Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-08-2019 Ran by Guillermo (18-08-2019 00:15:29) Running from C:\Users\Guillermo\Desktop Microsoft Windows 8.1 Pro (Update) (X86) (2019-05-03 04:19:12) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-2344977295-613302307-1633760338-500 - Administrator - Disabled) Guillermo (S-1-5-21-2344977295-613302307-1633760338-1001 - Administrator - Enabled) => C:\Users\Guillermo Invitado (S-1-5-21-2344977295-613302307-1633760338-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: ESET Security (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} AS: ESET Security (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) "Nero SoundTrax Help (HKLM\...\{B96C2601-52F5-4D5D-816A-63469EA311EF}) (Version: 4.0.15.0 - Nero AG) Hidden Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.18 - Adobe Systems) Advertising Center (HKLM\...\{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}) (Version: 0.0.0.1 - Nero AG) Hidden AIMP (HKLM\...\AIMP) (Version: v4.60.2137 RC 1, 18.07.2019 - AIMP DevTeam) Ashampoo Burning Studio 20 (HKLM\...\{91B33C97-155F-C10C-D4D6-CABA03805EE4}_is1) (Version: 20.0.4 - Ashampoo GmbH & Co. KG) aTube Catcher versión 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Auslogics Driver Updater (HKLM\...\{23BB1B18-3537-48F7-BEF7-42BC65DBF993}_is1) (Version: 1.21.2.0 - Auslogics Labs Pty Ltd) CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform) ConvertXtoDVD 3.0.0.7 (HKLM\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.0.0.7 - ) Corel Graphics - Windows Shell Extension (HKLM\...\_{B865FDD4-E96E-4166-BB69-6E8C207E3E29}) (Version: 17.0.0.491 - Corel Corporation) Corel Graphics - Windows Shell Extension (HKLM\...\{B865FDD4-E96E-4166-BB69-6E8C207E3E29}) (Version: 17.0.491 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Capture (HKLM\...\{5D0275EA-F3CE-450A-A5A3-F852E30CA46F}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Common (HKLM\...\{994F3055-8433-46A7-8E1F-6CC7B68B01F0}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Connect (HKLM\...\{EFB8E269-0619-475B-8C5B-96F98551AA33}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Custom Data (HKLM\...\{84749C5C-FA80-4779-BD96-544165A8CD31}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Draw (HKLM\...\{30FAE453-9F77-4F70-928E-042BEF00D011}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - ES (HKLM\...\{168EC2AB-9458-40F7-9C2B-424EFE565CE3}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Filters (HKLM\...\{8DADD35F-49CE-4D18-AE6D-135DD150E74F}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - FontNav (HKLM\...\{7F5DE3F2-5865-4D4A-89D1-AAEFE1F96E50}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM Content (HKLM\...\{657EAD32-8E7A-43C0-A794-3BB31B00DC34}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM T (HKLM\...\{D29A4F85-0FB7-4E54-B591-044652C4295F}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - PHOTO-PAINT (HKLM\...\{0A0143FF-ECB5-4960-A2E0-DC3150ABBBE0}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Photozoom Plugin (HKLM\...\{950055ED-DC61-4874-8EDB-E5CDE1D218CD}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Redist (HKLM\...\{F3286FA3-DF68-4948-8D1D-ED3A539077B3}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Setup Files (HKLM\...\{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VBA (HKLM\...\{877522BE-A318-4603-9B00-DF319C6FA2B1}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VideoBrowser (HKLM\...\{4C614BD3-607E-4289-BB51-4D87EC7BBD62}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Writing Tools (HKLM\...\{246FE426-2661-4DD6-9603-DF2E6832387C}) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 (HKLM\...\_{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.0.0.491 - Corel Corporation) CorelDRAW Graphics Suite X7 (HKLM\...\{08A60D9D-C206-46BF-9602-1F2616878CF7}) (Version: 17.0 - Corel Corporation) Hidden CyberLink PowerDVD 17 (HKLM\...\{D15BFD7F-6BBA-49A7-A6B1-14C00DCA6842}) (Version: 17.0.1523.60 - CyberLink Corp.) DolbyFiles (HKLM\...\{56BE5CC9-95E6-4128-ABEA-968414CA9C80}) (Version: 2.0 - Nero AG) Hidden Driver Booster (HKLM\...\IObit Driver Booster Pro 6.6.0.455) (Version: - ) EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden ESET Security (HKLM\...