Autolt v3 script y algo más en Inicio

Buenos días foreros, últimamente noto que el ordenador no va como tendría que ir, depende del momento va algo más lento- Mirando en el Inicio del Administrador de Tareas, veo que sale habilitado el programa Autolt V3 Script por un lado, y por otro el programa (o lo que sea) 1343d938 (así, tal cual). El primero tiene un impacto alto en el inicio y aparece y se va de la pestaña Inicio a su antojo y según escribo en el navegador o selecciono la pestaña de Inicio del Administrador de Tareas.

El segundo en impacto dice que No Medido.

Un saludo.

Hola @Francisco_Gutierrez

Realiza los siguientes pasos, aunque hayas hecho alguno, sin cambiar el orden:

1) Descarga, actualiza y ejecuta Malwarebytes’ Anti-Malware, revisa en detalle el manual, para que sepas usarlo y configurarlo.

  • Realiza un Análisis personalizado, actualizando si te lo pide.
  • Pulsar en “Cuarentena seleccionado” para enviarlo a la cuarentena y Reinicias el sistema.
  • En el apartado del manual Informes :arrow_forward: Informe de análisis encontrarás el reporte de MBAM, clic en Exportar :arrow_forward: Copiar al portapapeles.

2) Descarga AdwCleaner | InfoSpyware en el escritorio.

  • Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus.
  • Cierra también todos los programas que tengas abiertos.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7 u 8 presiona clic derecho y selecciona "Ejecutar como Administrador".)
  • Pulsar en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa sobre el botón Limpiar.
  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.
  • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también se puede encontrar en C:\AdwCleaner\AdwCleaner[C1].txt

3) Descarga CCleaner

  • Instala Ccleaner
  • Abres Ccleaner en la pestaña limpiador dejas como esta configurada predeterminadamente, haces clic en analizar esperas que termine :arrow_forward: clic en ejecutar limpiador
  • Clic en la pestaña Registro :arrow_forward: clic en buscar problemas esperas que termine :arrow_forward: clic en Reparar Seleccionadas y haces una copia de seguridad
  • Vuelves a darle clic en buscar problemas hasta que no encuentre ninguno.

Pega los reportes de Malwarebytes y AdwCleaner y comentas como va el problema.

Un saludo


Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 8/9/19
Hora del análisis: 13:04
Archivo de registro: 6ca3d8f4-d228-11e9-8c57-704d7b4acfbb.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.625
Versión del paquete de actualización: 1.0.12373
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.556)
CPU: x64
Sistema de archivos: NTFS
Usuario: LAPTOP-5716CIUP\X541U

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 436208
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 3 hr, 12 min, 36 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-05-2019
# Database: 2019-09-06.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-09-2019
# Duration: 00:00:01
# OS:       Windows 10 Home
# Cleaned:  4
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1250 octets] - [18/02/2019 20:55:43]
AdwCleaner[C00].txt - [1436 octets] - [18/02/2019 20:56:07]
AdwCleaner[S01].txt - [2266 octets] - [02/03/2019 07:22:39]
AdwCleaner[C01].txt - [2378 octets] - [02/03/2019 07:22:51]
AdwCleaner[S02].txt - [1494 octets] - [02/03/2019 07:28:48]
AdwCleaner[C02].txt - [1680 octets] - [02/03/2019 07:29:03]
AdwCleaner[S03].txt - [2496 octets] - [20/03/2019 21:20:12]
AdwCleaner[C03].txt - [2608 octets] - [20/03/2019 21:20:21]
AdwCleaner[S04].txt - [4060 octets] - [26/03/2019 19:48:37]
AdwCleaner[C04].txt - [4063 octets] - [26/03/2019 19:48:47]
AdwCleaner[S05].txt - [2074 octets] - [17/04/2019 11:24:57]
AdwCleaner[C05].txt - [2240 octets] - [17/04/2019 11:25:19]
AdwCleaner[S06].txt - [2169 octets] - [15/08/2019 08:01:10]
AdwCleaner[C06].txt - [2312 octets] - [15/08/2019 08:02:35]
AdwCleaner_Debug.log - [26171 octets] - [08/09/2019 08:49:13]
AdwCleaner[S07].txt - [4374 octets] - [08/09/2019 08:49:38]
AdwCleaner[S08].txt - [4436 octets] - [09/09/2019 17:56:59]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C08].txt ########## # -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-05-2019
# Database: 2019-09-06.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-09-2019
# Duration: 00:00:01
# OS:       Windows 10 Home
# Cleaned:  4
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1250 octets] - [18/02/2019 20:55:43]
AdwCleaner[C00].txt - [1436 octets] - [18/02/2019 20:56:07]
AdwCleaner[S01].txt - [2266 octets] - [02/03/2019 07:22:39]
AdwCleaner[C01].txt - [2378 octets] - [02/03/2019 07:22:51]
AdwCleaner[S02].txt - [1494 octets] - [02/03/2019 07:28:48]
AdwCleaner[C02].txt - [1680 octets] - [02/03/2019 07:29:03]
AdwCleaner[S03].txt - [2496 octets] - [20/03/2019 21:20:12]
AdwCleaner[C03].txt - [2608 octets] - [20/03/2019 21:20:21]
AdwCleaner[S04].txt - [4060 octets] - [26/03/2019 19:48:37]
AdwCleaner[C04].txt - [4063 octets] - [26/03/2019 19:48:47]
AdwCleaner[S05].txt - [2074 octets] - [17/04/2019 11:24:57]
AdwCleaner[C05].txt - [2240 octets] - [17/04/2019 11:25:19]
AdwCleaner[S06].txt - [2169 octets] - [15/08/2019 08:01:10]
AdwCleaner[C06].txt - [2312 octets] - [15/08/2019 08:02:35]
AdwCleaner_Debug.log - [26171 octets] - [08/09/2019 08:49:13]
AdwCleaner[S07].txt - [4374 octets] - [08/09/2019 08:49:38]
AdwCleaner[S08].txt - [4436 octets] - [09/09/2019 17:56:59]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C08].txt ##########

