Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2019
Ran by javier (10-12-2019 17:07:58)
Running from C:\Users\javier\Downloads
Windows 10 Enterprise Version 1903 18362.476 (X64) (2019-09-03 14:57:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-174672074-1527293782-3393422463-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-174672074-1527293782-3393422463-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-174672074-1527293782-3393422463-1000 - Limited - Disabled) => C:\Users\defaultuser0
Invitado (S-1-5-21-174672074-1527293782-3393422463-501 - Limited - Disabled)
javier (S-1-5-21-174672074-1527293782-3393422463-1001 - Administrator - Enabled) => C:\Users\javier
WDAGUtilityAccount (S-1-5-21-174672074-1527293782-3393422463-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Panda Dome (Disabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Dome (Enabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-174672074-1527293782-3393422463-1001\...\uTorrent) (Version: 3.5.5.45341 - BitTorrent Inc.)
Allavsoft 3.16.1.6790 (HKLM-x32\...\{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}_is1) (Version:  - Allavsoft Corporation)
AllToMP3 0.3.11 (HKU\S-1-5-21-174672074-1527293782-3393422463-1001\...\c7605133-1e88-50dc-a31b-c14ca85089b6) (Version: 0.3.11 - Basile Bruneau)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.1.3 - Electronic Arts, Inc.)
Assassin's Creed Unity (HKLM-x32\...\Uplay Install 720) (Version:  - Ubisoft)
aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
AutoFirma (HKLM-x32\...\AutoFirma) (Version: 1.6.5 - Gobierno de España)
CPUID HWMonitor 1.40 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.40 - CPUID, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
Epic Games Launcher (HKLM-x32\...\{8B0EE26B-3CDC-4EF1-9002-F2C8EC767635}) (Version: 1.1.163.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.7.0.29455 - Foxit Software Inc.)
Free Video Joiner (HKLM-x32\...\{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1) (Version:  - FreeVideoJoiner.com)
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1909.12.0.1236 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.2.6.1027 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{c6de84fd-ece7-4c2a-9f06-8cabe7ab79a0}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Java(TM) SE Development Kit 13.0.1 (64-bit) (HKLM\...\{02E6B6AF-D69D-5191-9D34-7E11D4AC952C}) (Version: 13.0.1.0 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-174672074-1527293782-3393422463-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-174672074-1527293782-3393422463-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.37.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 65.0 (x64 es-ES) (HKLM\...\Mozilla Firefox 65.0 (x64 es-ES)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.2 - Mozilla)
NVIDIA Controlador de audio HD 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 432.00 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.56.33908 - Electronic Arts, Inc.)
Panda Devices Agent (HKLM-x32\...\{DB0164A2-ADE9-4FEE-B080-D506BDD6427F}) (Version: 1.08.09 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.09 - Panda Security) Hidden
Panda Dome (HKLM\...\{DC22166B-6F26-4E2E-BFDE-CC3578246940}) (Version: 9.13.00 - Panda Security) Hidden
Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.06.00.0000 - Panda Security)
Panel de control de NVIDIA 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 432.00 - NVIDIA Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8258 - Realtek Semiconductor Corp.)
SageThumbs 2.0.0.23 (HKLM\...\SageThumbs) (Version: 2.0.0.23 - Cherubic Software)
SecureRecovery for Photos 1.0.44246.2 (HKLM-x32\...\{A1A022BA-6A7B-4352-AF72-6823D0C4B583}) (Version: 1.0.44246.2 - SecureData, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{ffddf9dd-c47f-453a-92f5-ac6c98af8b5b}) (Version: 10.1.17968.8131 - Intel(R) Corporation)
Spotify (HKU\S-1-5-21-174672074-1527293782-3393422463-1001\...\Spotify) (Version: 1.1.21.1654.g282a2807 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellar Photo Recovery Standard (HKLM-x32\...\Stellar Photo Recovery Standard_is1) (Version: 9.0.0.0 - Stellar Information Technology Pvt Ltd.)
Telegram Desktop version 1.8.2 (HKU\S-1-5-21-174672074-1527293782-3393422463-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.2 - Telegram FZ-LLC)
Unlocker 1.9.0 (HKLM-x32\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{A951B9A0-13C0-4A4B-8E04-3CCF05701086}) (Version: 2.47.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 85.1 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Web Companion (HKLM-x32\...\{6c03ae04-5397-4fb8-a625-93e474a8e484}) (Version: 4.9.2159.4024 - Lavasoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 7.1.21-0 - Bitnami)

