}_is1) (Version: 1.0.0.5 - DLTG) HiSuite (HKLM\...\Hi Suite) (Version: 9.0.3.300 - Huawei Technologies Co.,Ltd) ICC for Windows 1.0 beta 9.8.10 (HKLM\...\{CFF71C5A-D887-429C-A1F6-FD395C1823E8}_is1) (Version: 1.0 - Internet Chess Club, Inc.) IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6099.6 - IDT) iExplorer 3.7.5.1 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC) IHMC Concept Map Tools 2.9.1 - walter (HKLM\...\IHMC Concept Map Tools 2.9.1 - walter) (Version: - ) IIS 8.0 Express (HKLM\...\{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}) (Version: 8.0.1557 - Microsoft Corporation) Java 8 Update 211 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Join Multiple DjVu Files Into One Software (HKLM\...\Join Multiple DjVu Files Into One Software_is1) (Version: - Sobolsoft) JPEG Recovery Pro 5.0 (HKLM\...\JPEG Recovery Pro5.0) (Version: 5.0 - e.World Technology Limited) KeyExtender 3.99 (HKLM\...\KeyExtender_is1) (Version: - EasySoft) K-Lite Codec Pack 14.5.2 Full (HKLM\...\KLiteCodecPack_is1) (Version: 14.5.2 - KLCP) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) Kutools for Word versión 8.9.0 (HKLM\...\{E9A0AD37-5BA2-4E60-85F1-8B785CF2FBF5}_is1) (Version: 8.9.0 - ExtendOffice) Lupas Rename 2000 v5.0 Release (HKLM\...\Lupas Rename 2000_is1) (Version: - Ivan Anton Albarracin) Math Editor version 1.0.6.6 (HKLM\...\{1250D241-20C3-40C9-BBA8-6D537A8021FA}_is1) (Version: 1.0.6.6 - MathiVersity) MathType 7 (HKLM\...\DSMT7) (Version: 7.1.2 - WIRIS) Max Recorder (HKLM\...\Max Recorder) (Version: 2.006.0.0 - Silver Vine, LLC) MEGAsync (HKLM\...\MEGAsync) (Version: - Mega Limited) Merlín Generador de Ejercicios (HKLM\...\Merlín Generador de Ejercicios_is1) (Version: - ) Microsoft .NET Framework 4.7 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.02053 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 (HKLM\...\{10C4E843-C226-3FDF-9DD6-F4E3275E734D}) (Version: 4.7.03062 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Keyboard Layout Creator 1.4 (HKLM\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.) Microsoft OneDrive (HKU\S-1-5-21-3193159865-2815699795-1142240979-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{F95C77E7-7194-4EAF-AB58-1E270838ED0C}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{DEDD3877-0BDD-4A02-A50B-FCB8E540D308}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package - SE (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE) (Version: - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.0 (HKLM\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) MiniTool Partition Wizard Free 10.2.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 67.0.1 (x86 es-ES) (HKLM\...\Mozilla Firefox 67.0.1 (x86 es-ES)) (Version: 67.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.1 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NetCut 2.1.4 (HKLM\...\NetCut_is1) (Version: - arcai.com) NVIDIA Controlador de audio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Controlador de gráficos 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (HKLM\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation) NVIDIA Software del sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) Ontrack EasyRecovery Enterprise (HKLM\...\{AE695CA4-8847-4462-98CC-023874D29E72}_is1) (Version: 11.5.0.0 - Kroll Ontrack Inc.) OpenAL (HKLM\...\OpenAL) (Version: - ) Panel de control de NVIDIA 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 309.08 - NVIDIA Corporation) Hidden Paquete de controladores de Windows - IDT MEDIA (11/27/2008 5.10.6099.8) (HKLM\...\7196607E1A8892CB0B39A0ADD6D36FAC68564EFF) (Version: 11/27/2008 5.10.6099.8 - IDT) Paquete de controladores de Windows - Microsoft (msisadrv) System (06/21/2006 6.1.7600.16385) (HKLM\...\F7107071B470B397C7CF356FEFEA5750761B2484) (Version: 06/21/2006 6.1.7600.16385 - Microsoft) Paquete de controladores de Windows - NVIDIA (NVNET) Net (10/30/2009 73.1.9.1) (HKLM\...\F8F98893BBD0749D6052A2993F0180943FB5E5C3) (Version: 10/30/2009 73.1.9.1 - NVIDIA) Paquete de controladores de Windows - Ralink Corporation (BlueletAudio) MEDIA (12/19/2012 9.2.1.0002) (HKLM\...\D32C584A1BE4E34101249FD90E0D04E489A0A05D) (Version: 12/19/2012 9.2.1.0002 - Ralink Corporation) PDF Password Remover v3.1 (HKLM\...\PDF Password Remover v3.1_is1) (Version: - VeryPDF.com Inc) PhotoScape (HKLM\...\PhotoScape) (Version: - ) Picture Doctor 3.1 (HKLM\...\Picture Doctor_is1) (Version: 3.1 - SoftOrbits) PSPP (HKLM\...\PSPP) (Version: 0.10.1 - Free Software Foundation, Inc.) QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) R for Windows 3.5.0 (HKLM\...\R for Windows 3.5.0_is1) (Version: 3.5.0 - R Core Team) Rainbow Folders (HKLM\...\{2AEA17BA-FAB3-49D2-BB85-0669D14DC9BC}_is1) (Version: 2.05 - Piotr Chodzinski) RAR Password Recovery v1.1 RC16 (remove only) (HKLM\...\Intelore - RAR Password Recovery) (Version: - ) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.) Remo Recover (HKLM\...\{993DAF7C-A5F8-42EA-81D4-DAE3C9D2D1F7}_is1) (Version: 3.0.0.113 - Remo Software) Remove Empty Directories version 2.2 (HKLM\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John) Resource Hacker Version 4.5.30 (HKLM\...\ResourceHacker_is1) (Version: - ) RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version: - Punk Software) Rybka 4 (HKLM\...\{9CAF9762-B107-4E7B-A459-68F083298C58}) (Version: 12.0.0 - ChessBase) Hidden Rybka 4 (HKLM\...\{F9683839-1A7F-4874-91B7-64CDF4AC4679}) (Version: 12.0.0 - ChessBase) Samsung ML-2160 Series (HKLM\...\Samsung ML-2160 Series) (Version: 1.26 (16-08-2017) - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Samsung Universal Print Driver 2 XPS (HKLM\...\Samsung Universal Print Driver 2 XPS) (Version: 2.50.04.00 - Samsung Electronics Co., Ltd.) Scientific Notebook 5.5 (HKLM\...