Hice un análisis con Malwarebytes desde menú inicio sin darme cuenta que tenía que darle a personalizado. El primer resultado es este:


Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 8/9/19
Hora del análisis: 12:56
Archivo de registro: 55a15862-d227-11e9-9a53-704d7b4acfbb.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.625
Versión del paquete de actualización: 1.0.12373
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.556)
CPU: x64
Sistema de archivos: NTFS
Usuario: LAPTOP-5716CIUP\X541U

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 272795
Amenazas detectadas: 6
Amenazas en cuarentena: 6
Tiempo transcurrido: 2 min, 17 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 1
Trojan.Agent, HKU\S-1-5-21-3321426427-1348503232-2695725869-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|1343D938, En cuarentena, [446], [667268],1.0.12373

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 1
Trojan.Agent, C:\PROGRAMDATA\fxMtKyvu, En cuarentena, [446], [667267],1.0.12373

Archivo: 4
Trojan.Agent, C:\PROGRAMDATA\fxMtKyvu\1343d938test.au3, En cuarentena, [446], [667267],1.0.12373
Trojan.Agent, C:\ProgramData\fxMtKyvu\1343d938.exe, En cuarentena, [446], [667267],1.0.12373
Trojan.Agent, C:\ProgramData\fxMtKyvu\PE.bin, En cuarentena, [446], [667267],1.0.12373
Trojan.Agent, C:\ProgramData\fxMtKyvu\shell.txt, En cuarentena, [446], [667267],1.0.12373

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end) 

En la pestaña Inicio del Administrador de Tareas, el elemento 1343d938 ha desaparecido pero Autolt v3 Script sigue apareciendo, y cuando cliqueo en esa pestaña de Inicio desaparece, si vuelvo a clicar en otro lado que no sea esa pestaña, vuelve a aparecer.

Hola

Desactiva temporalmente el Antivirus >> Cómo deshabilitar temporalmente su Antivirus

Descarga Farbar Recovery Scan Tool.en el escritorio, seleccionando la versión adecuada para la arquitectura(32 o 64bits) de tu equipo. [color=#FF8C00][size=1]:arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?[/size][/color]

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Pon los dos reportes generados.

