Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2019 Ran by usuario (29-10-2019 14:49:13) Running from C:\Users\usuario\Desktop Windows 10 Pro Version 1903 18362.418 (X64) (2019-10-08 22:19:50) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1752042819-2756060608-3822567964-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1752042819-2756060608-3822567964-503 - Limited - Disabled) Invitado (S-1-5-21-1752042819-2756060608-3822567964-501 - Limited - Disabled) usuario (S-1-5-21-1752042819-2756060608-3822567964-1001 - Administrator - Enabled) => C:\Users\usuario WDAGUtilityAccount (S-1-5-21-1752042819-2756060608-3822567964-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1752042819-2756060608-3822567964-1001\...\uTorrent) (Version: 3.5.5.45365 - BitTorrent Inc.) 4K Video Downloader 4.3 (HKLM-x32\...\{D0CA3944-0FD5-40FF-97A1-FEDFFB5EE31F}) (Version: 4.3.2.2215 - Open Media LLC) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.171 - Adobe) Adobe® Photoshop® Album Starter Edition 3.0 (HKLM-x32\...\{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}) (Version: 3.00.000 - Adobe Systems, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software) Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.74.1085 - AB Team, d.o.o.) CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform) Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden FlashCrypt for Windows (HKLM-x32\...\FlashCrypt_is1) (Version: 1.0 - FSPro Labs) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.70 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Half-Life 2 (HKU\S-1-5-21-1752042819-2756060608-3822567964-1001\...\Half-Life 2) (Version: - ) Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Honeyview (HKLM\...\Honeyview) (Version: 5.31 - Bandisoft.com) IrfanView 4.51 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.51 - Irfan Skiljan) Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation) Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1752042819-2756060608-3822567964-1001\...\OneDriveSetup.exe) (Version: 19.152.0927.0012 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation) Nero 7.10.1.0 (HKLM-x32\...\Nero7_is1) (Version: 7.10.1.0 - Nero AG) Nitro Reader 5 (HKLM\...\{42BEF461-E91D-4C9E-94A2-790D973CE971}) (Version: 5.5.9.2 - Nitro) RealDownloader (HKLM-x32\...\{E688C481-12B8-4553-8435-B05A282FBAA5}) (Version: 18.1.14.202 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.14 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.) The Klub 17 (HKU\S-1-5-21-1752042819-2756060608-3822567964-1001\...\Klub-10) (Version: 10.0.0 - Team WRK17) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden UpdateAssistant (HKLM-x32\...\{035FFC43-55D6-4F5C-BCC5-21FED122C8B4}) (Version: 1.11.0.0 - Microsoft Corporation) Hidden UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN) vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22350 - Microsoft Corporation) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) Packages: ========= Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.150.300.0_x86__kgqvnymyfvs32 [2019-10-16] (king.com) Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-27] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad] Microsoft Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-07] (Microsoft Studios) [MS Ad] MSN Deportes -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-18] (Microsoft Corporation) [MS Ad] MSN Dinero -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad] MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad] Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1752042819-2756060608-3822567964-1001_Classes\CLSID\{9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF}\InprocServer32 -> C:\Program Files\Honeyview\HVShell64.dll (Bandisoft -> Bandisoft.com) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-04] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [0HVContext] -> {9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF} => C:\Program Files\Honeyview\HVShell64.dll [2018-09-30] (Bandisoft -> Bandisoft.com) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-04] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-04] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2018-10-18] (RealNetworks, Inc. -> RealNetworks, Inc.) ContextMenuHandlers4: [0HVContext] -> {9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF} => C:\Program Files\Honeyview\HVShell64.dll [2018-09-30] (Bandisoft -> Bandisoft.com) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll -> No File ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-04] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll -> No File ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1_S-1-5-21-1752042819-2756060608-3822567964-1001: [0HVContext] -> {9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF} => C:\Program Files\Honeyview\HVShell64.dll [2018-09-30] (Bandisoft -> Bandisoft.com) ContextMenuHandlers4_S-1-5-21-1752042819-2756060608-3822567964-1001: [0HVContext] -> {9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF} => C:\Program Files\Honeyview\HVShell64.dll [2018-09-30] (Bandisoft -> Bandisoft.com) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\usuario\video games\crusades - Acceso directo.lnk -> C:\Users\usuario\video games\Age of Empires II - Crusades\crusades.bat () ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 04:24 - 2019-01-12 22:18 - 000000831 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-1752042819-2756060608-3822567964-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\usuario\AppData\Roaming\Honeyview\Wallpaper.bmp DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk" HKLM\...\StartupApproved\Run32: => "RealDownloader" HKLM\...