\{E066DE16-50F3-4A8C-953C-E67118894B2F}) (Version: 5.50 - MacKichan Software) Sothink SWF Catcher for Internet Explorer (HKLM\...\{7FC84AD6-D939-41A0-A3DF-FB9B511FF275}_is1) (Version: 3.0 - SourceTec Software Co., LTD) Sothink SWF Decompiler (HKLM\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.4 - SourceTec Software Co., LTD) Sparkol VideoScribe (HKLM\...\{0998FB32-1208-49AC-A8C8-2B462FE040EF}) (Version: 2.3.2002 - Sparkol) Hidden Sparkol VideoScribe (HKLM\...\Sparkol VideoScribe 2.3.2002) (Version: 2.3.2002 - Sparkol) Stellar Phoenix Windows Data Recovery - Home (HKLM\...\Stellar Phoenix Windows Data Recovery - Home_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd) StreamTransport version: 1.0.2.1700 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - ) Syncios Data Transfer 1.6.5 (HKLM\...\{6C4BB520-3416-4D67-B7EA-A9FF6662345F}_is1) (Version: 1.6.5 - Anvsoft, Inc.) System Mechanic (HKLM\...\{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 18.0.2.486 - iolo technologies, LLC) TeamViewer 14 (HKLM\...\TeamViewer) (Version: 14.2.2558 - TeamViewer) Teleport Pro (HKLM\...\Teleport Pro) (Version: 1.70 - Tennyson Maxwell Information Systems, Inc.) TL-WN725N_WN723N Controlador (HKLM\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK) Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 9.21a - Ghisler Software GmbH) Total Video Converter 3.61 100319 (HKLM\...\Total Video Converter 3.61_is1) (Version: - EffectMatrix Inc.) TotalAudioConverter (HKLM\...\Total Audio Converter_is1) (Version: 5.1 - Softplicity, Inc.) Turgs MBOX Wizard (HKLM\...\Turgs MBOX Wizard_is1) (Version: - Turgs) United States (English and Talossan) (HKLM\...\{630CB9BF-D268-4270-B6C9-4C0D5330E4E2}) (Version: 1.0.3.40 - keyboards.jargon-file.org) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) VBA Password Recovery Lastic 1.2 (HKLM\...\VBA Password Recovery Lastic_is1) (Version: - ) VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden Vector Magic (HKLM\...\Vector Magic) (Version: 1.15 - Vector Magic, Inc.) VideoCAM Messenger (HKLM\...\{57383270-6F61-4DC8-A9B8-C1745FC29F38}) (Version: 4.21.0.000 - KYE) Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - ) Visual MP3 Splitter & Joiner 9.1 (HKLM\...\Visual MP3 Splitter & Joiner_is1) (Version: - ManiacTools.com) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN) WallpaperSuite (HKU\S-1-5-21-3193159865-2815699795-1142240979-1000\...\WallpaperSuite) (Version: 1.0.0.1 - WallpaperSuite) WebCopier 5.3 (HKLM\...\{0C72BD21-2BBB-43E6-8EEB-C8BE42FE90E5}_is1) (Version: - MaximumSoft Corp.) WhatsApp (HKU\S-1-5-21-3193159865-2815699795-1142240979-1000\...\WhatsApp) (Version: 0.2.7315 - WhatsApp) WinDirStat 1.1.2 (HKU\S-1-5-21-3193159865-2815699795-1142240979-1000\...\WinDirStat) (Version: - ) WinDjView 2.1 (HKLM\...\WinDjView) (Version: 2.1 - Andrew Zhezherun) WinHTTrack Website Copier 3.48-22 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack) WinRAR 5.70 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH) Wolfram Extras 10.4 (5514075) (HKLM\...\A-WIN-Extras 10.4.1 5514075_is1) (Version: 10.4.1 - Wolfram Research, Inc.) Wolfram Mathematica 10.4 (M-WIN-L 10.4.1 5514214) (HKLM\...\M-WIN-L 10.4.1 5514214_is1) (Version: 10.4.1 - Wolfram Research, Inc.) Wolfram Mathematica 11.2 (M-WIN-L 11.2.0 5822651) (HKLM\...\M-WIN-L 11.2.0 5822651_is1) (Version: 11.2.0 - Wolfram Research, Inc.) WolframScript (A-WIN32-WolframScript 11.2.0 2017091001) (HKLM\...\{90D12C2B-666B-422D-91CF-531112BA0823}) (Version: 11.2.44 - Wolfram Research, Inc.) Wondershare Data Recovery(Build 6.0.1.9) (HKLM\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 6.0.1.9 - Wondershare Software Co.,Ltd.) Wondershare Helper Compact 2.5.2 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare) ZaraRadio 1.6.2 (HKLM\...\ZaraRadio_is1) (Version: - ZaraSoft) ZOOK MBOX to PDF Converter (HKLM\...\ZOOK MBOX to PDF Converter_is1) (Version: - ZOOK) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3193159865-2815699795-1142240979-1000_Classes\CLSID\{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}\InprocServer32 -> C:\Program Files\Ultracopier\PluginLoader\catchcopy-v0002\catchcopy32.dll () [File not signed] CustomCLSID: HKU\S-1-5-21-3193159865-2815699795-1142240979-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems Incorporated -> Adobe Systems) CustomCLSID: HKU\S-1-5-21-3193159865-2815699795-1142240979-1000_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Windows -> Microsoft Corporation) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation -> EldoS Corporation) ShellServiceObjects: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation -> EldoS Corporation) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-10-25] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP\System\aimp_menu32.dll [2018-01-05] (Artem Izmaylov -> AIMP DevTeam) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_103.dll [2013-06-17] (Free Time) [File not signed] ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x86.dll [2016-06-17] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2016-06-22] (Glarysoft LTD -> Glarysoft Ltd) ContextMenuHandlers1: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2017-06-08] () [File not signed] ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files\Phoenix360\System Mechanic\x86\Incinerator.dll [2018-09-28] (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\walter\AppData\Local\MEGAsync\ShellExtX32.dll [2019-02-19] (Mega Limited -> ) ContextMenuHandlers1: [TotalConverter] -> {280CFDE1-1354-4431-92F3-03073BA593FB} => C:\Program Files\CoolUtils\TotalAudioConverter\axTotalConverter.dll [2015-01-28] () [File not signed] ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2016-06-22] (Glarysoft LTD -> Glarysoft