Packages:
=========
Baffin Island Expedition by Will Christiansen -> C:\Program Files\WindowsApps\Microsoft.BaffinIslandExpeditionbyWillChristiansen_1.0.0.0_neutral__8wekyb3d8bbwe [2019-09-03] (Microsoft Corporation)
Complemento de Fotos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-10-27] (Microsoft Corporation)
Complemento de motor del medio de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-28] (Microsoft Corporation)
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20276.0_x64__8wekyb3d8bbwe [2019-11-27] (Microsoft Corporation) [MS Ad]
Flite Radio -> C:\Program Files\WindowsApps\46732Fildo.FliteRadio_0.7.1.0_x64__b5am84vbh3tby [2019-10-19] (Fildo)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-05] (Microsoft Corporation) [MS Ad]
MSN El Tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-24] (Microsoft Corporation) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.137.0_x64__dt26b99r8h8gj [2018-10-14] (Realtek Semiconductor Corp)
SoundCloud for Windows (Beta) -> C:\Program Files\WindowsApps\SoundcloudLtd.SoundCloudforWindowsBeta_1.1.36.0_x64__2xc63xn306dnw [2019-07-11] (Soundcloud Ltd.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [SageThumbs] -> {4A34B3E3-F50E-4FF6-8979-7E4176466FF2} => C:\Program Files (x86)\SageThumbs\64\SageThumbs.dll [2017-05-09] (CherubicSoft) [File not signed]
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3-x32: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files (x86)\Unlocker\UnlockerCOM.dll [2010-07-04] () [File not signed]
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2018-05-30] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6-x32: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files (x86)\Unlocker\UnlockerCOM.dll [2010-07-04] () [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\javier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2010-07-04 22:32 - 2010-07-04 22:32 - 000004608 _____ () [File not signed] C:\Program Files (x86)\Unlocker\UnlockerHook.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [486]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <==== ATTENTION

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-174672074-1527293782-3393422463-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-174672074-1527293782-3393422463-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2019-05-28 17:26 - 000002056 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 adclick.g.doubleclick.net
0.0.0.0 adeventtracker.spotify.com
0.0.0.0 ads-fa.spotify.com
0.0.0.0 analytics.spotify.com
0.0.0.0 audio2.spotify.com
0.0.0.0 b.scorecardresearch.com
0.0.0.0 bounceexchange.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 content.bitsontherun.com
0.0.0.0 core.insightexpressai.com
0.0.0.0 crashdump.spotify.com
0.0.0.0 d2gi7ultltnc2u.cloudfront.net
0.0.0.0 d3rt1990lpmkn.cloudfront.net
0.0.0.0 desktop.spotify.com
0.0.0.0 doubleclick.net
0.0.0.0 ds.serving-sys.com
0.0.0.0 googleadservices.com
0.0.0.0 googleads.g.doubleclick.net
0.0.0.0 gtssl2-ocsp.geotrust.com
0.0.0.0 js.moatads.com
0.0.0.0 log.spotify.com
0.0.0.0 media-match.com
0.0.0.0 omaze.com
0.0.0.0 open.spotify.com
0.0.0.0 pagead46.l.doubleclick.net
0.0.0.0 pagead2.googlesyndication.com
0.0.0.0 partner.googleadservices.com
0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 redirector.gvt1.com
0.0.0.0 s0.2mdn.net