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Un saludo


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-09-2019
Ran by X541U (administrator) on LAPTOP-5716CIUP (ASUSTeK COMPUTER INC. X541UV) (10-09-2019 16:43:05)
Running from C:\Users\X541U\Desktop
Loaded Profiles: X541U (Available Profiles: X541U)
Platform: Windows 10 Home Version 1803 17134.556 (X64) Language: Español (España, internacional)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_796b78d9b20afbbf\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_796b78d9b20afbbf\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_796b78d9b20afbbf\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_796b78d9b20afbbf\IntelCpHeciSvc.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19072.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-11-09] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [754416 2018-10-31] (Acronis International GmbH -> )
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2018-10-31] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4179768 2018-10-31] (Acronis International GmbH -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3321426427-1348503232-2695725869-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2014-12-12] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3321426427-1348503232-2695725869-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22714912 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {065BDA5C-E58C-44EE-9974-8DC66BE85050} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {0E21FE02-BE8C-44E4-B586-F2F941EDEC77} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16585328 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {3FF41812-A711-48EE-AE24-DB3B03A761F0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {46927DFE-AC2B-48C8-BF95-3865420187F8} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {537A9029-2068-4CF2-88AC-B98B66F66013} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {69C9C189-91B4-4386-8D81-5CB227CD50D4} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [55808 2016-10-13] (ASUS) [File not signed]
Task: {6DB5D50B-42AC-4772-BA43-4E4807616CEB} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [521152 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8DD8D865-9FD6-4465-A7DE-438D54E98A91} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [124280 2017-07-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {944E39C6-0A18-4755-9496-911D5F9B8020} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [745920 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {99585263-6FD2-4480-BC95-9C765F7AFA38} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {B34BD6D3-13C6-4B89-8C0D-B930E34D6712} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506368 2018-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {BBB2CADA-E5D6-4689-B40B-C47A2D553207} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [745920 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C4C76627-42A8-4A9B-98DC-4427CD2F9C8D} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {C650B2C7-F986-495C-9695-948D863E4E72} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [657856 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CCB5AEBC-E1DF-487E-BDC6-FEA592C2CD83} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [124280 2017-07-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {D1BCB4DD-EC05-4FCA-93E4-A231D430655A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [657856 2017-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DBAC7FA1-4C51-452D-9299-48DE545202DA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {EABD952C-B6D7-4DC0-86A5-C64D03770C39} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506368 2018-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1d4eafae-d8fc-45cf-b43a-0ee9e241895c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1f0ce619-d683-459a-9f46-dcc8d362efea}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1fe43769-c250-4f20-8a7a-b841c5af090f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{58224146-a3cd-429b-9e7e-6d82bb2622ae}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6d6a8923-e432-4115-8a90-76d890e99926}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9f95693d-80db-4abf-9ddd-f7a3e081ff6b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c23f3d2f-ff65-4d6a-a569-360b4c96a76c}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3321426427-1348503232-2695725869-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-3321426427-1348503232-2695725869-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3321426427-1348503232-2695725869-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3321426427-1348503232-2695725869-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION) [File not signed]
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-08-22] (McAfee, LLC -> McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-08-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-08-22] (McAfee, LLC -> McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-08] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION) [File not signed]