Ltd) ContextMenuHandlers2: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2017-06-08] () [File not signed] ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\walter\AppData\Local\MEGAsync\ShellExtX32.dll [2019-02-19] (Mega Limited -> ) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [DLLRegSvr] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => -> No File ContextMenuHandlers3: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed] ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\walter\AppData\Local\MEGAsync\ShellExtX32.dll [2019-02-19] (Mega Limited -> ) ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-04] () [File not signed] ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP\System\aimp_menu32.dll [2018-01-05] (Artem Izmaylov -> AIMP DevTeam) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_103.dll [2013-06-17] (Free Time) [File not signed] ContextMenuHandlers4: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2017-06-08] () [File not signed] ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files\Phoenix360\System Mechanic\x86\Incinerator.dll [2018-09-28] (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\walter\AppData\Local\MEGAsync\ShellExtX32.dll [2019-02-19] (Mega Limited -> ) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-01-30] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-10-25] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2018-12-25] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2016-06-22] (Glarysoft LTD -> Glarysoft Ltd) ContextMenuHandlers6: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2017-06-08] () [File not signed] ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-04] () [File not signed] ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] Shortcut: C:\Users\walter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic Shortcut: C:\Users\walter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic ==================== Loaded Modules (Whitelisted) ============== 2018-01-05 18:55 - 2018-01-05 18:55 - 000159232 _____ () [File not signed] C:\Program Files\AIMP\Plugins\aimp_sacd\libsacd.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000026624 _____ () [File not signed] C:\Program Files\AIMP\Plugins\Aorta\Aorta.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000504038 _____ () [File not signed] C:\Program Files\AIMP\sqlite3.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000759296 _____ () [File not signed] C:\Program Files\AIMP\System\Encoders\aimp_libvorbis.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000348672 _____ () [File not signed] C:\Program Files\AIMP\System\Encoders\lame_enc.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000299008 _____ () [File not signed] C:\Program Files\AIMP\System\Encoders\libFLAC.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000205824 _____ () [File not signed] C:\Program Files\AIMP\System\libsoxr.dll 2019-01-25 22:25 - 2015-01-28 05:19 - 002426880 _____ () [File not signed] C:\Program Files\CoolUtils\TotalAudioConverter\axTotalConverter.dll 2017-06-08 10:14 - 2017-06-08 10:14 - 001095680 ____N () [File not signed] C:\Program Files\GridinSoft Anti-Malware\shellext.dll 2010-07-04 17:32 - 2010-07-04 17:32 - 000010752 _____ () [File not signed] C:\Program Files\Unlocker\UnlockerCOM.dll 2017-09-10 16:51 - 2017-09-10 16:51 - 000798208 _____ () [File not signed] C:\Users\walter\AppData\Local\MEGAsync\libsodium.dll 2016-08-01 22:10 - 2011-04-11 01:26 - 000024064 _____ () [File not signed] C:\Windows\System32\spexsl.dll 2016-11-05 11:01 - 2016-11-05 11:01 - 000184320 _____ () [File not signed] C:\Windows\W7FBC\dll.dll 2019-05-12 01:18 - 2011-07-28 17:35 - 000262144 _____ (Arcai.com) [File not signed] C:\Program Files\netcut\services\AIPS.exe 2018-01-05 18:55 - 2018-01-05 18:55 - 000226304 _____ (Conifer Software) [File not signed] C:\Program Files\AIMP\System\Encoders\wavpackdll.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 001061376 _____ (FFmpeg Project) [File not signed] C:\Program Files\AIMP\Plugins\aimp_inputFFmpeg\avcodec-aimp-57.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000497152 _____ (FFmpeg Project) [File not signed] C:\Program Files\AIMP\Plugins\aimp_inputFFmpeg\avformat-aimp-57.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000571904 _____ (FFmpeg Project) [File not signed] C:\Program Files\AIMP\Plugins\aimp_inputFFmpeg\avutil-aimp-55.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000122368 _____ (FFmpeg Project) [File not signed] C:\Program Files\AIMP\Plugins\aimp_inputFFmpeg\swresample-aimp-2.dll 2016-02-17 23:16 - 2016-02-17 23:16 - 023927296 _____ (FFmpeg Project) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\avcodec-57.dll 2016-02-17 23:16 - 2016-02-17 23:16 - 006306816 _____ (FFmpeg Project) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\avformat-57.dll 2016-02-17 23:16 - 2016-02-17 23:16 - 000599552 _____ (FFmpeg Project) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\avutil-55.dll 2016-02-17 23:16 - 2016-02-17 23:16 - 000287232 _____ (FFmpeg Project) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\swresample-2.dll 2016-02-17 23:16 - 2016-02-17 23:16 - 000513024 _____ (FFmpeg Project) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\swscale-4.dll 2013-06-17 13:31 - 2013-06-17 13:31 - 000076288 _____ (Free Time) [File not signed] C:\Program Files\FormatFactory\ShellEx_103.dll 2018-12-12 06:32 - 2018-12-12 06:32 - 000154432 _____ (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe 2010-04-07 09:00 - 2010-04-07 09:00 - 005758976 _____ (hxxp://www.emule-project.net) [File not signed] H:\eMule\emule.exe 2010-04-07 09:01 - 2010-04-07 09:01 - 000114688 _____ (hxxp://www.emule-project.net) [File not signed] H:\eMule\lang\es_ES_T.dll 2007-03-30 18:34 - 2007-03-30 18:34 - 000036864 _____ (Malwarebytes) [File not signed] C:\Program Files\FileASSASSIN\FileASSASSINExt.