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-174672074-1527293782-3393422463-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\javier\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 80.58.61.250 - 80.58.61.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-174672074-1527293782-3393422463-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-174672074-1527293782-3393422463-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-174672074-1527293782-3393422463-1001\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{C4C99080-7764-477A-B729-EAD6003133B4}C:\users\javier\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\javier\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{CA0B19D9-00EE-4F65-A8E5-8244F2E764E5}C:\users\javier\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\javier\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{B13B7E8A-08AD-427C-8DD9-1528C6AF6EA2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{E0B9E9E0-4E77-4262-A78D-FAB1140ADE35}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{C44E4416-BF00-4B64-AAA1-2D2B20C7543F}C:\users\javier\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\javier\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{90BC5853-60F8-42B5-978A-61B3FF6C4BBF}C:\users\javier\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\javier\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{2BADBECA-945D-4092-B959-1F419212D9E5}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{CA055336-3CFD-4AFC-B9B1-4CC364835501}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{88106902-AD70-4EAC-A2B6-34784B7D90A1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{41485FB1-26E9-41C6-95CE-D22675C64BDE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F52236BD-8DC7-45D2-B619-DB6A36B9F604}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{44E3CC34-695E-4FF3-A788-6F90B85CB751}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{6FE4ADFE-8C43-4FA8-9CE2-E09E36CFD6F3}] => (Allow) C:\Users\javier\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{5F72D161-E6C4-4224-86D0-5E106DF704A1}] => (Allow) C:\Users\javier\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{31BA2823-943C-4A5E-9347-0112ED4B8EA2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{77A7E232-4738-4680-8D15-D5CCD92EDDAC}] => (Allow) LPort=2869
FirewallRules: [{DFA04AC3-7AC7-495B-A2DE-C4936F7F03DB}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{9A05C8FF-77D6-4602-8B67-60950B4EBA35}C:\program files\autofirma\autofirma\jre\bin\javaw.exe] => (Allow) C:\program files\autofirma\autofirma\jre\bin\javaw.exe
FirewallRules: [UDP Query User{66E246F6-BE87-4537-AA0A-EF00E1D23A13}C:\program files\autofirma\autofirma\jre\bin\javaw.exe] => (Allow) C:\program files\autofirma\autofirma\jre\bin\javaw.exe
FirewallRules: [{FEF93632-3446-4F76-86B2-E5252CCDF05F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

17-11-2019 11:30:20 Installed HP USB Disk Storage Format Tool
24-11-2019 20:26:32 Punto de control programado
27-11-2019 16:57:16 Installed Java(TM) SE Development Kit 13.0.1 (64-bit)
08-12-2019 14:28:53 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/10/2019 04:59:50 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center no pudo validar al autor de la llamada con el error %1.

Error: (12/10/2019 04:54:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007000D
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/10/2019 04:54:57 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0x8007000D
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (12/10/2019 04:54:28 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center no pudo validar al autor de la llamada con el error %1.

Error: (12/10/2019 04:54:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: svchost.exe_stisvc, versión: 10.0.18362.1, marca de tiempo: 0x32d6c210
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000000000
Identificador del proceso con errores: 0xfa0
Hora de inicio de la aplicación con errores: 0x01d5af720b64d788
Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\svchost.exe
Ruta de acceso del módulo con errores: unknown
Identificador del informe: f5c82500-f748-40b3-a1b5-041dd3801e90
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (12/10/2019 04:42:53 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: El tamaño del búfer necesario es mayor que el tamaño del búfer que se llevó a la función Collect del archivo DLL del contador extensible "C:\Windows\System32\perfts.dll" del servicio "LSM". El tamaño del búfer indicado era 21360 y el tamaño necesario es 33960.

Error: (12/10/2019 04:42:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/10/2019 04:42:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Error de la activación de licencia (slui.exe) con el siguiente código:
hr=0xC004F074
Argumentos de línea de comandos:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=TimerEvent


System errors:
=============
Error: (12/10/2019 04:54:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Adquisición de imágenes de Windows (WIA) se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (12/10/2019 04:54:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Origin Web Helper Service no pudo iniciarse debido al siguiente error: 
El servicio no respondió a tiempo a la solicitud de inicio o de control.

Error: (12/10/2019 04:54:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Se agotó el tiempo de espera (45000 ms) para la conexión con el servicio Origin Web Helper Service.