\{B28F21B5-FBAB-4243-A1DC-CDF31109E5CF}) (Version: 12.2.23.0 - ESET, spol. s r.o.) Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Free Rar Password Recovery versión 1.5.8.8 (HKLM\...\{AmazingRarPasswordRecovery}_is1) (Version: 1.5.8.8 - www.Amazing-Share.com) Frp HiJacker by Hagard version 1.0 (HKLM\...\{380B9CC0-79B1-4E93-A69A-D1D6E0E3C90B}_is1) (Version: 1.0 - Gsmhagard) Hear (HKLM\...\{4E341B88-61A8-4C28-A3F0-9021898AD3C2}_is1) (Version: - Prosoft) Imagenomic Noiseware 5.0.2 Plug-in (build 5020) (HKLM\...\ImagenomicNoisewarePlugin) (Version: - ) Imagenomic Realgrain 2.0 Plug-in (build 2001) (HKLM\...\ImagenomicRealgrainPlugin) (Version: - ) ImagXpress (HKLM\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.4.0 - LIGHTNING UK!) Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Menu Templates - Starter Kit (HKLM\...\{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}) (Version: 9.0.4.0 - Nero AG) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Movie Templates - Starter Kit (HKLM\...\{BCD82AB5-670D-4242-90FA-1F97103C16CD}) (Version: 9.0.4.0 - Nero AG) Hidden Mozilla Firefox 68.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x86 en-US)) (Version: 68.0.1 - Mozilla) Nitro Pro (HKLM\...\{19B126B9-A1A9-4D5A-91CE-7C34CB76C72E}) (Version: 11.0.3.173 - Nitro) OpenAL (HKLM\...\OpenAL) (Version: - ) Opera Stable 62.0.3331.116 (HKU\S-1-5-21-2344977295-613302307-1633760338-1001\...\Opera 62.0.3331.116) (Version: 62.0.3331.116 - Opera Software) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Paquete de controladores de Windows - Realtek (RTL8168) Net (12/23/2016 8.050.1223.2016) (HKLM\...\25B850C390EE0AEF65B9928B5BF5C6FBE0996E03) (Version: 12/23/2016 8.050.1223.2016 - Realtek) Photoshop CS5 Extended 12.0 (HKLM\...\Photoshop CS5 Extended 12.0) (Version: - ) PSD Codec by Ardfry Imaging, LLC (32 bit) (HKLM\...\{830CBF47-6ED5-428C-82F3-4E05469D3BC7}) (Version: 1.0.7.0 - Ardfry Imaging, LLC) Hidden PSD CODEC Version 1.4.0.0 (HKLM\...\Ardfry PSD CODEC_is1) (Version: 1.4.0.0 - Ardfry Imaging, LLC) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden SoundTrax (HKLM\...\{3097B151-1F61-4211-A4CC-D70127B226AE}) (Version: 4.0.18.0 - Nero AG) Hidden Stardock Start8 (HKLM\...\Start8_is1) (Version: 1.56 - Stardock Software, Inc.) System Mechanic (HKLM\...\{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 18.5.1.208 - iolo technologies, LLC) ThumbView_Lite 1.0 (HKLM\...\ThumbView_Lite 1.0) (Version: - ) WinRAR 5.71 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.) Zuma Deluxe RA (HKLM\...\Zuma Deluxe RA) (Version: - ) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Packages: ========= Juegos -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x86__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad] MSN Deportes -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.212_x86__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad] MSN Dinero -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.212_x86__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad] MSN El Tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.336_x86__8wekyb3d8bbwe [2019-08-12] (Microsoft Corporation) [MS Ad] MSN Noticias -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.213_x86__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad] MSN Recetas -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.212_x86__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad] MSN Salud -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.212_x86__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad] MSN Viajes -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.212_x86__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad] Música -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.320.0_x86__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad] Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c [2014-11-21] (Skype) [MS Ad] Vídeo -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.344.0_x86__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [$PowerDVD] -> {E72C61D0-C453-42BA-84C9-88AEE3DEE676} => C:\ProgramData\CyberLink\PowerDVD17\OpenWith\PDVD_Shell.dll [2017-03-20] (CyberLink Corp. -> CyberLink Corp.) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [2008-09-29] (Nero AG -> Nero AG) ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-06-21] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files\Phoenix360\System Mechanic\x86\Incinerator.dll [2018-12-14] (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC) ContextMenuHandlers1: [NPShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 11\NPShellExtension.dll [2017-03-09] (Nitro Software, Inc. -> Nitro PDF) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files\Alcohol Soft\Alcohol 120\AxShlex.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team) ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-06-21] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files\Phoenix360\System Mechanic\x86\Incinerator.dll [2018-12-14] (IOLO TECHNOLOGIES, LLC -> iolo technologies, LLC) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-06-21] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2012-09-23 20:44 - 2012-09-23 20:44 - 000010240 _____ () [File not signed] C:\Program Files\Adobe\Acrobat 11.0\Acrobat\locale\es_es\acrotray.esp 2019-05-02 23:29 - 2017-02-22 22:36 - 000093696 _____ () [File not signed] C:\Program Files\CyberLink\PowerDVD17\Common\Koan\_ctypes.pyd 2019-05-02 23:29 - 2017-01-11 21:47 - 001044992 _____ () [File not signed] C:\Program Files\CyberLink\PowerDVD17\Common\Koan\_hashlib.pyd 2019-05-02 23:29 - 2017-01-11 21:44 - 000028160 _____ () [File not signed] C:\Program Files\CyberLink\PowerDVD17\Common\Koan\_multiprocessing.pyd 2019-05-02 23:29 - 2017-01-11 21:47 - 000047104 _____ () [File not signed] C:\Program Files\CyberLink\PowerDVD17\Common\Koan\_socket.pyd 2019-05-02 23:29 - 2017-01-11 21:47 - 001465856 _____ () [File not signed] C:\Program Files\CyberLink\PowerDVD17\Common\Koan\_ssl.pyd 2019-05-02 23:32 - 2017-01-03 03:20 - 000541683 _____ () [File not signed] C:\Program Files\CyberLink\PowerDVD17\Kernel\DMS\sqlite3.dll 2012-09-23 20:44 - 2012-09-23 20:44 - 000010240 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files\Adobe\Acrobat 11.0\Acrobat\locale\es_es\Acrobat Elements\ContextMenuShim.esp 2019-05-03 00:12 - 2019-05-03 00:12 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL 2019-05-02 23:29 - 2017-01-11 21:43 - 002745344 _____ (Python Software Foundation) [File not signed] C:\Program Files\CyberLink\PowerDVD17\Common\koan\python27.dll 2019-05-07 19:24 - 2015-08-07 16:48 - 001264960 _____ (Stardock Corporation -> Stardock Software, Inc) [File not signed] C:\Program Files\Stardock\Start8\Start8_32.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 01:13 - 2019-08-16 21:21 - 000001713 ____R C:\Windows\system32\drivers\etc\hosts 127.0.0.1 svc.iolo.com 127.0.0.1 216.246.89.93 127.0.0.1 2.20.235.247 127.0.0.1 216.58.214.40 127.0.0.1 151.101.12.143 127.0.0.1 66.117.29.4 127.0.0.1 63.140.41.167 127.0.0.1 13.80.12.54 127.0.0.1 239.255.255.250 127.0.0.1 23.74.204.49 127.0.0.1 2.20.235.247 127.0.0.1 216.58.214.40 127.0.0.1 151.101.12.143 127.0.0.1 66.117.29.4 127.0.0.1 63.140.41.167 127.0.0.1 13.80.12.54 127.0.0.1 239.255.255.250 127.0.0.1 23.74.204.49 127.0.0.1 2.20.235.247 127.0.0.1 216.58.214.40 127.0.0.1 151.101.12.143 127.0.0.1 66.117.29.4 127.0.0.1 63.140.41.167 127.0.0.1 13.80.12.54 127.0.0.1 239.255.255.250 127.0.0.1 activation.easeus.com 127.0.0.1 track.easeus.com 127.0.0.1 66.39.112.91 127.0.0.1 216.92.151.227 127.0.0.1 216.92.61.7 ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2344977295-613302307-1633760338-1001\Control Panel\Desktop\\Wallpaper -> D:\3-Principios-Para-Lograr-el-Éxito-en-Tu-Vida.jpg DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: NitroDriverReadSpool11 => 2 MSCONFIG\Services: NitroUpdateService => 2 HKU\S-1-5-21-2344977295-613302307-1633760338-1001\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2920E734-C528-4708-BFE7-A751C6851BE8}] => (Allow) C:\Program Files\CyberLink\PowerDVD17\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{4D3C4C9D-B0C6-4495-9684-9A6DEC9E0FE3}] => (Allow) C:\Program Files\CyberLink\PowerDVD17\Kernel\DMS\CLMSServerPDVD17.exe (CyberLink Corp. -> CyberLink) FirewallRules: [{A732F4BC-6317-46E5-8D41-5B00DC8D15C5}] => (Allow) C:\Program Files\CyberLink\PowerDVD17\PowerDVD17Agent.