Mantenimiento al pc

Hola buenas tardes, quisiera saber si podrían orientarme para darle un mantenimiento al software de mi pc, saber qué programas no me son útiles y optimizar la pc, muchas gracias por leerme :slight_smile:

Buenas @ale_Ruma bienvenido al Foro.

Lo primero que deberías decirnos es que tipo de problemas tienes en el equipo para querer darle un mantenimiento…??

Y además, al menos, que sistema operativo(version de windows) tienes instalado en él y que características de hardware/máquina tienes…??

Saludos.

Pues no tiene un problema en sí, pero pues está un poco lenta y creo qué hay archivos innecesarios en mi laptop que quisiera eliminar pero no se cómo hacerlo, ¿cómo te puedo mandar un analisis de mi computadora con las especificaciones del sistema y todo éso, para ayudar en esto? :frowning:

Buenas @ale_Ruma

Entonces…lo primero será revisar tu equipo, :thinking: para hacerlo sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos.

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 14/8/19
Hora del análisis: 15:26
Archivo de registro: c392737e-bed1-11e9-98f2-9829a60c3b33.json

-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.12009
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 17134.885)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-JNB7THA\Alex Rm

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 267269
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 2 min, 33 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)
# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-07-22.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-14-2019
# Duration: 00:00:15
# OS:       Windows 10 Home Single Language
# Cleaned:  9
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.LenovoUtility
Not Deleted   Preinstalled.LenovoIMController


