Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-12-2019 01 Ran by saenz (24-12-2019 20:44:01) Running from C:\Users\saenz\Desktop Windows 10 Pro Version 1903 18362.476 (X64) (2019-11-21 09:10:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-3305917012-4270169547-4029195171-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3305917012-4270169547-4029195171-503 - Limited - Disabled) Invitado (S-1-5-21-3305917012-4270169547-4029195171-501 - Limited - Disabled) saenz (S-1-5-21-3305917012-4270169547-4029195171-1001 - Administrator - Enabled) => C:\Users\saenz WDAGUtilityAccount (S-1-5-21-3305917012-4270169547-4029195171-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: Bitdefender Antivirus (Disabled - Up to date) {0E17DB7D-A20F-62CE-B95B-17DB0CDFE318} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Antispyware (Enabled - Up to date) {B5763A99-8435-6D40-83EB-2CA97758A9A5} FW: Bitdefender Firewall (Enabled) {362C5A58-E860-6396-9204-BEEEF20CA463} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Action! (HKLM-x32\...\Mirillis Action!) (Version: 3.9.6 - Mirillis) Actualización de NVIDIA 38.0.2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.2.0 - NVIDIA Corporation) Hidden Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated) Adobe After Effects 2019 (HKLM-x32\...\AEFT_16_1_1) (Version: 16.1.1 - Adobe Systems Incorporated) Adobe Audition 2019 (HKLM-x32\...\AUDT_12_1) (Version: 12.1 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.9.0.504 - Adobe Systems Incorporated) Adobe Illustrator 2019 (HKLM-x32\...\ILST_23_0_3) (Version: 23.0.3 - Adobe Systems Incorporated) Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_8_2_1) (Version: 8.2.1 - Adobe Systems Incorporated) Adobe Media Encoder 2019 (HKLM-x32\...\AME_13_1) (Version: 13.1 - Adobe Systems Incorporated) Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated) Adobe Premiere Rush CC (HKLM-x32\...\RUSH_1_0_3) (Version: 1.0.3 - Adobe Systems Incorporated) Albion Online (HKLM-x32\...\SandboxAlbionOnline) (Version: - Sandbox Interactive GmbH) Apple Application Support (32 bits) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.) Apple Application Support (64 bits) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment) Astute Manager (HKLM-x32\...\{52F7B33F-617B-4484-9986-E57B436C0442}) (Version: 0.0.6 - Astute Graphics) Authy Desktop (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\authy-electron) (Version: 1.7.2 - Twilio Inc.) Authy Desktop (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\authy-electron) (Version: 1.7.2 - Twilio Inc.) Backup and Sync from Google (HKLM\...\{93EBD8BA-7A14-4636-8F1F-E929ADF2C3A9}) (Version: 3.47.7654.0300 - Google, Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 23.0.8.132 - Bitdefender) Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 24.0.12.72 - Bitdefender) Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 23.0.19.85 - Bitdefender) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 79.1.1.23 - Brave Software Inc) Brave Nightly (HKLM-x32\...\BraveSoftware Brave-Browser-Nightly) (Version: 79.1.4.42 - Brave Software Inc) calibre 64bit (HKLM\...\{AD46B379-13AD-4790-8137-2311E8825039}) (Version: 3.44.0 - Kovid Goyal) Call of Duty Black Ops 4 (HKLM-x32\...\Call of Duty Black Ops 4) (Version: - Blizzard Entertainment) CCleaner (HKLM\...\CCleaner) (Version: 5.53 - Piriform) Cheat Engine 6.8.3 (HKLM\...\Cheat Engine 6.8.3_is1) (Version: - Cheat Engine) Chrome Remote Desktop Host (HKLM-x32\...\{738276A2-92E7-4313-9E4D-D090F7DA98EC}) (Version: 79.0.3945.10 - Google Inc.) Coinomi Wallet version 1.0.9 (HKLM\...\{EE5A628F-810E-44CF-B45E-CA24076FF104}_is1) (Version: 1.0.9 - Coinomi Ltd) Core Temp 1.13 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.13 - ALCPU) Desinstalar impresora EPSON L1300 Series (HKLM\...\EPSON L1300 Series) (Version: - SEIKO EPSON Corporation) Discord (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\Discord) (Version: 0.0.305 - Discord Inc.) Discord (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\Discord) (Version: 0.0.305 - Discord Inc.) Epic Games Launcher (HKLM-x32\...\{688B6799-8427-42C9-8C6A-ABFADCE86EBC}) (Version: 1.1.195.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION) Epson Software Updater (HKLM-x32\...\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}) (Version: 4.4.11 - Seiko Epson Corporation) EVE Online (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\{321678af-bb5b-40f6-b370-7753635681d4}) (Version: 1.0.0 - CCP) EVE Online (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\{321678af-bb5b-40f6-b370-7753635681d4}) (Version: 1.0.0 - CCP) FileZilla Client 3.43.0 (HKLM-x32\...