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{1A4AD488-B00E-4840-A794-7E0E56B0BE96}] => (Allow) C:\Program Files\CyberLink\PowerDVD17\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{7C952372-13A6-4438-B95B-141A8274803A}] => (Allow) C:\Program Files\CyberLink\PowerDVD17\CastingStation.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{A66BF197-E863-46FE-BA28-5D296D468019}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{3E2CDC7F-28E2-409C-85E9-817AE8134A07}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{363CFCB3-D775-4E3E-8C8A-42460087C376}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A934AA8E-EDB5-4D98-AD93-9E01DADDAA74}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{64C0AB67-BD65-4021-9D86-10CEA56B6864}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDrw.exe (Corel Corporation -> Corel Corporation) FirewallRules: [{38481C30-8A8F-40A0-9750-5CB2BD5B5844}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs\CorelPP.exe (Corel Corporation -> Corel Corporation) FirewallRules: [{A46B915D-1F4D-4876-BEC3-9F507A39F37A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{199A1C3E-9E5C-4801-B101-6A31C0256613}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{0F8BA56B-C01F-4A9E-95AE-26350B998E9F}] => (Allow) C:\Users\Guillermo\AppData\Local\Programs\Opera\62.0.3331.99\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{9BE917A5-650A-4212-A5AB-C4E79082BFF4}] => (Allow) C:\Users\Guillermo\AppData\Local\Programs\Opera\62.0.3331.116\opera.exe (Opera Software AS -> Opera Software) ==================== Restore Points ========================= 02-08-2019 05:50:35 Driver Booster : Microsoft Silverlight 07-08-2019 13:03:22 Driver Booster : Microsoft Visual C++ 2019 Redistributable (x86) 16-08-2019 19:38:39 ZHPcleaner ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/17/2019 11:47:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: PowerDVD17Agent.exe, versión: 17.0.41497.7520, marca de tiempo: 0x58cf3577 Nombre del módulo con errores: MSVCR110.dll, versión: 11.0.51106.1, marca de tiempo: 0x5098858e Código de excepción: 0xc0000005 Desplazamiento de errores: 0x000150a0 Identificador del proceso con errores: 0x1268 Hora de inicio de la aplicación con errores: 0x01d5557ffc0ec0a8 Ruta de acceso de la aplicación con errores: C:\Program Files\CyberLink\PowerDVD17\PowerDVD17Agent.exe Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\MSVCR110.dll Identificador del informe: 3ad966eb-c173-11e9-973e-001cc0d83b02 Nombre completo del paquete con errores: Identificador de aplicación relativa del paquete con errores: Error: (08/17/2019 11:44:56 PM) (Source: Firefox) (EventID: 5) (User: ) Description: Event-ID 5 Error: (08/17/2019 11:43:12 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Maringota) Description: Windows no encuentra el perfil local y está iniciando la sesión con un perfil temporal. Los cambios que se efectúen en este perfil se perderán cuando se cierre la sesión. Error: (08/17/2019 11:43:12 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Maringota) Description: Windows hizo una copia de seguridad de este perfil de usuario. Windows intentará automáticamente usar la copia de seguridad del perfil la próxima vez que este usuario inicie sesión. Error: (08/17/2019 11:43:12 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Maringota) Description: Windows no puede cargar el perfil almacenado localmente. Las posibles causas de este error son derechos de seguridad insuficientes o un perfil local dañado. DETALLE - El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. Error: (08/17/2019 11:43:12 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY) Description: Windows no pudo cargar el Registro. A menudo este problema se debe a una memoria o derechos de seguridad insuficientes. DETALLE - El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso. para C:\Users\Guillermo\ntuser.dat Error: (08/17/2019 11:39:57 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Error al generar el contexto de activación para "C:\3DP\Net\1703\DPInst64.exe". No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0". Use sxstrace.exe para obtener un diagnóstico detallado. Error: (08/17/2019 11:39:37 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Error al generar el contexto de activación para "C:\Program Files\Driver Booster\DpInst\x64\dpinst.exe". No se encontró el ensamblado dependiente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0". Use sxstrace.exe para obtener un diagnóstico detallado. System errors: ============= Error: (08/18/2019 12:01:48 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Se recibió una alerta irrecuperable desde el extremo remoto. El código de alerta irrecuperable definido del protocolo TLS es: 20. Error: (08/17/2019 11:45:22 AM) (Source: disk) (EventID: 7) (User: ) Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso. Error: (08/17/2019 11:45:20 AM) (Source: disk) (EventID: 7) (User: ) Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso. Error: (08/17/2019 11:45:17 AM) (Source: disk) (EventID: 7) (User: ) Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso. Error: (08/17/2019 11:44:25 AM) (Source: disk) (EventID: 7) (User: ) Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso. Error: (08/17/2019 11:44:23 AM) (Source: disk) (EventID: 7) (User: ) Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso. Error: (08/17/2019 11:44:21 AM) (Source: disk) (EventID: 7) (User: ) Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso. Error: (08/17/2019 11:44:19 AM) (Source: disk) (EventID: 7) (User: ) Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso. Windows Defender: =================================== Date: 2019-07-24 16:55:32.188 Description: Windows Defender ha detectado malware u otro software potencialmente no deseado. Para obtener más información, consulte: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794 Nombre: HackTool:Win32/Keygen Id.: 2147593794 Gravedad: Media Categoría: Herramienta Ruta: containerfile:_C:\RECYCLER\S-1-5-21-220523388-1078145449-1801674531-1003\Dc22\soft\DriverMagicianPortable.rar;file:_C:\RECYCLER\S-1-5-21-220523388-1078145449-1801674531-1003\Dc22\soft\DriverMagicianPortable.rar->DriverMagicianPortable\App\DriverMagicianKeyGen.exe Origen de detección: Equipo local Tipo de detección: Concreta Fuente de detección: Sistema Usuario: NT AUTHORITY\SYSTEM Nombre del proceso: Unknown Versión de firma: AV: 1.155.266.0, AS: 1.155.266.0, NIS: 106.0.0.0 Versión de motor: AM: 1.1.9700.0, NIS: 2.1.9700.0 Date: 2019-07-23 23:44:57.853 Description: Se ha detenido la detección de Windows Defender antes de finalizar. Id. de detección: {C42B8D24-C855-46C6-B08F-78EF4247E651} Tipo de detección: Antimalware Parámetros de detección: Detección rápida Usuario: NT AUTHORITY\SYSTEM Date: 2019-07-23 11:35:13.079 Description: Se ha detenido la detección de Windows Defender antes de finalizar. Id. de detección: {21834C1E-2A2C-4294-AB05-F12D87842EB7} Tipo de detección: Antimalware Parámetros de detección: Detección rápida Usuario: NT AUTHORITY\SYSTEM Date: 2019-07-23 11:22:22.267 Description: Se ha detenido la detección de Windows Defender antes de finalizar. Id. de detección: {EAF1CC8B-319F-45FE-A363-71B9A677C794} Tipo de detección: Antimalware Parámetros de detección: Detección rápida Usuario: NT AUTHORITY\SYSTEM Date: 2019-07-23 10:59:42.381 Description: Windows Defender ha detectado malware u otro software potencialmente no deseado. Para obtener más información, consulte: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794 Nombre: HackTool:Win32/Keygen Id.: 2147593794 Gravedad: Media Categoría: Herramienta Ruta: containerfile:_C:\RECYCLER\S-1-5-21-220523388-1078145449-1801674531-1003\Dc22\soft\DriverMagicianPortable.rar;file:_C:\RECYCLER\S-1-5-21-220523388-1078145449-1801674531-1003\Dc22\soft\DriverMagicianPortable.rar->DriverMagicianPortable\App\DriverMagicianKeyGen.exe Origen de detección: Equipo local Tipo de detección: Concreta Fuente de detección: Sistema Usuario: NT AUTHORITY\SYSTEM Nombre del proceso: Unknown Versión de firma: AV: 1.155.266.0, AS: 1.155.266.0, NIS: 106.0.0.0 Versión de motor: AM: 1.1.9700.0, NIS: 2.1.9700.0 Date: 2019-07-24 17:17:01.488 Description: La característica Protección en tiempo real de Windows Defender ha encontrado un error y se ha interrumpido. Característica: Sistema de inspección de la red Código del error: 0x80004004 Descripción del error: Operación anulada Razón: La protección de antimalware ha dejado de funcionar por una razón desconocida. En algunos casos, puede