Edge: 
======
DownloadDir: C:\Users\X541U\Downloads
Edge Extension: (Ghostery – Bloqueador de anuncios para privacidad) -> EdgeExtension_GhosteryGhostery_kzkqe0pn505dg => C:\Program Files\WindowsApps\Ghostery.Ghostery_8.4.2.0_neutral__kzkqe0pn505dg [2019-08-31]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-08-22]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-08] (Oracle America, Inc. -> Oracle Corporation)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [34664 2019-08-28] (IDSA Production signing key -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [91496 2019-08-28] (IDSA Production signing key -> Intel)
R2 esifsvc; C:\Windows\system32\Intel\DPTF\esif_uf.exe [1701480 2017-07-07] (Intel Corporation -> Intel Corporation)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] (Intel(R) Software Development Products -> )
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [529696 2019-04-23] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 ICEsoundService; C:\Windows\system32\ICEsoundService64.exe [806344 2018-11-01] (ICEpower a/s -> ICEpower)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-09-25] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [905472 2019-08-22] (McAfee, LLC -> McAfee, Inc.)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2018-10-31] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1753184 2018-10-31] (Acronis International GmbH -> )
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [195832 2018-12-19] (Intel(R) Software Development Products -> )
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937208 2018-12-19] (Intel(R) Software Development Products -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [X]
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\\McCSPServiceHost.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusPTPDrv; C:\Windows\System32\drivers\AsusPTPFilter.sys [108504 2019-04-24] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
S3 athr; C:\Windows\System32\drivers\athw8x.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [74168 2017-07-07] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [69560 2017-07-07] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [382392 2017-07-07] (Intel Corporation -> Intel Corporation)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [390592 2019-02-18] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [31112 2017-05-02] (ASUSTeK Computer Inc. -> ASUS)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [239392 2019-04-23] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-09-08] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-09-09] (Malwarebytes Corporation -> Malwarebytes)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3521016 2019-04-30] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_9b1341e92276ee7c\nvlddmkm.sys [17213616 2018-10-15] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [954368 2017-04-28] (Realtek Semiconductor Corp. -> Realtek )
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [724448 2017-07-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [8106848 2018-04-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1310552 2019-02-18] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [213336 2019-02-18] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [331976 2019-02-18] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 volume_tracker; C:\Windows\System32\DRIVERS\volume_tracker.sys [243472 2019-02-18] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\X541U\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 WinRing0_1_2_0; \??\C:\Users\X541U\Desktop\tests\Apps\OpenHardwareMonitor\OpenHardwareMonitorLib.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-10 16:43 - 2019-09-10 16:43 - 000025145 _____ C:\Users\X541U\Desktop\FRST.txt
2019-09-10 16:42 - 2019-09-10 16:43 - 000000000 ____D C:\FRST
2019-09-10 16:41 - 2019-09-10 16:41 - 001614848 _____ (Farbar) C:\Users\X541U\Desktop\FRST64.exe
2019-09-09 18:09 - 2019-09-09 18:09 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-09-09 18:01 - 2019-09-09 18:01 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-09-09 18:01 - 2019-09-09 18:01 - 000002888 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-09-09 18:01 - 2019-09-09 18:01 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-09-09 18:01 - 2019-09-09 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-09-09 18:01 - 2019-09-09 18:01 - 000000000 ____D C:\Program Files\CCleaner
2019-09-08 12:55 - 2019-09-08 12:55 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-09-08 12:55 - 2019-09-08 12:55 - 000000000 ____D C:\Users\X541U\AppData\Local\mbamtray
2019-09-08 12:55 - 2019-09-08 12:55 - 000000000 ____D C:\Users\X541U\AppData\Local\mbam
2019-09-08 12:54 - 2019-09-08 12:54 - 066409056 _____ (Malwarebytes ) C:\Users\X541U\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.625-1.0.12365.exe
2019-09-08 12:54 - 2019-09-08 12:54 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-09-08 12:54 - 2019-09-08 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-09-08 12:54 - 2019-09-08 12:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-09-08 12:54 - 2019-09-08 12:54 - 000000000 ____D C:\Program Files\Malwarebytes
2019-09-08 12:54 - 2019-08-27 05:50 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-09-08 12:54 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-09-08 08:49 - 2019-09-08 08:49 - 007636680 _____ (Malwarebytes) C:\Users\X541U\Desktop\adwcleaner_7.4.1.exe
2019-09-05 11:09 - 2019-09-05 11:09 - 000000000 ___HD C:\ProgramData\CyberLink
2019-08-31 08:45 - 2019-03-28 11:11 - 000029232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2019-08-31 08:45 - 2019-03-28 11:11 - 000017968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2019-08-31 08:45 - 2019-03-28 11:09 - 000032816 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2019-08-31 08:45 - 2019-03-28 11:09 - 000017968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2019-08-31 08:45 - 2019-03-28 08:35 - 000772176 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_clr0400.dll
2019-08-31 08:45 - 2019-03-28 08:35 - 000702400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase_clr0400.dll
2019-08-31 08:45 - 2019-03-28 08:35 - 000622832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140_clr0400.dll
2019-08-31 08:45 - 2019-03-28 08:35 - 000433448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140_clr0400.dll
2019-08-31 08:45 - 2019-03-28 08:35 - 000087296 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140_clr0400.dll
2019-08-31 08:45 - 2019-03-28 08:35 - 000083768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140_clr0400.dll
2019-08-29 08:20 - 2019-08-29 08:27 - 000000000 ____D C:\Users\X541U\Desktop\lisboa 28.08.19
2019-08-27 23:02 - 2019-08-28 09:51 - 000000000 ____D C:\Users\X541U\Desktop\sintra 27.08.19
2019-08-26 23:22 - 2019-08-26 23:49 - 000000000 ____D C:\Users\X541U\Desktop\fotos 2019 movil reyes
2019-08-22 08:09 - 2019-08-09 16:16 - 000000201 _____ C:\Users\X541U\Downloads\» p a s s w o r d  [readme].html
2019-08-20 18:28 - 2019-08-20 18:28 - 000369981 _____ C:\Users\X541U\Documents\entrada mascotas.pdf
2019-08-15 18:20 - 2019-09-09 18:09 - 094633984 _____ C:\Windows\system32\config\SOFTWARE
2019-08-15 18:06 - 2019-08-15 18:19 - 000000000 ____D C:\Windows\Microsoft Antimalware

