Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-04-2020 Ran by David (28-04-2020 17:45:15) Running from C:\Users\David\Desktop Microsoft Windows 8.1 Pro (Update) (X86) (2014-12-15 09:48:18) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4086702095-999177479-789094387-500 - Administrator - Disabled) David (S-1-5-21-4086702095-999177479-789094387-1002 - Administrator - Enabled) => C:\Users\David Guest (S-1-5-21-4086702095-999177479-789094387-501 - Limited - Enabled) Visitante (S-1-5-21-4086702095-999177479-789094387-1006 - Limited - Enabled) => C:\Users\Visitante ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBYY FineReader 9.0 Sprint (HKLM\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.15 - Adobe Systems) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.363 - Adobe) Adobe Flash Professional CS6 (HKLM\...\{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Illustrator CC 2014 (32 Bit) (HKLM\...\{8913FAF3-5BFE-45BA-AF57-67AF4BA67898}) (Version: 18.0 - Adobe Systems Incorporated) Adobe InCopy CC 2014 (32-bit) (HKLM\...\{43A0D1FA-A75A-1014-82C6-DBBD13BC0DF8}) (Version: 10.0 - Adobe Systems Incorporated) Adobe InDesign CC 2014 (32-bit) (HKLM\...\{37BEE0A4-72B9-1014-A77C-C46F3F2C3207}) (Version: 10.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2014 (32 Bit) (HKLM\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.0 - Adobe Systems Incorporated) AIMP (HKLM\...\AIMP) (Version: v4.00.1687, 18.01.2016 - AIMP DevTeam) Allavsoft 3.16.6.6899 (HKLM\...\{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}_is1) (Version: - Allavsoft Corporation) Apple Application Support (32 bits) (HKLM\...\{6CF0CAEE-54B6-4D84-A055-3AF110F189D3}) (Version: 8.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FCF68B71-B2C1-452F-A312-9293F626F964}) (Version: 13.0.0.38 - Apple Inc.) Apple Software Update (HKLM\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Asistente del gestor de contenido para PlayStation(R) (HKLM\...\{961D5D7E-3DEC-4E3B-9065-EA8074923B18}) (Version: 3.31.7643.1 - Sony Computer Entertainment Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.65 - Piriform) CCleaner Browser (HKLM\...\CCleaner Browser) (Version: 80.1.3901.165 - Piriform Software) Citrix Online Launcher (HKLM\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix) Colasoft MAC Scanner 2.3 (HKLM\...\Colasoft MAC Scanner 2.3_is1) (Version: 2.3 - Colasoft) ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper) CrystalDiskInfo 8.3.2 (32-bit) (HKLM\...\CrystalDiskInfo_is1) (Version: 8.3.2 - Crystal Dew World) DearMob iPhone Manager (HKLM\...\DearMob iPhone Manager) (Version: 3.1 - DearMob & Digiarty, Inc.) Easy 7-Zip v0.1.2 (HKLM\...\{661BB54F-5E4A-45F0-8153-DDF10C2E3FB7}_is1) (Version: 0.1.2 - James Hoo) EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print 2 (HKLM\...\{79D0F056-39DE-4FDD-83FD-1554CE2C6443}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2) Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM\...\EEPPPlugIn) (Version: - SEIKO EPSON Corporation) Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (HKLM\...\{7B7044AE-6D1F-456D-B2BA-28BFFFAF3F71}) (Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation) Epson E-Web Print (HKLM\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION) EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM\...\{FD036A57-F81D-4865-AAF0-811558EA76AE}) (Version: 4.5.1 - Seiko Epson Corporation) EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) ESET NOD32 Antivirus (HKLM\...\{EA46EBE0-1030-4EB2-9B8D-35B407FC2900}) (Version: 8.0.304.1 - ESET, spol s r. o.) EVEREST Ultimate Edition v4.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 4.50 - Lavalys, Inc.) FileZilla Client 3.24.0 (HKLM\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse) FortiClient VPN (HKLM\...\{A43400FD-C5F7-4E6D-B258-E271AB41FC93}) (Version: 6.2.6.0951 - Fortinet Technologies Inc) GetFLV 21.2168.1718 (HKLM\...\GetFLV_is1) (Version: - GetFLV, Inc.) Google Chrome (HKLM\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden HandBrake 0.10.1 (HKLM\...\HandBrake) (Version: 0.10.1 - ) HD Video Converter Factory 12.0 (HKLM\...\HD Video Converter Factory) (Version: 12.0 - WonderFox Soft, Inc.) HiSuite (HKLM\...