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000149845 _____ (MaresWEB) [File not signed] C:\Program Files\AIMP\Plugins\bass_aac\bass_aac.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000015113 _____ (MaresWEB) [File not signed] C:\Program Files\AIMP\Plugins\bass_ac3\bass_ac3.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000009416 _____ (MaresWEB) [File not signed] C:\Program Files\AIMP\Plugins\bass_alac\bass_alac.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000029052 _____ (MaresWEB) [File not signed] C:\Program Files\AIMP\Plugins\bass_ape\bass_ape.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000021112 _____ (MaresWEB) [File not signed] C:\Program Files\AIMP\Plugins\bass_mpc\bass_mpc.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000036105 _____ (MaresWEB) [File not signed] C:\Program Files\AIMP\Plugins\bass_spx\bass_spx.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000007910 _____ (MaresWEB) [File not signed] C:\Program Files\AIMP\Plugins\bass_tta\bass_tta.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000445952 _____ (Matthew T. Ashland) [File not signed] C:\Program Files\AIMP\System\Encoders\MACDll.dll 2009-08-18 10:24 - 2009-08-18 10:24 - 000134144 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll 2019-05-18 17:03 - 2019-05-18 17:03 - 000626688 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dll 2016-07-29 00:52 - 2016-07-29 00:52 - 002447000 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Windows\system32\nvapi.dll 2009-06-10 17:19 - 2016-07-29 00:59 - 015373760 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Windows\system32\nvd3dum.dll 2017-09-10 15:08 - 2017-09-10 15:08 - 000061952 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\cares.dll 2018-04-02 13:21 - 2018-04-02 13:21 - 000275456 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\libcurl.dll 2018-04-02 13:38 - 2019-01-21 19:22 - 001374208 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\LIBEAY32.dll 2018-04-02 13:38 - 2019-01-21 19:22 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\SSLEAY32.dll 2017-09-14 02:37 - 2017-09-14 02:37 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\imageformats\qgif.dll 2017-09-14 02:42 - 2017-09-14 02:42 - 000033280 _____ (The Qt Company Ltd) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\imageformats\qicns.dll 2017-09-14 02:37 - 2017-09-14 02:37 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\imageformats\qico.dll 2017-09-14 02:37 - 2017-09-14 02:37 - 000245760 _____ (The Qt Company Ltd) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\imageformats\qjpeg.dll 2017-09-14 02:42 - 2017-09-14 02:42 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\imageformats\qsvg.dll 2017-09-14 02:42 - 2017-09-14 02:42 - 000020992 _____ (The Qt Company Ltd) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\imageformats\qtga.dll 2017-09-14 02:42 - 2017-09-14 02:42 - 000316416 _____ (The Qt Company Ltd) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\imageformats\qtiff.dll 2017-09-14 02:42 - 2017-09-14 02:42 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\imageformats\qwbmp.dll 2017-09-14 02:42 - 2017-09-14 02:42 - 000322560 _____ (The Qt Company Ltd) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\imageformats\qwebp.dll 2017-09-14 02:37 - 2017-09-14 02:37 - 001010688 _____ (The Qt Company Ltd) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\platforms\qwindows.dll 2017-09-25 10:30 - 2017-09-25 10:30 - 004641792 _____ (The Qt Company Ltd) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\Qt5Core.dll 2017-09-14 02:32 - 2017-09-14 02:32 - 005016576 _____ (The Qt Company Ltd) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\Qt5Gui.dll 2017-09-14 02:30 - 2017-09-14 02:30 - 000851968 _____ (The Qt Company Ltd) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\Qt5Network.dll 2017-09-14 02:42 - 2017-09-14 02:42 - 000255488 _____ (The Qt Company Ltd) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\Qt5Svg.dll 2017-09-14 02:35 - 2017-09-14 02:35 - 004433920 _____ (The Qt Company Ltd) [File not signed] C:\Users\walter\AppData\Local\MEGAsync\Qt5Widgets.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000114688 _____ (Thomas Becker, Osnabrueck) [File not signed] C:\Program Files\AIMP\Plugins\tak_deco_lib\tak_deco_lib.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000112796 _____ (Un4seen Developments) [File not signed] C:\Program Files\AIMP\bass.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000019478 _____ (Un4seen Developments) [File not signed] C:\Program Files\AIMP\Plugins\aimp_cdda\aimp_cdda_basscd.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000023820 _____ (Un4seen Developments) [File not signed] C:\Program Files\AIMP\Plugins\bass_flac\bass_flac.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000010976 _____ (Un4seen Developments) [File not signed] C:\Program Files\AIMP\Plugins\bass_hls\bass_hls.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000049499 _____ (Un4seen Developments) [File not signed] C:\Program Files\AIMP\Plugins\bass_midi\bass_midi.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000069388 _____ (Un4seen Developments) [File not signed] C:\Program Files\AIMP\Plugins\bass_opus\bass_opus.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000017733 _____ (Un4seen Developments) [File not signed] C:\Program Files\AIMP\Plugins\bass_wma\bass_wma.dll 2018-01-05 18:55 - 2018-01-05 18:55 - 000028224 _____ (Un4seen Developments) [File not signed] C:\Program Files\AIMP\Plugins\bass_wv\bass_wv.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\34832260.