Error: (12/10/2019 04:52:58 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-CPEV8US)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/10/2019 04:52:39 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-CPEV8US)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/10/2019 04:52:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: El servicio ESET Uninstaller Service ha sido marcado como servicio interactivo. Sin embargo, el sistema está configurado para no permitir servicios interactivos. Este servicio puede tener un funcionamiento incorrecto.

Error: (12/10/2019 04:51:37 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-CPEV8US)
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "No disponible" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/10/2019 04:51:36 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-CPEV8US)
Description: Error de DCOM "1084" al intentar iniciar el servicio netprofm con argumentos "No disponible" para ejecutar el servidor:
{A47979D2-C419-11D9-A5B4-001185AD2B89}


Windows Defender:
===================================
Date: 2019-12-10 17:04:19.910
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: containerfile:_C:\Users\javier\Downloads\MTK.v2.5.2\Microsoft Toolkit.exe; file:_C:\Users\javier\Downloads\MTK.v2.5.2\Microsoft Toolkit.exe->[SAResource]->[MSILRES:?.?.resources]
Origen de detección: Equipo local
Tipo de detección: Concreto
Origen de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
Versión de inteligencia de seguridad: AV: 1.307.204.0, AS: 1.307.204.0, NIS: 1.307.204.0
Versión de motor: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2019-12-10 17:04:15.347
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Users\javier\Downloads\MTK.v2.5.2\Microsoft Toolkit.exe->[SAResource]->[MSILRES:?.?.resources]
Origen de detección: Equipo local
Tipo de detección: Concreto
Origen de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
Versión de inteligencia de seguridad: AV: 1.307.204.0, AS: 1.307.204.0, NIS: 1.307.204.0
Versión de motor: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2019-12-10 17:00:58.819
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Windows\AutoKMS\AutoKMS.exe; file:_C:\WINDOWS\System32\Tasks\AutoKMS->(UTF-16LE); file:_C:\WINDOWS\Tasks\AutoKMS.job; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEC01F6D-8FFF-4389-B255-D55B6B7A8D39}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS; taskscheduler:_C:\WINDOWS\System32\Tasks\AutoKMS; taskscheduler:_C:\WINDOWS\Tasks\AutoKMS.job
Origen de detección: Equipo local
Tipo de detección: Concreto
Origen de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de inteligencia de seguridad: AV: 1.305.1949.0, AS: 1.305.1949.0, NIS: 1.305.1949.0
Versión de motor: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-13 12:28:17.879
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Windows\AutoKMS\AutoKMS.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Origen de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de inteligencia de seguridad: AV: 1.305.1949.0, AS: 1.305.1949.0, NIS: 1.305.1949.0
Versión de motor: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-13 11:39:26.776
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Windows\AutoKMS\AutoKMS.exe
Origen de detección: Equipo local
Tipo de detección: Concreto
Origen de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de inteligencia de seguridad: AV: 1.305.1949.0, AS: 1.305.1949.0, NIS: 1.305.1949.0
Versión de motor: AM: 1.1.16500.1, NIS: 1.1.16500.1

CodeIntegrity:
===================================

Date: 2019-11-21 15:14:23.616
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-11-21 15:14:23.269
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-11-21 15:14:22.770
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-11-21 15:14:22.338
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-11-21 15:14:21.860
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-11-21 15:14:21.403
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-11-21 15:14:19.412
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-11-21 15:14:19.070
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 2.90 04/02/2019
Motherboard: Micro-Star International Co., Ltd. Z370-A PRO (MS-7B48)
Processor: Intel(R) Core(TM) i5-8600K CPU @ 3.60GHz
Percentage of memory in use: 63%
Total physical RAM: 8134.22 MB
Available physical RAM: 2947.08 MB
Total Virtual: 9414.22 MB
Available Virtual: 2159.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.55 GB) (Free:549.76 GB) NTFS

\\?\Volume{9440ac11-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
\\?\Volume{9440ac11-0000-0000-0000-d0c2e8000000}\ () (Fixed) (Total:0.47 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 9440AC11)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=478 MB) - (Type=27)

==================== End of Addition.txt =======================