\Hi Suite) (Version: 32.610.20.00.06 - Huawei Technologies Co.,Ltd) Hotspot Shield 6.0.4 (HKLM\...\HotspotShield) (Version: 6.0.4 - AnchorFree Inc.) Hotspot Shield 6.0.4 Embedded (HKLM\...\{AF599C42-A2E5-4251-B7EE-4925B127E98F}) (Version: 6.0.4.9836 - Buildbot) Hidden ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: * - LTR Data) Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation) Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.) IsoTools (HKLM\...\{8343C215-5D42-4F39-9774-1E07FAAFBB19}) (Version: 1.33.33.0 - 3K3Y Team) iTools 4 (HKLM\...\iTools4) (Version: 4.4.5.7 - ThinkSky Technology Co., Ltd) iTunes (HKLM\...\{75F473C0-A0E4-454E-B2A4-1417C1E1E333}) (Version: 12.10.5.12 - Apple Inc.) Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) K-Lite Mega Codec Pack 11.3.8 (HKLM\...\KLiteCodecPack_is1) (Version: 11.3.8 - ) KMSpico v9.1.0.20131125 (Beta) (HKLM\...\KMSpico_is1) (Version: 9.1.0.20131125 - ) Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes) MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info) MEmu (HKLM\...\MEmu) (Version: 7.1.3.0 - Microvirt Software Technology Co. Ltd.) Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) MKVToolNix 7.1.0 (32bit) (HKLM\...\MKVToolNix) (Version: 7.1.0 - Moritz Bunkus) Mozilla Firefox 75.0 (x86 es-ES) (HKLM\...\Mozilla Firefox 75.0 (x86 es-ES)) (Version: 75.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 75.0.0.7398 - Mozilla) Nero 2015 Content Pack (HKLM\...\{55192BC6-EDBA-4F48-A2C4-3D164E41AF55}) (Version: 16.0.00300 - Nero AG) Node.js (HKLM\...\{229CBD57-67BB-4BE8-847A-D1104CAA4BAF}) (Version: 4.5.0 - Node.js Foundation) OpenOffice 4.1.2 (HKLM\...\{74BBCD30-EB17-4909-B59F-65E0DD2B7E95}) (Version: 4.12.9782 - Apache Software Foundation) Paquete de controladores de Windows - libusb-win32 PS Vita Type B (02/23/2013 1.2.6.0) (HKLM\...\E88FB411ED92EFDB9BF3A5F94548DA4956C0D97B) (Version: 02/23/2013 1.2.6.0 - libusb-win32) Paquete de controladores de Windows - Microsoft PS Vita Type B (02/22/2013 6.1.7600.16385) (HKLM\...\A0EC80B5719D4DA4CF40C9219D7CB9CCAD6DBA40) (Version: 02/22/2013 6.1.7600.16385 - Microsoft) PDF Settings CS6 (HKLM\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden PotPlayer (HKLM\...\PotPlayer) (Version: 1.7.13963 - Kakao Corp.) Prerequisite installer (HKLM\...\{799AFA36-4EA5-4323-8689-74C06645A26B}) (Version: 16.0.0000 - Nero AG) Hidden Qcma (HKLM\...\Qcma) (Version: 0.4.0 - codestation) Qualcomm USB Drivers For Windows (HKLM\...\{D9FB7F91-9687-4B09-894D-072903CADEA4}) (Version: 1.00.25 - QUALCOMM Incorporated) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.) rebox.NET 2.9.9.3 (HKLM\...\{02846029-D5BA-4504-96B2-2BD844FE3AAF}_is1) (Version: 2.9.9.3 - clone.AD) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) Rename-It! (HKLM\...\Rename-It!) (Version: 3.42 - Beroux) Samsung Kies (HKLM\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) SD Card Formatter (HKLM\...\{A61131DC-B92D-4AD8-A925-E2D6D5FE217C}) (Version: 5.0.1 - SD Association) SDFormatter (HKLM\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association) SiDiary 6 (HKLM\...\{037F3789-E34F-4532-9BA2-88123D9C1E6E}) (Version: 6.0 - SINOVO GmbH & Co. KG) Spotify (HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB) Spotify (HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamViewer (HKLM\...\TeamViewer) (Version: 15.5.3 - TeamViewer) UltraISO Premium V9.62 (HKLM\...\UltraISO_is1) (Version: - ) Uso a distancia de PS4 (HKLM\...\{1B539C49-AC97-4FD0-83DA-A1E43F06F5AF}) (Version: 3.0.0.09250 - Sony Interactive Entertainment Inc.) VC Runtimes MSI (HKLM\...\{FF29527A-44CD-3422-945E-981A13584000}) (Version: 9.0.21022 - Microsoft) Hidden VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) WhatsApp (HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\WhatsApp) (Version: 0.4.2088 - WhatsApp) WhatsApp (HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\...\WhatsApp) (Version: 0.4.2088 - WhatsApp) Win32DiskImager version 1.0.0 (HKLM\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers) Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) Wondershare Filmora(Build 7.8.9) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software) Wondershare Helper Compact 2.5.2 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare) Xml Viewer (HKLM\...