\FileZilla Client) (Version: 3.43.0 - Tim Kosse) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden GPU Temp version 1.0 (HKLM-x32\...\{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1) (Version: 1.0 - gputemp.com) Guía interactiva EXANI-I (HKLM-x32\...\{C2D7231F-E271-48F9-ABCD-AA7E306755E8}) (Version: 1.1.0 - MUV) Guía interactiva EXANI-II (HKLM-x32\...\{D8960B50-BA4F-45F1-8F70-EB2951D8AAB5}) (Version: 1.1.0 - MUV) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) HP Dropbox Plugin (HKLM-x32\...\{E33A1540-AF13-4F30-BEB5-3F4CD72AC7F9}) (Version: 36.0.175.0 - HP) HP EmailSMTP Plugin (HKLM-x32\...\{CF4D7C86-DBA1-458D-990F-987A386091C8}) (Version: 43.0.175.0 - HP) HP FTP Plugin (HKLM-x32\...\{B9FFA818-A8AE-406E-80EF-85A54A1C9F83}) (Version: 43.0.175.0 - HP) HP Google Drive Plugin (HKLM-x32\...\{78CD6FCC-A6E9-4DCB-B137-FD691DB15CC6}) (Version: 36.0.175.0 - HP) HP Ink Tank Wireless 410 series Ayuda (HKLM-x32\...\{1B44A563-C791-4886-9C29-B85050156A9E}) (Version: 44.0.0 - HP) HP Ink Tank Wireless 410 series Software básico del dispositivo (HKLM\...\{0900D622-F110-45F0-94B1-2A244949F394}) (Version: 45.3.2597.18208 - HP Inc.) HP OneDrive Plugin (HKLM-x32\...\{C79809ED-0E3D-43E9-9F45-FA43DFA1EFFD}) (Version: 36.0.175.0 - HP) HP SFTP Plugin (HKLM-x32\...\{6E9B2B7C-1701-4DD3-80F7-B45ECA565DF9}) (Version: 43.0.175.0 - HP) HP SharePoint Plugin (HKLM-x32\...\{41871A92-7684-456F-8BE2-AB570C641AEC}) (Version: 43.0.175.0 - HP) Image Resizer for Windows (64 bit) (HKLM\...\{2A1F3759-5792-469B-B895-7E29680F02F1}) (Version: 3.1.1.0 - Brice Lambson) Hidden Image Resizer for Windows (HKLM-x32\...\{92916BDF-74CB-479C-B69E-32EACB074FFE}) (Version: 3.1.1.0 - Brice Lambson) Hidden Image Resizer for Windows (HKLM-x32\...\{c624f5da-779e-4ccb-9ce1-34bc5ef0a6b9}) (Version: 3.1.1.0 - Brice Lambson) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Intel(R) Chipset Device Software (HKLM-x32\...\{fcfc894b-0d54-4d39-826f-dcb39ce5dde7}) (Version: 10.1.17861.8101 - Intel(R) Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1846.12.0.1177 - Intel Corporation) Intel(R) Network Connections 23.5.0.0 (HKLM\...\PROSetDX) (Version: 23.5.0.0 - Intel) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden Internet Download Manager (HKLM\...\Internet Download Manager 6.32.2_is1) (Version: 6.32.2 - Tonec Inc.) iTunes (HKLM\...\{9C4D8598-C1F2-468E-B587-F85558AA5EEE}) (Version: 12.9.4.102 - Apple Inc.) Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Kits Configuration Installer (HKLM-x32\...\{63AAA877-5536-9481-2385-28A082100D78}) (Version: 10.1.18362.1 - Microsoft) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains) Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.) Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProplusRetail - es-es) (Version: 16.0.12228.20364 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27033 (HKLM-x32\...\{cc3a7c63-31fb-4129-9024-63ebefd86a95}) (Version: 14.16.27033.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) Minecraft Launcher (HKLM-x32\...\{D0972543-9D51-4A1A-A765-E5A7B1CB09E5}) (Version: 1.0.0.0 - Mojang) Mozilla Firefox 70.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 70.0.1 (x64 en-US)) (Version: 70.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.4 - Mozilla) NetLimiter 4 (HKLM\...\{AC8F026D-2606-46CD-BA72-33A9FAB2F715}) (Version: 4.0.42.0 - Locktime Software) Hidden NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.42.0) (Version: 4.0.42.0 - Locktime Software) Newsbin Pro (HKLM\...\Newsbin6) (Version: 6.81 - DJI Interprises, LLC) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.8.1 - Notepad++ Team) Npcap 0.9983 (HKLM-x32\...\NpcapInst) (Version: 0.9983 - Nmap Project) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 3.20.1.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.1.57 - NVIDIA Corporation) NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NZBGet (HKLM-x32\...\NZBGet) (Version: - Andrey Prygunkov) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden OnTopReplica (HKLM-x32\...\{F149C020-D121-45B2-A630-5DB052413244}) (Version: 3.5.1 - OnTopReplica) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) Panel de control de NVIDIA 436.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 436.15 - NVIDIA Corporation) Hidden PuTTY release 0.71 (64-bit) (HKLM\...\{B27534DB-4F72-4F49-A3AD-5EC1B6901E5E}) (Version: 0.71.0.0 - Simon Tatham) qBittorrent 4.1.9.1 (HKLM-x32\...\qBittorrent) (Version: 4.1.9.1 - The qBittorrent project) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8586 - Realtek Semiconductor Corp.) Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.) RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder) SlickVPN v0.2.61 (gde9faf8) (HKLM-x32\...\SlickVPN_is1) (Version: 0.2.61 - SlickVPN) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Tableta Wacom (HKLM\...\Wacom Tablet Driver) (Version: 6.3.34-3 - Wacom Technology Corp.) Telegram Desktop version 1.8.15 (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.15 - Telegram FZ-LLC) Telegram Desktop version 1.8.15 (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.15 - Telegram FZ-LLC) Twitch (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.) Twitch (HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.) UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN) Windows Software Development Kit - Windows 10.0.18362.1 (HKLM-x32\...\{126dedf0-cc0e-4b48-9ece-806b0e437195}) (Version: 10.1.18362.1 - Microsoft Corporation) WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH) Wireshark 3.0.6 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.6 - The Wireshark developer community, hxxps://www.wireshark.org) Wolfram Mathematica 12 (M-WIN-L 12.0.0 6206958) (HKLM\...\M-WIN-L 12.0.0 6206958_is1) (Version: 12.0.0 - Wolfram Research, Inc.) WolframScript (A-WIN32-WolframScript 12.0.0 2019040701) (HKLM-x32\...\{460ACB2E-59A1-11E9-848B-0CC47AC03162}) (Version: 12.0.89 - Wolfram Research, Inc.) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) WPT Redistributables (HKLM-x32\...\{70D0B057-048B-F699-A2B0-AD325018802F}) (Version: 10.1.18362.1 - Microsoft) Hidden WPTx64 (HKLM-x32\...\{EC12C121-3208-5E92-FCB0-0591769632F9}) (Version: 10.1.18362.1 - Microsoft) Hidden Yeti Pro Driver v2.23.0 (HKLM-x32\...\Yeti Pro Driver v2.23.0) (Version: 2.23.0 - BLUE) Packages: ========= Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-04-18] (Adobe Systems Incorporated) Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-08-26] (Adobe Systems Incorporated) Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.27.6.0_x86__kgqvnymyfvs32 [2019-12-13] (king.com) Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1661.1.0_x86__kgqvnymyfvs32 [2019-12-20] (king.com) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.3842.0_x64__rz1tebttyb220 [2019-12-16] (Dolby Laboratories) Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-11-21] (Fitbit) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-15] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-08] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-08] (Microsoft Corporation) [MS Ad] Microsoft Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad] Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.14.105.0_x64__8wekyb3d8bbwe [2019-12-20] (Microsoft Studios) MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad] Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.16.0_x64__nfy108tqq3p12 [2019-11-21] (Thumbmunkeys Ltd) [MS Ad] Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.158.0_x64__dt26b99r8h8gj [2019-03-20] (Realtek Semiconductor Corp) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-380993785BEE} -> [Creative Cloud Files] => C:\Users\saenz\Creative Cloud Files [2019-02-27 13:10] CustomCLSID: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001_Classes\CLSID\{BB714201-BEFF-4275-932D-8AAE21D603C1} -> [Descargas Mega] => F:\Descargas\Descargas Mega [2019-05-10 17:41] CustomCLSID: HKU\S-1-5-21-3305917012-4270169547-4029195171-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc. -> Tonec Inc.) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> ) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-06-16] (Notepad++ -> ) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-24] (Google LLC -> Google) ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2018-05-26] (Open Source Developer, Brice Lambson -> Brice Lambson) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> ) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> ) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-12-23] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> ) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-24] (Google LLC -> Google) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\saenz\AppData\Local\MEGAsync\ShellExtX64.dll [2019-09-09] (Mega Limited -> ) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-08-24] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-12-23] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group -> VS Revo Group) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed] HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\system32\ficvdec_x64.dll [652288 2013-05-28] () [File not signed] HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed] HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-28] () [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\saenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Authy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=gaedmjdfmmahhbjefcbgaolhhanlaolb ShortcutWithArgument: C:\Users\saenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Escritorio Remoto de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ==================== Loaded Modules (Whitelisted) ============= 2019-07-25 17:27 - 2014-12-10 11:25 - 000087552 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\_ctypes.pyd 2019-07-25 17:27 - 2014-12-10 11:25 - 000774656 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\_hashlib.pyd 2019-07-25 17:27 - 2014-12-10 11:25 - 000046080 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\_socket.pyd 2019-07-25 17:27 - 2014-12-10 11:25 - 001201152 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\_ssl.pyd 2019-07-25 17:27 - 2014-05-03 11:55 - 000110080 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\pywintypes27.dll 2019-07-25 17:27 - 2014-05-03 11:56 - 000027648 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\servicemanager.pyd 2019-07-25 17:27 - 2014-05-03 11:56 - 000100352 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\win32api.pyd 2019-07-25 17:27 - 2014-05-03 11:55 - 000018432 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\win32event.pyd 2019-07-25 17:27 - 2014-05-03 11:56 - 000049664 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\win32evtlog.pyd 2019-07-25 17:27 - 2014-05-03 11:55 - 000119808 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\win32file.pyd 2019-07-25 17:27 - 2014-05-03 11:55 - 000024064 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\win32pipe.pyd 2019-07-25 17:27 - 2014-05-03 11:55 - 000036864 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\win32process.pyd 2019-07-25 17:27 - 2014-05-03 11:55 - 000108544 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\win32security.pyd 2019-07-25 17:27 - 2014-05-03 11:55 - 000042496 _____ () [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\win32service.pyd 2019-06-08 12:39 - 2014-05-16 00:35 - 000192512 _____ () [File not signed] C:\Program Files\BLUE\Yeti_Pro_Driver\blueyetiproapi.dll 2018-10-05 01:13 - 2018-10-05 01:13 - 000144896 _____ () [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\libssh2.dll 2018-10-05 01:13 - 2018-10-05 01:13 - 000077824 _____ () [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\zlib.dll 2019-07-25 17:27 - 2014-12-10 11:25 - 002459136 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\SlickVPN\resources\bin\win32\slickvpnsrvc\PYTHON27.DLL 2019-04-19 17:00 - 2017-05-23 13:59 - 000494080 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll 2019-04-19 17:00 - 2017-05-23 13:59 - 000256000 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll 2018-10-05 01:13 - 2018-10-05 01:13 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\LIBCURL.dll 2018-10-05 01:13 - 2018-10-05 01:13 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\LIBEAY32.dll 2018-10-05 01:13 - 2018-10-05 01:13 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LAClient\SSLEAY32.dll 2018-04-06 11:29 - 2018-04-06 11:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LIBEAY32.dll 2018-04-06 11:29 - 2018-04-06 11:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\ssleay32.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [442] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-09-15 00:31 - 2019-09-05 13:33 - 000001479 ____R C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 licensing.freegrabapp.com 127.0.0.1 api.bignox.com 127.0.0.1 tracking.trnox.com 127.0.0.1 bi.yeshen.com 127.0.0.1 launcher.us.yeshen.com 127.0.0.1 pubstatus.sinaapp.com 127.0.0.1 noxagile.duapp.com 127.0.0.1 common.duapps.com 127.0.0.1 pasta.esfile.duapps.com 127.0.0.1 api.mobula.sdk.duapps.com 127.0.0.1 hmma.baidu.com 127.0.0.1 nrc.tapas.net 127.0.0.1 au.umeng.com 127.0.0.1 www.yeshen.com 127.0.0.1 www.yeshen.com.w.kunlungr.com 127.0.0.1 hm.e.shifen.com 127.0.0.1 tdcv3.talkingdata.net 127.0.0.1 alog.umeng.com 127.0.0.1 sdk.open.inc2.igexin.com 127.0.0.1 androiden.duapp.com ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\HP\Common\HPDestPlgIn\;C:\Program Files (x86)\Wolfram Research\WolframScript\;C:\Program Files\PuTTY\;C:\Program