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-10 16:39 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-09-10 16:28 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-10 14:06 - 2018-11-17 02:08 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-09-10 11:25 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-09-10 11:25 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\AppReadiness
2019-09-09 18:14 - 2019-01-24 04:59 - 002558266 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-09 18:14 - 2018-11-17 01:15 - 000732716 _____ C:\Windows\system32\prfh0816.dat
2019-09-09 18:14 - 2018-11-17 01:15 - 000144794 _____ C:\Windows\system32\prfc0816.dat
2019-09-09 18:14 - 2018-11-17 01:08 - 000754148 _____ C:\Windows\system32\perfh00A.dat
2019-09-09 18:14 - 2018-11-17 01:08 - 000148516 _____ C:\Windows\system32\perfc00A.dat
2019-09-09 18:14 - 2018-04-12 01:36 - 000000000 ____D C:\Windows\INF
2019-09-09 18:12 - 2019-01-24 20:57 - 000000200 _____ C:\Users\X541U\AppData\Roaming\sp_data.sys
2019-09-09 18:09 - 2019-01-24 20:54 - 000000000 __SHD C:\Users\X541U\IntelGraphicsProfiles
2019-09-09 18:09 - 2019-01-24 05:20 - 000000000 ____D C:\ProgramData\NVIDIA
2019-09-09 18:09 - 2018-11-17 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-09 18:09 - 2018-04-11 23:04 - 000786432 _____ C:\Windows\system32\config\BBI
2019-09-09 18:06 - 2019-01-30 15:20 - 000000000 ____D C:\Users\X541U\AppData\Local\CrashDumps
2019-09-09 18:06 - 2018-11-17 00:55 - 000000000 ____D C:\Windows\Panther
2019-09-09 18:06 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\LiveKernelReports
2019-09-09 17:47 - 2019-02-13 08:34 - 000000000 ____D C:\Users\X541U\AppData\Roaming\qBittorrent
2019-09-09 17:33 - 2019-02-13 08:34 - 000000000 ____D C:\Users\X541U\Downloads\torrent
2019-09-08 12:54 - 2018-04-12 01:38 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-09-06 17:14 - 2019-01-25 01:56 - 000003380 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3321426427-1348503232-2695725869-1001
2019-09-06 17:14 - 2019-01-24 21:00 - 000000000 ___RD C:\Users\X541U\OneDrive
2019-09-06 17:14 - 2019-01-24 20:54 - 000002403 _____ C:\Users\X541U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-01 03:21 - 2018-04-12 01:30 - 000000000 ____D C:\Windows\CbsTemp
2019-08-31 18:16 - 2019-01-24 20:54 - 000000000 ____D C:\Users\X541U
2019-08-31 09:05 - 2019-01-24 05:06 - 000000000 ____D C:\ProgramData\Package Cache
2019-08-31 08:53 - 2019-02-15 11:41 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-08-31 08:53 - 2019-01-24 05:10 - 000000000 ____D C:\Program Files (x86)\Intel
2019-08-30 05:04 - 2019-01-25 00:58 - 000000000 ____D C:\Program Files\rempl
2019-08-15 09:20 - 2019-01-25 22:48 - 000000000 ____D C:\Users\X541U\AppData\Local\D3DSCache
2019-08-15 09:12 - 2019-02-18 18:30 - 000000000 ____D C:\Users\X541U\AppData\Local\JxBrowser
2019-08-15 08:02 - 2019-01-25 15:41 - 000000000 ____D C:\ProgramData\ASUS
2019-08-15 08:02 - 2019-01-24 05:24 - 000000000 ____D C:\Program Files (x86)\ASUS
2019-08-14 08:40 - 2019-01-25 00:56 - 000000000 ____D C:\Windows\system32\MRT
2019-08-14 08:31 - 2019-01-25 00:56 - 134272480 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories ================

2019-01-24 20:57 - 2019-09-09 18:12 - 000000200 _____ () C:\Users\X541U\AppData\Roaming\sp_data.sys
2019-03-26 20:08 - 2019-03-26 20:08 - 000007605 _____ () C:\Users\X541U\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2019
Ran by X541U (10-09-2019 16:44:23)
Running from C:\Users\X541U\Desktop
Windows 10 Home Version 1803 17134.556 (X64) (2019-01-24 18:24:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-3321426427-1348503232-2695725869-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3321426427-1348503232-2695725869-503 - Limited - Disabled)
Invitado (S-1-5-21-3321426427-1348503232-2695725869-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3321426427-1348503232-2695725869-504 - Limited - Disabled)
X541U (S-1-5-21-3321426427-1348503232-2695725869-1001 - Administrator - Enabled) => C:\Users\X541U