\{F58E04CD-6E76-43C8-AAF1-482225C2910E}) (Version: 3 - MindFusion Limited) XnView 2.25 (HKLM\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e) XnViewMP 0.90 (HKLM\...\XnViewMP_is1) (Version: 0.90 - Gougelet Pierre-e) Packages: ========= Bing Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.2.229_x86__8wekyb3d8bbwe [2014-03-18] (Microsoft Corporation) [MS Ad] Bing Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.233_x86__8wekyb3d8bbwe [2014-03-18] (Microsoft Corporation) [MS Ad] Deportes de Bing -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.2.233_x86__8wekyb3d8bbwe [2014-03-18] (Microsoft Corporation) [MS Ad] Finanzas de Bing -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.2.234_x86__8wekyb3d8bbwe [2014-03-18] (Microsoft Corporation) [MS Ad] Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x86__8wekyb3d8bbwe [2014-03-18] (Microsoft Corporation) [MS Ad] Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.2.705.0_x86__8wekyb3d8bbwe [2014-03-18] (Microsoft Corporation) [MS Ad] Noticias de Bing -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.2.233_x86__8wekyb3d8bbwe [2014-03-18] (Microsoft Corporation) [MS Ad] Salud y Bienestar de Bing -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.2.233_x86__8wekyb3d8bbwe [2014-03-18] (Microsoft Corporation) [MS Ad] Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_2.5.0.1005_x86__kzf8qxf38zg5c [2014-03-18] (Skype) [MS Ad] Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.2.705.0_x86__8wekyb3d8bbwe [2014-03-18] (Microsoft Corporation) [MS Ad] Време -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.2.233_x86__8wekyb3d8bbwe [2014-03-18] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4086702095-999177479-789094387-1002_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed] CustomCLSID: HKU\S-1-5-21-4086702095-999177479-789094387-1002_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed] CustomCLSID: HKU\S-1-5-21-4086702095-999177479-789094387-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation) CustomCLSID: HKU\S-1-5-21-4086702095-999177479-789094387-1002_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed] CustomCLSID: HKU\S-1-5-21-4086702095-999177479-789094387-1002_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed] CustomCLSID: HKU\S-1-5-21-4086702095-999177479-789094387-1002_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed] CustomCLSID: HKU\S-1-5-21-4086702095-999177479-789094387-1002_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed] CustomCLSID: HKU\S-1-5-21-4086702095-999177479-789094387-1002_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed] CustomCLSID: HKU\S-1-5-21-4086702095-999177479-789094387-1002_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed] CustomCLSID: HKU\S-1-5-21-4086702095-999177479-789094387-1002_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed] CustomCLSID: HKU\S-1-5-21-4086702095-999177479-789094387-1002_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed] CustomCLSID: HKU\S-1-5-21-4086702095-999177479-789094387-1002_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed] CustomCLSID: HKU\S-1-5-21-4086702095-999177479-789094387-1002_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed] CustomCLSID: HKU\S-1-5-21-4086702095-999177479-789094387-1002_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) [File not signed] ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc. -> Tonec Inc.) ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\Easy 7-Zip\7-zip.dll [2014-02-17] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP3\System\aimp_menu32.dll [2016-01-21] (Artem Izmaylov -> AIMP DevTeam) [File not signed] ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2014-10-01] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers1: [Rename-It!] -> {A64BBF5F-1250-4083-924C-B79661B75AAE} => C:\Program Files\Rename-It!