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\34832260.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2019-05-19 13:00 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3193159865-2815699795-1142240979-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\walter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3193159865-2815699795-1142240979-1011\Control Panel\Desktop\\Wallpaper -> C:\Users\KOOL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 200.83.1.4 - 190.160.0.14 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\startupfolder: C:^Users^walter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Enviar a OneNote.lnk => C:\Windows\pss\Enviar a OneNote.lnk.Startup MSCONFIG\startupfolder: C:^Users^walter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GridMove.lnk => C:\Windows\pss\GridMove.lnk.Startup MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true MSCONFIG\startupreg: AirDroid 3 => C:\Program Files\AirDroid\AirDroid.exe /start MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: EEDSpeedLauncher => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher MSCONFIG\startupreg: GoogleChromeAutoLaunch_11DBF98E3701C5FADC062621FC200949 => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun MSCONFIG\startupreg: IDMan => C:\Program Files\Internet Download Manager\IDMan.exe /onboot MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: snpstd => C:\Windows\vsnpstd.exe MSCONFIG\startupreg: uTorrent => "C:\Users\walter\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: WallpaperSuite => "C:\Users\walter\AppData\Local\WallpaperSuite\WallpaperSuite.exe" /regrun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{9D528238-A67C-4542-B304-B9C26C507C97}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{7633E2E6-43C5-4E67-AF97-0E5987669B35}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{C7214D9B-24B9-47F6-AC6B-48FEB982036D}] => (Allow) C:\Users\walter\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7EEECE71-AC0B-4FB5-9F90-FA6536FAB701}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C57A84DA-4A6E-44C1-94D0-A624B12D55AC}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.4\Mathematica.exe (Wolfram Research, Inc. -> Wolfram Research, Inc.) FirewallRules: [{E18BBB95-9360-4CE4-AD13-8170DD1EAEE1}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.4\Mathematica.exe (Wolfram Research, Inc. -> Wolfram Research, Inc.) FirewallRules: [{FCC4EF3A-4C0D-4A8E-87CE-7D53599F21D8}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.4\MathKernel.exe (Wolfram Research, Inc. -> Wolfram Research, Inc.) FirewallRules: [{3F573BE9-7998-4945-B98A-F7853D89E496}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.4\MathKernel.exe (Wolfram Research, Inc. -> Wolfram Research, Inc.) FirewallRules: [{8FECA01F-BAB3-4C4A-ACDD-18544392BB7E}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.4\math.exe (Wolfram Research, Inc. -> Wolfram Research, Inc.) FirewallRules: [{002FDF83-B5E4-4FCD-B531-3ECCBD0DB544}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.4\math.exe (Wolfram Research, Inc. -> Wolfram Research, Inc.) FirewallRules: [{1CCD4EBE-8433-4D70-9327-AA1B497897ED}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{3C7B8F4D-F22D-4CF2-B7A6-1496F409D9D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B5C59195-FA21-4687-A6FE-8B61853FF233}] => (Allow) C:\Program Files\Samsung\Samsung Universal Print Driver 2 XPS\PrinterSelector\SUPDApp.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [TCP Query User{9AF422B9-3B7C-4AF3-A266-EC09F2EEB260}H:\emule\emule.exe] => (Allow) H:\emule\emule.exe (hxxp://www.emule-project.net) [File not signed] FirewallRules: [UDP Query User{00FF2FD2-6BCE-43C8-B206-41107C23C278}H:\emule\emule.exe] => (Allow) H:\emule\emule.exe (hxxp://www.emule-project.net) [File not signed] FirewallRules: [TCP Query User{EF635342-D557-4B41-953A-7D79301A6BBC}C:\program files\airdroid\airdroid.exe] => (Allow) C:\program files\airdroid\airdroid.exe (TONGBU TECHNOLOGY (HK) LIMITED -> Sand Studio) FirewallRules: [UDP Query User{85BAB95E-A9B3-4C30-8A27-EA61D1BFE073}C:\program files\airdroid\airdroid.exe] => (Allow) C:\program files\airdroid\airdroid.exe (TONGBU TECHNOLOGY (HK) LIMITED -> Sand Studio) FirewallRules: [TCP Query User{FF1278F5-0111-4812-B0E3-1EA77599448C}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{B3918105-1138-4FE6-97D4-23C3E6999AA8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{B0C92ECB-FB86-446F-BEA2-1ECEE4C7EEDB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D5B0E551-759D-4869-849A-93ABA001F047}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{A02E2879-144E-4990-AB27-47293DD0104B}] => (Allow) C:\Program Files\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{234E0D55-E191-4A8A-97B8-F5ABCCF5565A}] => (Allow) C:\Program Files\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{08E15151-163C-4610-90AE-862583646A8D}] => (Allow) C:\Program Files\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> ) FirewallRules: [{577938D4-C31F-439E-AED7-4794E9248DA3}] => (Allow) C:\Program Files\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> ) FirewallRules: [{00786891-1D65-4D2F-AB02-15153D59D1B8}] => (Block) LPort=445 FirewallRules: [{AEF91E5C-1E27-4F07-9C4C-D78FDE98A8EB}] => (Block) LPort=445 FirewallRules: [{345DB848-D70D-4B87-8E49-F6724F9D645B}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (chen jun hao -> Free Time) [File not signed] FirewallRules: [{90E96FF0-BA32-4D00-B6CE-0401E1688305}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (chen jun hao -> Free Time) [File not signed] FirewallRules: [{7CC7824D-F7E1-496A-998F-AE2F4C23C5B7}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (chen jun hao -> Free Time) [File not signed] FirewallRules: [{F647CDE6-08D4-400D-BFEA-E1172EBD21D6}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (chen jun hao -> Free Time) [File not signed] FirewallRules: [{41B2D383-4682-4CFF-927A-9EFC5DF34608}] => (Allow) C:\Program Files\FormatFactory\FFModules\Package\PTInstOnline.exe (Free Time) [File not signed] FirewallRules: [{3D11CDC5-C4FA-43E4-B421-3EC95F75C93A}] => (Allow) C:\Users\walter\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{59F1BBAD-3C26-4DC5-A04B-F714E256EC62}] => (Allow) C:\Users\walter\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{6F445E50-811B-404E-A2DB-959F03F5F4A6}] => (Allow) C:\Program Files\AnvSoft\Syncios Data Transfer\SynciosTransfer.exe (Anvsoft Inc. -> Syncios Data Transfer) FirewallRules: [{BF770E88-6035-4A73-9CA9-14DB700DFF91}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{ABD765DC-5FF6-41C3-AFA2-1BF009D32836}] => (Allow) LPort=1688 FirewallRules: [{78259EF6-F897-43D7-9688-EC601B81B98B}] => (Allow) C:\Windows\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{157DCBBD-ED26-4EB1-8F39-49496BDE4E2B}] => (Allow) C:\Windows\system32\tracert.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{3872B16B-36D2-4F3E-B4EC-404EEC582D22}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware) FirewallRules: [{05E1BB3F-1D86-4CC8-AEB6-E01213D3BDC9}] => (Allow) C:\Windows\system32\tracert.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{E9D598E7-1956-4C1C-BBD7-F6936298397B}] => (Allow) C:\Windows\system32\tracert.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{38685AD7-D089-4A26-9C46-F2B9662A30D9}] => (Allow) C:\Windows\system32\tracert.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{A275B686-717D-4503-A285-024A7C716ACF}] => (Allow) C:\Windows\system32\tracert.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{97657A26-90B8-43FE-B58E-0994DF52EF4D}] => (Allow) C:\Windows\system32\tracert.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{7CFCE1DE-D9B8-49C5-B418-001F0F080644}] => (Allow) C:\Windows\system32\tracert.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{C04C8C5F-7769-43CC-AEE9-9A84A12EEAAC}] => (Allow) C:\Windows\system32\tracert.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{5834B863-0A9B-40E0-9473-E425752FAB87}] => (Allow) C:\Windows\system32\tracert.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{9E3672B9-4825-489A-8F43-B164224C81DD}] => (Allow) C:\Windows\system32\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{488CB36F-CBDB-429C-85EC-D8CEBCF55DE5}] => (Allow) C:\Windows\system32\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{6E23D790-0EAF-495A-AAA0-B87F9F4626AB}] => (Allow) C:\Windows\system32\tracert.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{879EE372-8F17-40C3-9DA5-1AFED27354FF}] => (Allow) C:\Windows\system32\tracert.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{2FB5F4D3-B71B-42FD-897C-583C18CE6DEF}] => (Allow) C:\Windows\system32\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{2794003E-E903-4F2D-8EE5-E235F9A97183}] => (Allow) C:\Windows\system32\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{3028F535-6860-475B-BDCE-2FDEE390E697}] => (Allow) C:\Windows\system32\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{F51C90BB-895D-4174-BA6D-0A80A6B04995}] => (Allow) C:\Windows\system32\nslookup.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{615CBA1C-661D-4561-A992-E08FC3E06FA8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{311D2FE8-B6AD-40F9-BBC2-2DADB441AB41}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{A995ED0F-C1E1-4544-B1BF-01B4296D454D}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\Mathematica.exe (Wolfram Research, Inc. -> Wolfram Research, Inc.) FirewallRules: [{AD12BEFA-4416-425D-A0F5-E154FA30F06A}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\Mathematica.exe (Wolfram Research, Inc. -> Wolfram Research, Inc.) FirewallRules: [{3F88A0A6-8759-4862-A69F-66C119B64B62}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\MathKernel.exe (Wolfram Research, Inc. -> Wolfram Research, Inc.) FirewallRules: [{F3E1613F-1F06-405E-918F-56ED1B9E45D8}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\MathKernel.exe (Wolfram Research, Inc. -> Wolfram Research, Inc.) FirewallRules: [{42955922-3BC1-4726-9777-235642BFEC43}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\math.exe (Wolfram Research, Inc. -> Wolfram Research, Inc.) FirewallRules: [{AFB3E3CD-E3E0-498D-A8D1-5905EA703F2A}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\11.2\math.exe (Wolfram Research, Inc. -> Wolfram Research, Inc.) FirewallRules: [{BCAD9AA3-39ED-49DD-B345-10B2B465CEF9}] => (Allow) LPort=8317 FirewallRules: [TCP Query User{ED6D9985-2040-471F-A2B8-E92C3FFF7523}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{9455A99E-EF7A-47F6-B89E-DA08854C2EE0}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{F233FC03-0279-4DC4-AA9C-BFA163334EE7}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{7915EC1D-826E-40C9-A9E9-6CC26ECF496E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{54DF77C4-EADC-4968-91CC-323B2A8C1E3B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{8061EFFC-F134-4919-8701-B0E2DFBFCCDD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [TCP Query User{570FC8B1-1283-41DA-859E-E048AA8E9623}C:\users\walter\desktop\vac\portable foxit pdf editor 2.0.1011.exe] => (Block) C:\users\walter\desktop\vac\portable foxit pdf editor 2.0.1011.exe (Foxit Software Company -> Foxit Software Company) [File not signed] FirewallRules: [UDP Query User{6B3DC682-C666-4E2E-9F51-3803CCA45004}C:\users\walter\desktop\vac\portable foxit pdf editor 2.0.1011.exe] => (Block) C:\users\walter\desktop\vac\portable foxit pdf editor 2.0.1011.exe (Foxit Software Company -> Foxit Software Company) [File not signed] FirewallRules: [TCP Query User{C533C36C-E349-4096-B1A3-50B8CB2E5784}E:\escritorio