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image for Crucial (HKLM-x32\...\{C470006A-424E-4ECC-8B70-EB8EB70D74EC}) (Version: 23.0.14350 - Acronis)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.22 - ASUSTek COMPUTER INC.)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.19.0004 - ASUS)
ATK Package (ASUS Keyboard Hotkeys) (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0057 - ASUSTeK COMPUTER INC.)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.5.18 - ICEpower a/s)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform)
Crucial Storage Executive (HKU\S-1-5-21-3321426427-1348503232-2695725869-1001\...\Crucial Storage Executive 3.60.082018.04) (Version: 5.02.052019.08 - Crucial)
Epson Easy Photo Print 2 (HKLM-x32\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Intel Driver && Support Assistant (HKLM-x32\...\{FEC20E93-5B88-45AA-9AA3-1185EE8A46AF}) (Version: 19.8.34.6 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10205.4743 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.0.1015 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001010-0210-1034-84C8-B8D95FA3C8C3}) (Version: 21.10.1.1 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{87709708-b034-4cec-b6ef-0d162873cf83}) (Version: 19.8.34.6 - Intel)
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Manual de red EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Netg) (Version:  - )
Manual de usuario EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Useg) (Version:  - )
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.92 - McAfee, LLC.)
Microsoft OneDrive (HKU\S-1-5-21-3321426427-1348503232-2695725869-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
NVIDIA Controlador de gráficos 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 399.24 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Panel de control de NVIDIA 399.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 399.24 - NVIDIA Corporation) Hidden
qBittorrent 4.1.6 (HKLM-x32\...\qBittorrent) (Version: 4.1.6 - The qBittorrent project)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.4.1000.170710 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.27058 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8564 - Realtek Semiconductor Corp.)
Realtek PCI-E Wireless LAN Driver (HKLM-x32\...\InstallShield_{70714FB7-4084-4202-A599-2D5935DECB67}) (Version: Drv_3.00.0017 - REALTEK Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
Windows Driver Package - ASUSTek COMPUTER INC. (AsusPTPDrv) HIDClass  (08/02/2017 11.0.0.18) (HKLM\...\E90A37D273EA609437C18750E3A7AB5C391A4E33) (Version: 08/02/2017 11.0.0.18 - ASUSTek COMPUTER INC.)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.1.0 - ASUS)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

Packages:
=========
ASUS Product Registration Program -> C:\Program Files\WindowsApps\B9ECED6F.ASUSProductRegistrationProgram_3.0.3.0_x86__qmba6cd70vzyy [2019-01-25] (ASUSTeK COMPUTER INC.)
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-02] (Microsoft Corporation) [MS Ad]
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.2064.0_x64__rz1tebttyb220 [2019-09-06] (Dolby Laboratories)
eManual -> C:\Program Files\WindowsApps\B9ECED6F.eManual_2.0.3.0_x86__qmba6cd70vzyy [2019-01-25] (ASUSTeK COMPUTER INC.)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-01-25] (Fitbit)
Ghostery – Bloqueador de anuncios para privacidad -> C:\Program Files\WindowsApps\Ghostery.Ghostery_8.4.2.0_neutral__kzkqe0pn505dg [2019-08-31] (Ghostery)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-25] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation)
Microsoft News: Noticias destacadas en español -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-08-26] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.11929.20254.0_x86__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation)
MSN El Tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2019-01-25] (ASUSTeK COMPUTER INC.)
PhotoDirector8 for ASUS -> C:\Program Files\WindowsApps\F5080380.PhotoDirector8forASUS_8.0.4020.0_x64__tfv7c950n6xcr [2019-01-25] (CyberLink  Corp.)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.9.0_x64__nfy108tqq3p12 [2019-01-28] (Thumbmunkeys Ltd) [MS Ad]
PowerDirector14 for ASUS -> C:\Program Files\WindowsApps\F5080380.PowerDirector14forASUS_14.0.5226.0_x64__tfv7c950n6xcr [2019-01-25] (CyberLink  Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3321426427-1348503232-2695725869-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel)
ShellIconOverlayIdentifiers: [     AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-10-31] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [     AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-10-31] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [     AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-10-31] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [     AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2018-10-31] (Acronis International GmbH -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_796b78d9b20afbbf\igfxDTCM.dll [2017-12-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-09-06] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-04-16 21:29 - 2012-11-12 15:15 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2019-04-16 21:29 - 2012-10-22 17:19 - 000219648 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enpres.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 01:38 - 2018-04-12 01:36 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files\Crucial\Crucial Storage Executive
HKU\S-1-5-21-3321426427-1348503232-2695725869-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\X541U\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-3321426427-1348503232-2695725869-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8C964B08-DDA7-46AE-9049-18EB0B58348C}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{F19F2376-4450-4B13-9543-CCEFCB6DFEA3}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{21155107-67B8-452F-B521-86EB7932470C}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{4578B42F-0B91-46CB-9F18-87B18B99F7AA}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{079AA44E-5688-4BA8-834C-1D4DD09301B1}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{D6AF96DA-ADDB-4DFB-B218-55FFC8E6BF88}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{62A16D5C-AF87-4A5A-B24F-6BC021CCFBF5}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{69AC4AA7-FF39-490A-86CA-4B7B253CC4E3}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{76534EE7-B691-4207-9A30-DE4F3BBC7FEF}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> )
FirewallRules: [{8CC78F0E-9053-4173-B898-909D020F4611}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> )
FirewallRules: [{04D368EF-05B8-4650-AD50-153DD1D6CBF2}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )
FirewallRules: [{6EF85F72-BAD9-47A8-9798-0B7F73E0B1C6}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )
FirewallRules: [{36A937AA-0AE1-4637-8D71-6585D4B3FE2B}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{2ADC0B6B-21D4-47D9-9A23-1D95F5E7B234}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )
FirewallRules: [{1E0ABED9-8BD1-4FB8-B0ED-E1E4DCFC9320}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> )
FirewallRules: [{0EEE9D27-89C3-48E6-BD85-6FBDC340BFA8}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\LicenseActivator.exe (Acronis International GmbH -> )
FirewallRules: [{BD740C82-C01F-4329-8825-7B954CBE0C6A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D65A241B-31D6-4EB5-9E7F-8A9A9AB02F84}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{57D6F494-E751-4748-BE88-0C821D562771}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8F15EDB1-3255-4A3F-A254-3F87E06C8454}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{378583D0-22C0-4B7E-BEF8-C5D3CD65E3A1}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{CDAC6DFD-AD8B-4F3E-996D-3AFB66E69FBD}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [{BA96A284-E3A3-4E30-BEEC-9BF3912FC9FE}] => (Block) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [{3A0B6C92-A0C2-43F3-9F66-F167FB0D3377}] => (Block) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{43FABCBE-CE33-46A2-A94C-E17C40DF1ECF}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{42070283-910F-4DFA-B6AF-8642535BC82E}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{90A438F2-4649-4A89-8F5A-CC617B4F2613}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{732E78F7-E77B-41A0-BD44-16131415811D}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{E995E334-E67E-41F9-BB62-5FD1BC1F8261}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11929.20254.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2019 12:58:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1952093