\SimpleExt.dll [2005-11-17] () [File not signed] ContextMenuHandlers1: [Sprint.ExplorerIntegration] -> {6F5C0F40-1419-4DC8-8D2F-D5EC5FCF07AB} => C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Integration\SprintIntegration.dll [2009-11-25] (ABBYY SOLUTIONS LIMITED -> ABBYY) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files\Alcohol Soft\Alcohol 120\AxShlex.dll [2013-09-17] (Alcohol Soft -> Alcohol Soft Development Team) ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2014-10-01] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2014-01-02] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-27] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\Easy 7-Zip\7-zip.dll [2014-02-17] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files\AIMP3\System\aimp_menu32.dll [2016-01-21] (Artem Izmaylov -> AIMP DevTeam) [File not signed] ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2015-03-27] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers4: [Rename-It!] -> {A64BBF5F-1250-4083-924C-B79661B75AAE} => C:\Program Files\Rename-It!\SimpleExt.dll [2005-11-17] () [File not signed] ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2014-01-02] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-10-01] (Intel Corporation) [File not signed] ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2014-10-01] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-27] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2015-03-27] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2014-01-02] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [vidc.XVID] => xvidvfw.dll HKLM\...\Drivers32: [VIDC.VP80] => vp8vfw.dll ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\David\AppData\Local\Google\Chrome\User Data\Menú de aplicaciones de Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --show-app-list ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Menú de aplicaciones de Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --show-app-list ==================== Loaded Modules (Whitelisted) ============= 2005-11-17 12:34 - 2005-11-17 12:34 - 000086016 _____ () [File not signed] C:\Program Files\Rename-It!\SimpleExt.dll 2012-09-23 20:44 - 2012-09-23 20:44 - 000010240 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files\Adobe\Acrobat 11.0\Acrobat\locale\es_es\Acrobat Elements\ContextMenuShim.esp 2016-01-21 20:27 - 2016-01-21 20:27 - 001190472 _____ (Artem Izmaylov -> AIMP DevTeam) [File not signed] C:\Program Files\AIMP3\System\aimp_menu32.dll 2014-12-30 16:07 - 2014-02-17 09:53 - 000112128 _____ (Igor Pavlov) [File not signed] C:\Program Files\Easy 7-Zip\7-zip.dll 2008-04-11 11:54 - 2008-04-11 11:54 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\MSVCR71.dll 2014-12-23 22:22 - 2014-12-23 22:22 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL 2015-03-02 22:33 - 2011-08-30 13:38 - 000475496 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll 2015-03-02 22:33 - 2011-08-01 18:24 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enpres.dll 2015-09-06 12:50 - 2015-07-15 01:50 - 001375232 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TUICI4E.DLL ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData:Duplicate$Photo$Cleaner [0] AlternateDataStreams: C:\Users\All Users:Duplicate$Photo$Cleaner [0] AlternateDataStreams: C:\ProgramData\Application Data:Duplicate$Photo$Cleaner [0] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-4086702095-999177479-789094387-1002\Software\Classes\.exe: => <==== ATTENTION ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-12-15 00:56 - 2016-07-10 16:46 - 000001887 ____R C:\Windows\system32\drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 lmlicenses.wip4.adobe.com 127.0.0.1 lm.licenses.adobe.com 127.0.0.1 na1r.services.adobe.com 127.0.0.1 hlrcv.stage.adobe.com 127.0.0.1 ttoskippline.net 127.0.0.1 anchorfree.net 127.0.0.1 rss2search.com 127.0.0.1 techbrowsing.com 127.0.0.1 box.anchorfree.net 127.0.0.1 www.mefeedia.com 127.0.0.3 www.anchorfree.net 127.0.0.2 mefeedia.com 127.0.0.1 anchorfree.us 127.0.0.1 a433.com 127.0.0.1 rpt.anchorfree.net 127.0.0.1 delivery.anchorfree.us/land.php 127.0.0.1 hsselite.com 127.0.0.1 www.hsselite.com 127.0.0.1 hsselite.com/trial/step2.php 127.0.0.1 techbrowsing.com/away.php ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\nodejs\ HKU\S-1-5-21-4086702095-999177479-789094387-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img11.jpg HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img11.