Files\Calibre2\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851336\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851352\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\saenz\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{a34d7e13-40ba-49d6-abac-ae28cd5d87ca}.jpg HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\Control Panel\Desktop\\Wallpaper -> C:\Users\saenz\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{a34d7e13-40ba-49d6-abac-ae28cd5d87ca}.jpg DNS Servers: 1.1.1.1 - 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. Network Binding: ============= Ethernet 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKU\S-1-5-21-3305917012-4270169547-4029195171-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-3305917012-4270169547-4029195171-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12242019165851383\...\StartupApproved\Run: => "Discord" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 06-12-2019 07:25:00 Punto de control programado 15-12-2019 11:04:38 Punto de control programado 24-12-2019 13:14:18 Instalador de Módulos de Windows ==================== Faulty Device Manager Devices ============ Name: Teclado PS/2 estándar Description: Teclado PS/2 estándar Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Teclados estándar) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Mouse PS/2 de Microsoft Description: Mouse PS/2 de Microsoft Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ======================== Application errors: ================== Error: (12/24/2019 06:02:16 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (12732,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/24/2019 05:37:41 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (4528,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/24/2019 05:07:03 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (7024,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/24/2019 04:58:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina CoCreateInstance. HR = 0x8007045b, Se está cerrando el sistema. . Error: (12/24/2019 04:58:11 PM) (Source: VSS) (EventID: 13) (User: ) Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} y el nombre CEventSystem no puede iniciarse. [0x8007045b, Se está cerrando el sistema. ] Error: (12/24/2019 04:50:33 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (7036,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/24/2019 04:26:03 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (144,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (12/24/2019 04:15:48 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (12492,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. System errors: ============= Error: (12/24/2019 05:00:07 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-1DF3CRC) Description: No se puede iniciar un servidor DCOM: AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc!App.AppXqpex5tm0c07wf9dx3gww6zdf2gfseeyd.mca como No disponible/No disponible. Error "2147958031" al iniciar este comando: "C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe" -ServerName:App.AppXbdz14xebceycqvrazxqtnx89wn9e0ebz.mca Error: (12/24/2019 04:58:40 PM) (Source: Application Popup) (EventID: 56) (User: ) Description: ACPI5 Error: (12/24/2019 04:58:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media depende del servicio Windows Search, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio debido a un error en el inicio de sesión. Error: (12/24/2019 04:58:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio Windows Search no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio debido a un error en el inicio de sesión. Error: (12/24/2019 04:58:14 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: El servicio WSearch no se pudo iniciarse como NT AUTHORITY\SYSTEM con la contraseña configurada actualmente debido al siguiente error: Solicitud no compatible. Para asegurarte de que el servicio esté correctamente configurado, usa el complemento Servicios en Microsoft Management Console (MMC). Error: (12/24/2019 04:57:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: El servicio Servicio del iPod se terminó de manera inesperada. Esto ha sucedido 1 veces. Error: (12/24/2019 04:57:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: El servicio Intel(R) Dynamic Application Loader Host Interface Service se terminó de manera inesperada. Esto ha sucedido 1 veces. Error: (12/24/2019 04:57:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio. Windows Defender: =================================== Date: 2019-12-24 11:58:49.309 Description: El examen de Antivirus de Windows Defender se detuvo antes de completarse. Id. de examen: {B96A3CFD-EA8C-44AE-AC38-DD00887E7CB3} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM Date: 2019-12-19 19:17:13.489 Description: El examen de Antivirus de Windows Defender se detuvo antes de completarse. Id. de examen: {E9A6BF54-76F6-4024-8433-236AB54326B0} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM Date: 2019-12-12 11:16:00.438 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para más información, consulta lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0 Nombre: Trojan:Win32/Wacatac.B!ml Id.: 2147735505 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: file:_H:\YBVre\HaciendaIdRfc.exe; process:_pid:6880,ProcessStart:132206480046319308 Origen de detección: Equipo local Tipo de detección: FastPath Origen de detección: Sistema Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: Unknown Versión de inteligencia de seguridad: AV: 1.307.338.0, AS: 1.307.338.0, NIS: 1.307.338.0 Versión de motor: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2019-12-12 11:15:35.726 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para más información, consulta lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0 Nombre: Trojan:Win32/Wacatac.B!ml Id.: 2147735505 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: file:_H:\YBVre\HaciendaIdRfc.exe; process:_pid:6880,ProcessStart:132206480046319308 Origen de detección: Equipo local Tipo de detección: FastPath Origen de detección: Sistema Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: Unknown Versión de inteligencia de seguridad: AV: 1.307.338.0, AS: 1.307.338.0, NIS: 1.307.338.0 Versión de motor: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2019-11-25 10:06:44.519 Description: El examen de Antivirus de Windows Defender se detuvo antes de completarse. Id. de examen: {2ADF5FA6-8E15-4626-9DF0-CE83AF94474C} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM Date: 2019-12-12 11:15:59.750 Description: Antivirus de Windows Defender encontró un error crítico al realizar una acción en malware u otro software potencialmente no deseado. Para más información, consulta lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0 Nombre: Trojan:Win32/Wacatac.B!ml Id.: 2147735505 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: file:_H:\YBVre\HaciendaIdRfc.exe; process:_pid:6880,ProcessStart:132206480046319308 Origen de detección: Equipo local Tipo de detección: FastPath Origen de detección: Sistema Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: Unknown Acción: Cuarentena Estado de acción: No additional actions required Código de error: 0x80070020 Descripción del error: El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. Versión de inteligencia de seguridad: AV: 1.307.338.0, AS: 1.307.338.0, NIS: 1.307.338.0 Versión del motor: AM: 1.1.16600.7, NIS: 1.1.16600.7 CodeIntegrity: =================================== Date: 2019-12-24 19:30:33.966 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-24 19:30:33.963 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-24 17:00:50.593 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-12-24 17:00:50.580 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-12-24 16:58:54.366 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements. Date: 2019-12-24 10:37:23.978 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements. Date: 2019-12-24 10:37:14.883 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-24 10:37:14.880 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. F1 08/14/2015 Motherboard: Gigabyte Technology Co., Ltd. G1.SNIPER B7-CF Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz Percentage of memory in use: 44% Total physical RAM: 16336.43 MB Available physical RAM: 9142.09 MB Total Virtual: 18768.43 MB Available Virtual: 11066.33 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.16 GB) (Free:324.82 GB) NTFS Drive e: (Reservado para el sistema) (Fixed) (Total:0.61 GB) (Free:0.28 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (Barracuda) (Fixed) (Total:3725.9 GB) (Free:1593.35 GB) NTFS Drive g: () (Fixed) (Total:110.32 GB) (Free:4.24 GB) NTFS \\?\Volume{43e8b3ac-1018-4463-b0c8-27fd549043da}\ () (Fixed) (Total:0.49 GB) (Free:0.04 GB) NTFS \\?\Volume{dc16659e-0000-0000-0000-60bb1b000000}\ () (Fixed) (Total:0.86 GB) (Free:0.45 GB) NTFS \\?\Volume{2bebbf52-db2a-4f64-a08c-7b8c7f272875}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: DC16659E) Partition 1: (Active) - (Size=620 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=110.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=882 MB) - (Type=27) ==================== End of Addition.txt =======================