Error: (09/10/2019 12:58:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1952093

Error: (09/10/2019 12:58:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2019 12:26:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3203

Error: (09/10/2019 12:26:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3203

Error: (09/10/2019 12:26:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2019 08:34:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4031

Error: (09/10/2019 08:34:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4031


System errors:
=============
Error: (09/10/2019 04:40:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/10/2019 04:37:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/10/2019 03:11:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/10/2019 01:02:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/10/2019 12:59:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/10/2019 10:02:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/10/2019 09:36:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (09/10/2019 03:01:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.


Windows Defender:
===================================
Date: 2019-09-08 12:43:06.281
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {99301A0F-9947-4A86-96F2-C9024E775B1E}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-09-08 11:39:22.626
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {443E6C70-26D2-4D21-A90D-5506B3D82C51}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-09-08 11:14:18.085
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {986A3A59-5E1E-4C64-9C6C-189152600B5A}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-09-08 09:06:49.609
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {A0F1A533-F748-41C9-9C52-DBE9E5F9E62A}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-09-08 01:17:59.984
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {FF6D4B76-31E7-4776-8BE1-A1FAE5D45FAD}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-09-06 12:33:34.330
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.301.623.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16300.1
Código de error: 0x80070643
Descripción del error: Error irrecuperable durante la instalación. 

Date: 2019-07-20 14:06:02.634
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.299.42.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16200.1
Código de error: 0x8024402c
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

CodeIntegrity:
===================================

Date: 2019-09-10 16:43:32.620
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-09-10 16:43:32.619
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2019-09-10 16:38:33.260
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-09-10 16:38:33.258
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-09-10 16:38:32.726
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-09-10 16:38:32.724
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-09-10 16:38:27.368
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-09-10 16:38:27.366
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. X541UV.305 10/16/2017
Motherboard: ASUSTeK COMPUTER INC. X541UV
Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 49%
Total physical RAM: 12152.11 MB
Available physical RAM: 6110 MB
Total Virtual: 14008.11 MB
Available Virtual: 4692.55 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:231.72 GB) (Free:85.3 GB) NTFS

\\?\Volume{fedd078d-8241-4c25-a104-ac541af7ce7e}\ (RECOVERY) (Fixed) (Total:0.79 GB) (Free:0.39 GB) NTFS
\\?\Volume{f71ea351-6b40-4837-a166-31185d2fbb1d}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.23 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: EEBE40C0)

Partition: GPT.

==================== End of Addition.txt ============================  

Hola

:arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe( en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla "Create registry backup", las demás NO.

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

A continuación :warning: con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION) [File not signed]
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [X]
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\\McCSPServiceHost.exe" [X]
S3 ALSysIO; \??\C:\Users\X541U\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 WinRing0_1_2_0; \??\C:\Users\X541U\Desktop\tests\Apps\OpenHardwareMonitor\OpenHardwareMonitorLib.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{8C964B08-DDA7-46AE-9049-18EB0B58348C}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{F19F2376-4450-4B13-9543-CCEFCB6DFEA3}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe (Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.