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. Network Binding: ============= Wi-Fi: FortiClient NDIS 6.3 Packet Filter Driver -> ft_fortifilter (enabled) Ethernet: FortiClient NDIS 6.3 Packet Filter Driver -> ft_fortifilter (enabled) Ethernet 4: FortiClient NDIS 6.3 Packet Filter Driver -> ft_fortifilter (enabled) Ethernet 3: FortiClient NDIS 6.3 Packet Filter Driver -> ft_fortifilter (enabled) Local Area Connection: FortiClient NDIS 6.3 Packet Filter Driver -> ft_fortifilter (enabled) Ethernet 2: FortiClient NDIS 6.3 Packet Filter Driver -> ft_fortifilter (enabled) Local Area Connection 3: FortiClient NDIS 6.3 Packet Filter Driver -> ft_fortifilter (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: wuauserv => 3 HKLM\...\StartupApproved\StartupFolder: => "Asistente del gestor de contenido para PlayStation(R).lnk" HKLM\...\StartupApproved\StartupFolder: => "ScpToolkit Tray Notifications.lnk" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "GrooveMonitor" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run: => "Adobe ARM" HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run: => "SwitchBoard" HKLM\...\StartupApproved\Run: => "KiesTrayAgent" HKLM\...\StartupApproved\Run: => "Jabra Direct" HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run: => "Opera Browser Assistant" HKLM\...\StartupApproved\Run: => "USB Gamepad" HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk" HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk" HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\StartupApproved\StartupFolder: => "ESet NOD32.lnk" HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19" HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\StartupApproved\Run: => "ares" HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\StartupApproved\Run: => "MegaDownloader" HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\StartupApproved\Run: => "Mobile Partner" HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\StartupApproved\Run: => "IDMan" HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\StartupApproved\Run: => "SiDiary Auto-Import" HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\StartupApproved\Run: => "CCleanerBrowserAutoLaunch_5BA5164DD8F38CE23F51EAA85BC0ACF2" HKU\S-1-5-21-4086702095-999177479-789094387-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk" HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk" HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\...\StartupApproved\StartupFolder: => "ESet NOD32.lnk" HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19" HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\...\StartupApproved\Run: => "ares" HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\...\StartupApproved\Run: => "MegaDownloader" HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\...\StartupApproved\Run: => "Mobile Partner" HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\...\StartupApproved\Run: => "IDMan" HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\...\StartupApproved\Run: => "SiDiary Auto-Import" HKU\S-1-5-21-4086702095-999177479-789094387-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04282020130659286\...\StartupApproved\Run: => "CCleanerBrowserAutoLaunch_5BA5164DD8F38CE23F51EAA85BC0ACF2" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{E54F3567-0D2E-4439-BAC8-9853006D8566}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{ED929E11-5BB9-4A4C-A8AB-FA99AE9DABAC}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{325AD6ED-0ED9-469E-810A-06DEFB6CD116}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{1A345AAC-9F8F-44AB-9A41-C08749440B60}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{88E2D21B-750B-4CAF-B400-690D45DF706C}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe FirewallRules: [UDP Query User{FF342F08-1FAA-4DFD-AAFB-EA0884128B26}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe FirewallRules: [{CA88651A-5A71-4448-BD8F-0DB285159014}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) FirewallRules: [{7E74E479-D6DD-4C4A-B520-7494F12B8DB8}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) FirewallRules: [TCP Query User{6F402F83-15AD-4425-AC54-C7E8E115BF60}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) FirewallRules: [UDP Query User{A13F1F17-E098-40DF-B557-50376DC92B8E}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) FirewallRules: [TCP Query User{06E049CC-B8A2-4697-90EB-754334E4C199}C:\program files\qcma\qcma.exe] => (Allow) C:\program files\qcma\qcma.exe () [File not signed] FirewallRules: [UDP Query User{E8ED8107-2321-4E0D-AB3D-72A5FAD6EF45}C:\program files\qcma\qcma.exe] => (Allow) C:\program files\qcma\qcma.exe () [File not signed] FirewallRules: [{9A4B6285-6939-46C5-8126-A0D2F381E8EF}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{17C04B9B-1945-4D2C-BDCD-82A9DFBDC358}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{AAA4C2D2-EF10-4A0B-BD2C-AA4016E94521}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{EB05BCA7-FCD8-49B4-9B98-07E570E523D2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{9776BC7B-3DC5-4A32-A6A7-181B32B84651}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{E5F3EA55-39C5-4BF2-A24D-A1201DB2D4BC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{148062C9-36A0-4541-A2C5-029AD00B5415}] => (Allow) LPort=1688 FirewallRules: [{431D40A7-5EC0-46F3-8B0E-47AD0F877FF5}] => (Allow) C:\Program Files\ThinkSky\iTools 4\iTools4.exe (Shenzhen Thinksky Technology Co.,Ltd -> ThinkSky Technology Inc.) FirewallRules: [{E70D1ED8-5971-40C2-8B40-1B428DE2D3CF}] => (Allow) C:\Program Files\ThinkSky\iTools 4\TSDiag.exe (Shenzhen Thinksky Technology Co.,Ltd -> ThinkSky Technology Inc.) FirewallRules: [{772DE4C8-9D4B-4195-857E-B9BD42FC708C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{4B9938D6-F913-411C-BA57-A1F392C97AFE}C:\program files\internet download manager\idman.exe] => (Block) C:\program files\internet download manager\idman.exe (Tonec Inc.) [File not signed] FirewallRules: [UDP Query User{0055ED73-A109-42FB-A56D-CB943B634AF8}C:\program files\internet download manager\idman.exe] => (Block) C:\program files\internet download manager\idman.exe (Tonec Inc.) [File not signed] FirewallRules: [TCP Query User{116082D4-D8CA-4319-8FF6-43DFEAB424F2}C:\program files\daum\potplayer\potplayermini.exe] => (Allow) C:\program files\daum\potplayer\potplayermini.exe (Kakao corp. -> Kakao) FirewallRules: [UDP Query User{5304E3C1-958F-4099-937B-4BEFEBA767C2}C:\program files\daum\potplayer\potplayermini.exe] => (Allow) C:\program files\daum\potplayer\potplayermini.exe (Kakao corp. -> Kakao) FirewallRules: [{CD9AE2F5-8BE4-4CB2-BC4F-88DD833A728C}] => (Block) C:\program files\daum\potplayer\potplayermini.exe (Kakao corp. -> Kakao) FirewallRules: [{3EF7C29E-E5F3-403E-889E-5D5E78891548}] => (Block) C:\program files\daum\potplayer\potplayermini.exe (Kakao corp. -> Kakao) FirewallRules: [{30D3A09A-DFF7-4FE2-9517-46FC86D73436}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{A5C551ED-DAA3-4D9C-B6B6-A35ABACD18FB}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{380A78D1-CAAE-45A4-92CC-FB77BD1C6262}] => (Allow) C:\Program Files\Sony\PS4 Remote Play\RemotePlay.exe (Sony Interactive Entertainment Inc. -> Sony Interactive Entertainment Inc.) FirewallRules: [TCP Query User{275BE2A9-E9B5-42C1-BB01-BAA3481AA20F}E:\emuladores\emulador de super nintendo\snemul9xw\snes9xw.exe] => (Allow) E:\emuladores\emulador de super nintendo\snemul9xw\snes9xw.exe (Gary Henderson) [File not signed] FirewallRules: [UDP Query User{38A86645-09E8-490A-91C4-9AE4141A5F08}E:\emuladores\emulador de super nintendo\snemul9xw\snes9xw.exe] => (Allow) E:\emuladores\emulador de super nintendo\snemul9xw\snes9xw.exe (Gary Henderson) [File not signed] FirewallRules: [TCP Query User{631A67CB-45EF-4C89-AAF6-87A569F11D21}E:\emuladores\emulador de super nintendo\snes9x 1.42\snes9x.exe] => (Allow) E:\emuladores\emulador de super nintendo\snes9x 1.42\snes9x.exe (Gary Henderson) [File not signed] FirewallRules: [UDP Query User{2C322F84-27A5-48DD-8ACA-8DC77B8647A2}E:\emuladores\emulador de super nintendo\snes9x 1.42\snes9x.exe] => (Allow) E:\emuladores\emulador de super nintendo\snes9x 1.42\snes9x.exe (Gary Henderson) [File not