que el problema se solucione reiniciando el servicio. Date: 2019-07-24 17:16:15.061 Description: La característica Protección en tiempo real de Windows Defender ha encontrado un error y se ha interrumpido. Característica: Sistema de inspección de la red Código del error: 0x80070002 Descripción del error: El sistema no puede encontrar el archivo especificado. Razón: La protección de antimalware ha dejado de funcionar por una razón desconocida. En algunos casos, puede que el problema se solucione reiniciando el servicio. Date: 2019-07-24 17:14:04.162 Description: Windows Defender ha encontrado un error al intentar actualizar las firmas. Nueva versión de firma: Versión de firma anterior: 1.155.266.0 Origen de actualización: Servidor de Microsoft Update Tipo de firma: Antivirus Tipo de actualización: Completa Usuario: NT AUTHORITY\SYSTEM Versión actual del motor: Versión anterior del motor: 1.1.9700.0 Código de error: 0x80070643 Descripción del error: Error irrecuperable durante la instalación. Date: 2019-07-24 17:13:58.114 Description: Windows Defender ha encontrado un error al intentar actualizar el motor. Nueva versión del motor: 1.1.16200.1 Versión anterior del motor: 1.1.9700.0 Usuario: NT AUTHORITY\SYSTEM Código de error: 0x8050800c Descripción del error: Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. Date: 2019-07-24 16:55:00.766 Description: Windows Defender ha encontrado un error al intentar actualizar las firmas. Nueva versión de firma: Versión de firma anterior: 106.0.0.0 Origen de actualización: Centro de protección contra malware de Microsoft Tipo de firma: Sistema de inspección de la red Tipo de actualización: Completa Usuario: NT AUTHORITY\Servicio de red Versión actual del motor: Versión anterior del motor: 2.1.9700.0 Código de error: 0x80072ee7 Descripción del error: No se pudo resolver el nombre de servidor o su dirección CodeIntegrity: =================================== Date: 2019-07-24 16:51:14.112 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Ashampoo\Ashampoo Anti-Virus\a2hooks32.dll because the set of per-page image hashes could not be found on the system. Date: 2019-07-24 16:48:47.221 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Ashampoo\Ashampoo Anti-Virus\a2hooks32.dll because the set of per-page image hashes could not be found on the system. Date: 2019-07-24 07:54:26.340 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Ashampoo\Ashampoo Anti-Virus\a2hooks32.dll that did not meet the Microsoft signing level requirements. Date: 2019-07-24 07:54:23.501 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Ashampoo\Ashampoo Anti-Virus\a2hooks32.dll that did not meet the Windows signing level requirements. Date: 2019-07-24 07:43:17.725 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Ashampoo\Ashampoo Anti-Virus\a2hooks32.dll that did not meet the Windows signing level requirements. Date: 2019-07-24 07:41:22.101 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Ashampoo\Ashampoo Anti-Virus\a2hooks32.dll because the set of per-page image hashes could not be found on the system. Date: 2019-07-24 07:33:49.621 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Ashampoo\Ashampoo Anti-Virus\a2hooks32.dll that did not meet the Microsoft signing level requirements. Date: 2019-07-24 07:33:44.326 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Ashampoo\Ashampoo Anti-Virus\a2hooks32.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: Intel Corp. RQG4110H.86A.0009.2009.0108.1005 01/08/2009 Motherboard: Intel Corporation DG41RQ Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz Percentage of memory in use: 91% Total physical RAM: 2009.31 MB Available physical RAM: 179.51 MB Total Virtual: 3565.83 MB Available Virtual: 497.55 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:68.36 GB) (Free:33.74 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Uso Multiple) (Fixed) (Total:117.19 GB) (Free:48.83 GB) NTFS Drive e: (Silvana) (Fixed) (Total:112.53 GB) (Free:15.17 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 11951195) Partition 1: (Active) - (Size=68.4 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=229.7 GB) - (Type=0F Extended) ==================== End of Addition.txt ============================