mayo\super carpeta\portable foxit pdf editor 2.0.1011.exe] => (Block) E:\escritorio mayo\super carpeta\portable foxit pdf editor 2.0.1011.exe (Foxit Software Company -> Foxit Software Company) [File not signed] FirewallRules: [UDP Query User{457F5B43-97A5-41E0-AD96-29A07813E808}E:\escritorio mayo\super carpeta\portable foxit pdf editor 2.0.1011.exe] => (Block) E:\escritorio mayo\super carpeta\portable foxit pdf editor 2.0.1011.exe (Foxit Software Company -> Foxit Software Company) [File not signed] FirewallRules: [TCP Query User{40D6354D-CD07-4935-A3FC-05CF140CC499}C:\users\walter\desktop\4 medios\portable foxit pdf editor 2.0.1011.exe] => (Block) C:\users\walter\desktop\4 medios\portable foxit pdf editor 2.0.1011.exe (Foxit Software Company -> Foxit Software Company) [File not signed] FirewallRules: [UDP Query User{D7671610-5D8F-477C-BDE3-A6CF9000D2B3}C:\users\walter\desktop\4 medios\portable foxit pdf editor 2.0.1011.exe] => (Block) C:\users\walter\desktop\4 medios\portable foxit pdf editor 2.0.1011.exe (Foxit Software Company -> Foxit Software Company) [File not signed] FirewallRules: [{46929318-5DE8-4CA2-BC34-E7C0F55652FF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [TCP Query User{8EDB451E-8A41-402D-895C-9AB532280EC6}C:\users\walter\desktop\portable foxit pdf editor 2.0.1011.exe] => (Block) C:\users\walter\desktop\portable foxit pdf editor 2.0.1011.exe (Foxit Software Company -> Foxit Software Company) [File not signed] FirewallRules: [UDP Query User{805F1B4D-F3AB-44D6-828F-9909CE69E0D2}C:\users\walter\desktop\portable foxit pdf editor 2.0.1011.exe] => (Block) C:\users\walter\desktop\portable foxit pdf editor 2.0.1011.exe (Foxit Software Company -> Foxit Software Company) [File not signed] FirewallRules: [{D8CC2F9E-BE61-4430-95A1-D3FA08FF9182}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) ==================== Restore Points ========================= 02-06-2019 01:53:29 Punto de control programado ==================== Faulty Device Manager Devices ============= Name: VPN Client Adapter - VPN Description: VPN Client Adapter - VPN Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: SoftEther VPN Project Service: Neo_VPN Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: NVIDIA nForce Ethernet Description: NVIDIA nForce Networking Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: NVIDIA Service: NVNET Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/03/2019 11:25:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: SSTray.exe, versión: 18.0.2.486, marca de tiempo: 0x5bae5516 Nombre del módulo con errores: KERNELBASE.dll, versión: 6.1.7601.24000, marca de tiempo: 0x5a4996cd Código de excepción: 0xe0434352 Desplazamiento de errores: 0x0000845d Id. del proceso con errores: 0xd80 Hora de inicio de la aplicación con errores: 0x01d51a84fc94d820 Ruta de acceso de la aplicación con errores: C:\Program Files\Phoenix360\System Mechanic\SSTray.exe Ruta de acceso del módulo con errores: C:\Windows\system32\KERNELBASE.dll Id. del informe: 5a3ad790-8678-11e9-90b1-00030d000001 Error: (06/03/2019 11:25:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Aplicación: SSTray.exe Versión de Framework: v4.0.30319 Descripción: el proceso terminó debido a una excepción no controlada. Información de la excepción: System.IO.FileLoadException en System.Reflection.RuntimeAssembly._nLoad(System.Reflection.AssemblyName, System.String, System.Security.Policy.Evidence, System.Reflection.RuntimeAssembly, System.Threading.StackCrawlMark ByRef, IntPtr, Boolean, Boolean, Boolean) en System.Reflection.RuntimeAssembly.nLoad(System.Reflection.AssemblyName, System.String, System.Security.Policy.Evidence, System.Reflection.RuntimeAssembly, System.Threading.StackCrawlMark ByRef, IntPtr, Boolean, Boolean, Boolean) en System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(System.Reflection.AssemblyName, System.Security.Policy.Evidence, System.Reflection.RuntimeAssembly, System.Threading.StackCrawlMark ByRef, IntPtr, Boolean, Boolean, Boolean) en System.Reflection.RuntimeAssembly.InternalLoadFrom(System.String, System.Security.Policy.Evidence, Byte[], System.Configuration.Assemblies.AssemblyHashAlgorithm, Boolean, Boolean, System.Threading.StackCrawlMark ByRef) en System.Reflection.Assembly.LoadFrom(System.String) en Phoenix360.Shared.SharedHelper.AppResolveEventHandler(System.Object, System.ResolveEventArgs) en System.AppDomain.OnAssemblyResolveEvent(System.Reflection.RuntimeAssembly, System.String) Información de la excepción: System.IO.FileLoadException en iolo.Controller.EntitlementController..cctor() Información de la excepción: System.TypeInitializationException en iolo.Controller.EntitlementController.get_Instance() en iolo.SSTray.SSTrayApp..ctor() en iolo.SSTray.Program.Main(System.String[]) Error: (06/03/2019 11:03:14 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: No se puede cargar el controlador de protocolo File. Descripción del error: Error al ejecutar la operación de paginación. (HRESULT : 0x800703e7). Error: (06/03/2019 10:38:37 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Error al generar el contexto de activación para "C:\totalcmd\TOTALCMD64.EXE". No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0". Use sxstrace.exe para obtener un diagnóstico detallado. Error: (06/03/2019 10:38:37 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Error al generar el contexto de activación para "C:\totalcmd\TCUNIN64.EXE". No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0". Use sxstrace.exe para obtener un diagnóstico detallado. Error: (06/02/2019 11:03:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: emule.exe, versión: 0.50.0.4, marca de tiempo: 0x4bbc81c8 Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x67aa7217 