signed] FirewallRules: [TCP Query User{3D8962AC-3B6C-4B46-A530-D3212D171B65}E:\emuladores\emulador de super nintendo\snes9x-1.60\snes9x.exe] => (Allow) E:\emuladores\emulador de super nintendo\snes9x-1.60\snes9x.exe (hxxp://www.snes9x.com) [File not signed] FirewallRules: [UDP Query User{DB5921EE-BA14-4C2D-9BCA-D7A6AF528D07}E:\emuladores\emulador de super nintendo\snes9x-1.60\snes9x.exe] => (Allow) E:\emuladores\emulador de super nintendo\snes9x-1.60\snes9x.exe (hxxp://www.snes9x.com) [File not signed] FirewallRules: [{8447D52D-87E8-40D8-9EA8-9A4A3ED964DD}] => (Allow) LPort=1688 FirewallRules: [{01032877-D36B-4BC1-B16D-62E20CF92AB8}] => (Allow) C:\Program Files\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software) FirewallRules: [{96F4E97A-AA48-47CF-80D6-32C32EA5971B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{958FE259-5037-416D-AD1A-337C637F40EB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{7D274567-782A-4940-B00A-4FE7A2BE843A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{151CE0A5-9DE7-4C7D-A165-F8E7CFD31D0D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{E846B17E-A5D2-44D7-BAF2-7BA218256AE6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) ==================== Restore Points ========================= 28-04-2020 07:16:37 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============ Name: WD SES Device USB Device Description: WD SES Device USB Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ======================== Application errors: ================== Error: (04/28/2020 05:38:15 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: CCleaner Update Helper -- Error 1316. The specified account already exists. Error: (04/28/2020 04:38:16 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: CCleaner Update Helper -- Error 1316. The specified account already exists. Error: (04/28/2020 03:42:31 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: CCleaner Update Helper -- Error 1316. The specified account already exists. Error: (04/28/2020 02:40:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: Explorer.EXE, versión: 6.3.9600.17415, marca de tiempo: 0x5450367b Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x12180fef Identificador del proceso con errores: 0x138c Hora de inicio de la aplicación con errores: 0x01d61d931af4a2a0 Ruta de acceso de la aplicación con errores: C:\Windows\Explorer.EXE Ruta de acceso del módulo con errores: unknown Identificador del informe: 25bc0337-8988-11ea-97b2-c03fd5a1bd90 Nombre completo del paquete con errores: Identificador de aplicación relativa del paquete con errores: Error: (04/28/2020 02:38:17 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: CCleaner Update Helper -- Error 1316. The specified account already exists. Error: (04/28/2020 01:38:16 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: CCleaner Update Helper -- Error 1316. The specified account already exists. Error: (04/28/2020 12:38:26 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: CCleaner Update Helper -- Error 1316. The specified account already exists. Error: (04/28/2020 11:38:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: CCleaner Update Helper -- Error 1316. The specified account already exists. System errors: ============= Error: (04/28/2020 03:41:14 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Se anularon las instantáneas del volumen D: porque el almacenamiento de instantáneas no pudo crecer debido a un límite impuesto por el usuario. Error: (04/28/2020 02:52:10 PM) (Source: DCOM) (EventID: 10010) (User: DXM-PARAISO) Description: El servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} no se registró con DCOM dentro del tiempo de espera requerido. Error: (04/28/2020 02:51:40 PM) (Source: DCOM) (EventID: 10010) (User: DXM-PARAISO) Description: El servidor {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} no se registró con DCOM dentro del tiempo de espera requerido. Error: (04/28/2020 02:26:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos application-specific no concede el permiso Activation Local para la aplicación de servidor COM con CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} y APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (Using LRPC) que se ejecuta en el contenedor de aplicaciones con SID Unavailable (Unavailable). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (04/28/2020 02:10:50 PM) (Source: DCOM) (EventID: 10010) (User: DXM-PARAISO) Description: El servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} no se registró con DCOM dentro del tiempo de espera requerido. Error: (04/28/2020 02:10:19 PM) (Source: DCOM) (EventID: 10010) (User: DXM-PARAISO) Description: El servidor {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} no se registró con DCOM dentro del tiempo de espera requerido. Error: (04/28/2020 02:04:04 PM) (Source: DCOM) (EventID: 10010) (User: DXM-PARAISO) Description: El servidor {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} no se registró con DCOM dentro del tiempo de espera requerido. Error: (04/28/2020 02:03:34 PM) (Source: DCOM) (EventID: 10010) (User: DXM-PARAISO) Description: El servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} no se registró con DCOM dentro del tiempo de espera requerido. Windows Defender: =================================== Date: 2014-12-15 00:07:54.221 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070002 Error description: The system cannot find the file specified. Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2014-12-14 23:56:11.428 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070002 Error description: The system cannot find the file specified. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer. Date: 2014-12-14 23:35:04.384 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070002 Error description: The system cannot find the file specified. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer. Date: 2014-12-14 10:09:05.224 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070002 Error description: The system cannot find the file specified. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer. Date: 2014-12-14 09:55:19.979 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070002 Error description: The system cannot find the file specified. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer. CodeIntegrity: =================================== Date: 2014-12-15 00:21:29.551 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-12-15 00:14:11.014 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-12-15 00:03:11.466 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Settings Manager\smdmf\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-14 23:55:01.343 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-12-14 23:39:43.051 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Settings Manager\smdmf\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-14 23:34:45.691 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-12-14 10:08:44.421 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-12-14 10:02:19.992 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Settings Manager\smdmf\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. 4.6.5 10/01/2013 Motherboard: Cartimex H61H2-MV Processor: Intel(R) Pentium(R) CPU G2020 @ 2.90GHz Percentage of memory in use: 56% Total physical RAM: 3478.86 MB Available physical RAM: 1505.64 MB Total Virtual: 5014.86 MB Available Virtual: 2843.89 MB ==================== Drives ================================ Drive c: (SISTEMA W8.1) (Fixed) (Total:199.66 GB) (Free:75.57 GB) NTFS Drive d: (DOCUMENTOS) (Fixed) (Total:224.61 GB) (Free:34.22 GB) NTFS Drive e: (DXM TB) (Fixed) (Total:930.86 GB) (Free:92.28 GB) NTFS Drive h: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF \\?\Volume{2238fd30-843e-11e4-971c-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.13 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 0009AFA6) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=199.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=224.6 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=41.1 GB) - (Type=05) ========================================================== Disk: 1 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 000F1CFE) Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================