\StartupApproved\Run32: => "TkBellExe" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "Adobe Photo Downloader" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-1752042819-2756060608-3822567964-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-1752042819-2756060608-3822567964-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-1752042819-2756060608-3822567964-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1752042819-2756060608-3822567964-1001\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-1752042819-2756060608-3822567964-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{9E47E849-4287-4D58-A1A8-6D5EB36C6866}C:\users\usuario\documents\ukuyol\downloads\call of duty\codmp.exe] => (Block) C:\users\usuario\documents\ukuyol\downloads\call of duty\codmp.exe No File FirewallRules: [TCP Query User{C3BB3DB7-8832-4CB3-87A0-DDD7A71188FD}C:\users\usuario\documents\ukuyol\downloads\call of duty\codmp.exe] => (Block) C:\users\usuario\documents\ukuyol\downloads\call of duty\codmp.exe No File FirewallRules: [{36A1110E-58AD-45EA-BE1E-FABF16ECD944}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{F6FAF685-F427-4605-AE47-8BFBA960B6DD}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [UDP Query User{5827C16E-87D3-4A82-A841-E1885C3B5349}C:\users\usuario\desktop\battlefield 2 demo\bf2_w32ded.exe] => (Block) C:\users\usuario\desktop\battlefield 2 demo\bf2_w32ded.exe No File FirewallRules: [TCP Query User{841BCF0B-F82D-4FAF-B10C-D43C57BB5487}C:\users\usuario\desktop\battlefield 2 demo\bf2_w32ded.exe] => (Block) C:\users\usuario\desktop\battlefield 2 demo\bf2_w32ded.exe No File FirewallRules: [UDP Query User{1097B3ED-F4D0-42B1-977A-A2FE32265D6B}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{6D6C681C-2655-4DF3-830A-9FFCB3E306BA}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{31B75100-7256-486F-9A5B-F22628BAED16}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.) FirewallRules: [UDP Query User{78B155D5-F3AE-41A2-8153-693C0496E3AC}C:\users\usuario\video games\age of empires ii [dlc tutoriales]\age2_x1.exe] => (Block) C:\users\usuario\video games\age of empires ii [dlc tutoriales]\age2_x1.exe (Microsoft Corporation) [File not signed] FirewallRules: [TCP Query User{D37436DA-208A-4221-8866-F2DFD6DFBF17}C:\users\usuario\video games\age of empires ii [dlc tutoriales]\age2_x1.exe] => (Block) C:\users\usuario\video games\age of empires ii [dlc tutoriales]\age2_x1.exe (Microsoft Corporation) [File not signed] FirewallRules: [{F368CF82-3076-4976-87BC-47A9D6918804}] => (Allow) C:\Users\usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{6B878C79-BC71-474A-827D-35EB6DBD162F}] => (Allow) C:\Users\usuario\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{F8673519-3D89-462A-AD7B-651E679D6C6B}C:\users\usuario\video games\half-life\hl.exe] => (Block) C:\users\usuario\video games\half-life\hl.exe No File FirewallRules: [TCP Query User{BBBCE8DB-6DC4-4449-BD86-B8092F0B1207}C:\users\usuario\video games\half-life\hl.exe] => (Block) C:\users\usuario\video games\half-life\hl.exe No File FirewallRules: [TCP Query User{0C65704F-1E21-44E2-BD6F-D8071073AC44}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{676D1BFB-1EE3-4573-9056-4266FC2B5E2C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{18958F51-164B-43EA-84B9-339ABB3E2F44}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ Name: Mouse PS/2 de Microsoft Description: Mouse PS/2 de Microsoft Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ======================== Application errors: ================== Error: (10/29/2019 03:00:01 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (8332,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/29/2019 02:51:20 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (4824,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/29/2019 01:49:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: svchost.exe, versión: 10.0.18362.1, marca de tiempo: 0x32d6c210 Nombre del módulo con errores: wpnuserservice.dll, versión: 10.0.18362.1, marca de tiempo: 0xea13e855 Código de excepción: 0xc0000409 Desplazamiento de errores: 0x0000000000008596 Identificador del proceso con errores: 0xe50 Hora de inicio de la aplicación con errores: 0x01d58de593d34e1e Ruta de acceso de la aplicación con errores: C:\WINDOWS\system32\svchost.exe Ruta de acceso del módulo con errores: c:\windows\system32\wpnuserservice.dll Identificador del informe: 28e99908-adf7-4c9c-81b7-b703b5a19741 Nombre completo del paquete con errores: Identificador de aplicación relativa del paquete con errores: Error: (10/29/2019 01:43:11 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (2576,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/29/2019 01:25:13 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (6136,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (10/29/2019 01:12:25 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (6544,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) al abrir un archivo de registro C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. System errors: ============= Error: (10/29/2019 01:49:31 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M9LJ9AB) Description: El servidor Microsoft.YourPhone_1.19092.403.0_x64__8wekyb3d8bbwe!App.AppXvctmff39365zg14pgmystcwtys462fpa.mca no se registró con DCOM dentro del tiempo de espera requerido. CodeIntegrity: =================================== Date: 2019-10-29 14:29:24.729 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-10-29 14:21:29.069 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-10-29 14:21:29.052 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-10-29 14:21:28.993 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-10-29 14:21:28.977 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-10-29 14:21:23.824 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-10-28 20:37:29.822 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2019-10-28 20:27:27.493 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. 080015 05/03/2011 Motherboard: BIOSTAR Group G41D3+ Processor: Intel(R) Celeron(R) CPU E3400 @ 2.60GHz Percentage of memory in use: 89% Total physical RAM: 2013.24 MB Available physical RAM: 219.48 MB Total Virtual: 5597.24 MB Available Virtual: 2704.38 MB ==================== Drives ================================ Drive c: (Disco_Local) (Fixed) (Total:291.66 GB) (Free:100.61 GB) NTFS ==>[system with boot components (obtained from drive)] Drive i: (14 nov 2014) (CDROM) (Total:2.32 GB) (Free:0 GB) UDF \\?\Volume{510949cc-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS \\?\Volume{510949cc-0000-0000-0000-500600000000}\ (Recovery) (Fixed) (Total:5.86 GB) (Free:1.46 GB) NTFS \\?\Volume{510949cc-0000-0000-0000-50674a000000}\ () (Fixed) (Total:0.47 GB) (Free:0.04 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 510949CC) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=5.9 GB) - (Type=27) Partition 3: (Not Active) - (Size=291.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=486 MB) - (Type=27) ==================== End of Addition.txt =======================