Id. del proceso con errores: 0x1180 Hora de inicio de la aplicación con errores: 0x01d5194b236e9160 Ruta de acceso de la aplicación con errores: H:\eMule\emule.exe Ruta de acceso del módulo con errores: unknown Id. del informe: 3899f610-85ac-11e9-90b1-00030d000001 Error: (06/02/2019 10:28:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: Mathematica.exe, versión: 11.2.30778.23993, marca de tiempo: 0x59b5e95e Nombre del módulo con errores: Mathematica.exe, versión: 11.2.30778.23993, marca de tiempo: 0x59b5e95e Código de excepción: 0xc0000005 Desplazamiento de errores: 0x0060634e Id. del proceso con errores: 0x830 Hora de inicio de la aplicación con errores: 0x01d519b3b0061a40 Ruta de acceso de la aplicación con errores: C:\Program Files\Wolfram Research\Mathematica\11.2\SystemFiles\FrontEnd\Binaries\Windows\Mathematica.exe Ruta de acceso del módulo con errores: C:\Program Files\Wolfram Research\Mathematica\11.2\SystemFiles\FrontEnd\Binaries\Windows\Mathematica.exe Id. del informe: 5583f230-85a7-11e9-90b1-00030d000001 Error: (06/02/2019 08:17:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: SSTray.exe, versión: 18.0.2.486, marca de tiempo: 0x5bae5516 Nombre del módulo con errores: KERNELBASE.dll, versión: 6.1.7601.24000, marca de tiempo: 0x5a4996cd Código de excepción: 0xe0434352 Desplazamiento de errores: 0x0000845d Id. del proceso con errores: 0xf34 Hora de inicio de la aplicación con errores: 0x01d5193ca9e931f0 Ruta de acceso de la aplicación con errores: C:\Program Files\Phoenix360\System Mechanic\SSTray.exe Ruta de acceso del módulo con errores: C:\Windows\system32\KERNELBASE.dll Id. del informe: 66a1c140-8530-11e9-90b1-00030d000001 System errors: ============= Error: (06/04/2019 03:01:30 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: La estructura del sistema de archivos en el disco está dañada y no se puede usar. Ejecute la utilidad chkdsk en el volumen walter. Error: (06/03/2019 11:03:12 PM) (Source: Disk) (EventID: 7) (User: ) Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso. Error: (06/03/2019 11:03:12 PM) (Source: Disk) (EventID: 7) (User: ) Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso. Error: (06/03/2019 11:03:12 PM) (Source: Disk) (EventID: 7) (User: ) Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso. Error: (06/03/2019 11:03:12 PM) (Source: Disk) (EventID: 7) (User: ) Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso. Error: (06/03/2019 11:03:12 PM) (Source: Disk) (EventID: 7) (User: ) Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso. Error: (06/03/2019 11:03:12 PM) (Source: nvstor32) (EventID: 3) (User: ) Description: Data error on device. Device: \Device\RaidPort0 Model: WDC WD5000AAKS-00A7B2 Firmware Version: 01.0 Serial Number: WD-WCASY5417993 Port: 0 Error: (06/03/2019 11:03:12 PM) (Source: nvstor32) (EventID: 3) (User: ) Description: Data error on device. Device: \Device\RaidPort0 Model: WDC WD5000AAKS-00A7B2 Firmware Version: 01.0 Serial Number: WD-WCASY5417993 Port: 0 CodeIntegrity: =================================== Date: 2018-10-15 18:23:37.767 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Phoenix360\System Mechanic\WscRmd.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2018-10-15 18:23:37.690 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Phoenix360\System Mechanic\WscRmd.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2018-10-15 18:23:37.582 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Phoenix360\System Mechanic\WscRmd.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2018-10-13 13:22:58.324 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Phoenix360\System Mechanic\WscRmd.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2018-10-13 13:22:58.309 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Phoenix360\System Mechanic\WscRmd.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2018-10-13 13:22:58.309 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Phoenix360\System Mechanic\WscRmd.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2018-10-08 22:06:11.771 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Phoenix360\System Mechanic\WscRmd.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2018-10-08 22:06:11.755 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\Phoenix360\System Mechanic\WscRmd.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema. ==================== Memory info =========================== BIOS: American Megatrends Inc. 080015 05/16/2008 Motherboard: ECS GF7100/7050PVT-M3 Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz Percentage of memory in use: 87% Total physical RAM: 2815.24 MB Available physical RAM: 349.53 MB Total Virtual: 5630.48 MB Available Virtual: 2006.4 MB ==================== Drives ================================ Drive c: (walter) (Fixed) (Total:100.72 GB) (Free:5.54 GB) NTFS Drive d: (210916-1) (Fixed) (Total:910.16 GB) (Free:569.69 GB) NTFS Drive e: (210916-2) (Fixed) (Total:910.16 GB) (Free:228.9 GB) NTFS Drive f: (210916-3) (Fixed) (Total:974.08 GB) (Free:419.42 GB) NTFS Drive g: (ws250709 [musica-video-ima]) (Fixed) (Total:185.55 GB) (Free:23.68 GB) NTFS Drive h: (ws-07-10-2016) (Fixed) (Total:145.84 GB) (Free:101.48 GB) NTFS Drive i: (260614 UTILIDADES) (Fixed) (Total:6.72 GB) (Free:0.82 GB) NTFS Drive l: (280418 FORMULARIOS) (Fixed) (Total:5 GB) (Free:0.63 GB) NTFS Drive o: (WS 18-05-2019) (Fixed) (Total:21.83 GB) (Free:14.91 GB) NTFS \\?\Volume{965bd5ae-496b-11e6-90d8-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 00290029) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=364.9 GB) - (Type=0F Extended) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 2794.5 GB) (Disk ID: 03DD17B9) Partition: GPT. ==================== End of Addition.txt ============================