  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
  • Presionar el botón FIX y aguardar a que termine.
  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pega el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Un saludo

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-09-2019
Ran by X541U (14-09-2019 18:39:30) Run:1
Running from C:\Users\X541U\Desktop
Loaded Profiles: X541U (Available Profiles: X541U)
Boot Mode: Normal
==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION) [File not signed]
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [X]
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\\McCSPServiceHost.exe" [X]
S3 ALSysIO; \??\C:\Users\X541U\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 WinRing0_1_2_0; \??\C:\Users\X541U\Desktop\tests\Apps\OpenHardwareMonitor\OpenHardwareMonitorLib.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{8C964B08-DDA7-46AE-9049-18EB0B58348C}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{F19F2376-4450-4B13-9543-CCEFCB6DFEA3}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File

HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}" => removed successfully
HKLM\Software\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => removed successfully
HKLM\System\CurrentControlSet\Services\DevActSvc => removed successfully
DevActSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\mccspsvc => removed successfully
mccspsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\ALSysIO => removed successfully
ALSysIO => service removed successfully
HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0 => removed successfully
WinRing0_1_2_0 => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C964B08-DDA7-46AE-9049-18EB0B58348C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F19F2376-4450-4B13-9543-CCEFCB6DFEA3}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3321426427-1348503232-2695725869-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3321426427-1348503232-2695725869-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Ethernet mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 1 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local* 3 mientras los medios
est‚n desconectados.
No se puede realizar ninguna operaci¢n en Conexi¢n de red Bluetooth 2 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Ethernet:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : lan

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 1:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Conexi¢n de  rea local* 3:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de LAN inal mbrica Wi-Fi:

   Sufijo DNS espec¡fico para la conexi¢n. . : lan
   V¡nculo: direcci¢n IPv6 local. . . : fe80::6d9b:7c6f:35e2:fab%16
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.165
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.1.1

Adaptador de Ethernet Conexi¢n de red Bluetooth 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to cancel {021AB0B5-0154-47AB-AE17-C4643C96B4A1}.
Unable to cancel {5BC7F2F3-24CE-43DD-9A5A-01526A38D9D8}.
Unable to cancel {B7A1ABC3-8122-44F2-9A6F-D72A21DD646C}.
Unable to cancel {D6086F4C-F0EE-4164-85B6-4364D856B177}.
Unable to cancel {6ED2E618-247A-4080-8CCB-395621D98100}.
Unable to cancel {6A861CE2-AF24-4533-AF32-9ADD9785D4E4}.
Unable to cancel {540329FF-3A98-47D1-AB8B-1BB88B83445E}.
0 out of 7 jobs canceled.

========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reenv¡o de compartimiento se restableci¢ correctamente.
Compartimiento se restableci¢ correctamente.
Protocolo de control se restableci¢ correctamente.
Solicitud de secuencia eco se restableci¢ correctamente.
Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de difusi¢n por proximidad (a se restableci¢ correctamente.
Direcciones de multidifusi¢n se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Vecino se restableci¢ correctamente.
Ruta de acceso se restableci¢ correctamente.
Posible se restableci¢ correctamente.
Directiva de prefijo se restableci¢ correctamente.
Vecino de proxy se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Prefijo de sitio se restableci¢ correctamente.
Subinterfaz se restableci¢ correctamente.
Patr¢n de reactivaci¢n se restableci¢ correctamente.
Resolver vecino se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Error al restablecer .
Acceso denegado.

 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
 se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 13656064 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 261071818 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => 91502 B
Edge => 863909899 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 581621 B
systemprofile32 => 0 B
LocalService => 4444 B
LocalService => 0 B
NetworkService => 12866 B
NetworkService => 0 B
X541U => 55090341 B

RecycleBin => 20889120 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:40:57 ====

Buenos días, Autolt V3 ya no aparece en el Inicio del Administrador de Tareas. Aunque parece que el rendimiento es mejor, con vídeos online hay veces que siguen dando saltos (había leído en algún lugar, que esto era debido a Autolt V3, entre otras causas…) que se soluciona suspendiendo y volviendo a encender el portátil.

Hola

Reinicia un par de veces y comprueba el funcionamiento.

Un saludo

Después de haberlo estado probando unos días, parece que el funcionamiento es correcto. Muchas gracias por la ayuda.

1 me gusta

Hola @Francisco_Gutierrez

Sigue estos pasos, para eliminar las herramientas utilizadas:

Para hacerlo utiliza de nuevo/descarga >> DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.


Gracias a ti por confiar en ForoSpyware. Ha sido un placer ayudarte :handshake:

Nos alegramos que se te haya resuelto :+1: Damos el tema por solucionado.

Solucionado

Un saludo