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1378 octets] - [14/08/2019 15:34:14]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
|3D Builder|Microsoft Corporation|10/06/2019||16.1.1431.0|
|---|---|---|---|---|
|Alarmas y reloj|Microsoft Corporation|10/06/2019||10.1903.1006.0|
|AMD Software|Advanced Micro Devices, Inc.|06/06/2019|26.3 MB|9.0.000.8|
|Analizador y SDK de MSXML 4.0 SP2|Microsoft Corporation|28/05/2019|5.05 MB|4.20.9818.0|
|Audio By Harman|Harman, Inc.|25/08/2017|8.29 MB|1.4.0.0|
|Calculadora|Microsoft Corporation|23/07/2019||10.1905.30.0|
|Candy Crush Soda Saga|king.com|11/07/2019||1.143.600.0|
|CCleaner|Piriform|14/08/2019||5.58|
|Centro de comentarios|Microsoft Corporation|10/06/2019||1.1811.10862.0|
|Compañero de la consola Xbox|Microsoft Corporation|29/07/2019||48.55.24001.0|
|Contactos|Microsoft Corporation|10/06/2019||10.1902.633.0|
|Correo y Calendario|Microsoft Corporation|11/07/2019||16005.11629.20316.0|
|Cuphead Deluxe Edition - ElAmigos versión 1.2|StudioMDHR|21/07/2019|3.91 GB|1.2|
|Cámara|Microsoft Corporation|10/06/2019||2019.425.30.0|
|El tiempo|Microsoft Corporation|22/07/2019||4.31.11905.0|
|Extensiones de contenido multimedia web|Microsoft Corporation|10/06/2019||1.0.13321.0|
|Fotos|Microsoft Corporation|11/07/2019||2019.19051.16210.0|
|Google Chrome|Google LLC|14/08/2019|439 MB|76.0.3809.100|
|Grabadora de voz|Microsoft Corporation|10/06/2019||10.1902.633.0|
|Groove Música|Microsoft Corporation|10/06/2019||10.19031.11411.0|
|Host de la experiencia de Store|Microsoft Corporation|29/07/2019||11906.1001.16.0|
|Instalador de aplicación|Microsoft Corporation|10/06/2019||1.0.31351.0|
|Lenovo OneKey Recovery|CyberLink Corp.|06/06/2019|21.1 MB|8.1.0.5708|
|Lenovo Settings|LENOVO INCORPORATED.|07/06/2019||3.177.0.0|
|Lenovo System Interface Foundation Driver|Lenovo|02/06/2019|13.3 MB|1.1.18.1|
|Lenovo Utility|Lenovo|10/06/2019|2.10 MB|3.0.0.17|
|Lenovo Vantage|LENOVO INC.|10/06/2019||4.27.32.0|
|Lenovo Yoga Mode Control|Lenovo|25/08/2017|1.75 MB|2.0.0.9|
|Malwarebytes versión 3.8.3.2965|Malwarebytes|14/08/2019|179 MB|3.8.3.2965|
|Mapas|Microsoft Corporation|10/06/2019||5.1902.843.0|
|March of Empires: War of Lords|Gameloft.|31/07/2019||4.2.0.9|
|Mathcad PDSi viewable support|Adobe Systems|06/06/2019|420 MB|9.0.0|
|Mensajes|Microsoft Corporation|10/06/2019||4.1901.10241.1000|
|Microsoft Office Profesional Plus 2019 - es-es|Microsoft Corporation|14/08/2019||16.0.11901.20176|
|Microsoft OneDrive|Microsoft Corporation|14/08/2019|133 MB|19.123.0624.0005|
|Microsoft Pay|Microsoft Corporation|07/06/2019||2.1.18009.0|
|Microsoft Solitaire Collection|Microsoft Studios|18/06/2019||4.4.6132.0|
|Microsoft Sticky Notes|Microsoft Corporation|29/07/2019||3.6.76.0|
|Microsoft Store|Microsoft Corporation|29/07/2019||11906.1001.18.0|
|Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219|Microsoft Corporation|28/05/2019|1.11 MB|10.0.40219|
|Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727|Microsoft Corporation|06/06/2019|20.4 MB|11.0.50727.1|
|Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727|Microsoft Corporation|06/06/2019|17.3 MB|11.0.50727.1|
|Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501|Microsoft Corporation|06/06/2019|20.5 MB|12.0.30501.0|
|Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501|Microsoft Corporation|06/06/2019|17.1 MB|12.0.30501.0|
|Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123|Microsoft Corporation|06/06/2019|23.4 MB|14.0.24123.0|
|Obtener ayuda|Microsoft Corporation|10/06/2019||10.1706.20381.0|
|OneKey Recovery|CyberLink Corp.|24/08/2017|21.1 MB|8.1.0.5708|
|OneNote|Microsoft Corporation|20/07/2019||16001.11901.20096.0|
|Paint 3D|Microsoft Corporation|10/06/2019||5.1904.8017.0|
|Paquete de experiencia local en español (España)|Microsoft Corporation|26/06/2019||17134.31.46.0|
|Películas y TV|Microsoft Corporation|10/06/2019||10.19031.11411.0|
|Planes de datos móviles|Microsoft Corporation|11/07/2019||5.1906.1791.0|
|Portal de cuenta de Lenovo|LENOVO INCORPORATED.|28/05/2019||2.0.37.0|
|Print 3D|Microsoft Corporation|10/06/2019||3.3.791.0|
|PTC Diagnostic Tools|PTC|02/06/2019|106 MB|5.0.0.0|
|SketchBook|Autodesk Inc.|05/06/2019||5.0.2.0|
|Skype|Skype|31/07/2019||14.50.38.0|
|Sugerencias|Microsoft Corporation|10/06/2019||6.15.12641.0|
|Update for Windows 10 for x64-based Systems (KB4023057)|Microsoft Corporation|21/06/2019|1.41 MB|2.59.0.0|
|Update for Windows 10 for x64-based Systems (KB4480730)|Microsoft Corporation|28/05/2019|680 kB|2.51.0.0|
|Visor 3D|Microsoft Corporation|10/06/2019||6.1903.4012.0|
|vJoy Device Driver 0.2.0.5|Shaul Eizikovich|21/07/2019|14.0 MB|0.2.0.5|
|Wii U USB GCN adapter version 3.2.1|Matt Cunningham|21/07/2019|13.4 MB|3.2.1|
|WinRAR 5.71 (64-bit)|win.rar GmbH|06/06/2019|7.38 MB|5.71.0|
|WinZip Universal|WinZip Computing|05/06/2019||1.5.13516.0|
|Xbox Game bar|Microsoft Corporation|29/07/2019||1.43.26001.0|
|Xbox Game Speech Window|Microsoft Corporation|10/06/2019||1.21.13002.0|
|Xbox gaming overlay|Microsoft Corporation|10/06/2019||1.16.1012.0|
|Xbox Identity Provider|Microsoft Corporation|11/07/2019||12.54.26001.0|
|Xbox Live|Microsoft Corporation|10/06/2019||1.24.10001.0|
Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\System.Windows.Forms.tlb"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\System.tlb"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\System.EnterpriseServices.tlb"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\System.Drawing.tlb"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorlib.tlb"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscoree.tlb"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\Microsoft.JScript.tlb"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\System.Windows.Forms.tlb"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\System.tlb"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\System.EnterpriseServices.tlb"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\System.Drawing.tlb"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorlib.tlb"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscoree.tlb"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\Microsoft.JScript.tlb"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\diasymreader.dll"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\iehost.dll"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\microsoft.jscript.dll"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\microsoft.vsa.vb.codedomprocessor.dll"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscordbi.dll"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorrc.dll"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorsec.dll"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\system.configuration.install.dll"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\system.data.dll"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\system.enterpriseservices.dll"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\vsavb7rt.dll"=dword:00001fff

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\wminet_utils.dll"=dword:00001fff

[HKEY_CLASSES_ROOT\.accdb]

[HKEY_CLASSES_ROOT\Access.UriLink.16]

[HKEY_CLASSES_ROOT\Licenses]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bak]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bak\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.idx]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.idx\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itc2]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itc2\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jps]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jps\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.json]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.json\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.map]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.map\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdb]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdb\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdb\OpenWithProgids]
"Access.MDBFile"=hex(0):

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pst]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pst\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pst\OpenWithProgids]
"Outlook.File.pst.15"=hex(0):

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vssettings]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vssettings\OpenWithList]

[HKEY_CLASSES_ROOT\AppX8cx80d6xxypgvfkxbyskbw66cy0t5v4z\DefaultIcon]
@="C:\\Program Files\\WindowsApps\\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8\\Assets\\RequiredImages\\Tile\\Tile.Square.30x30.png"

[HKEY_CLASSES_ROOT\AppXaf0097ws4bwb0wre67gmp7pc9fjr8en6\DefaultIcon]
@="C:\\Program Files\\WindowsApps\\Microsoft.Office.OneNote_16001.11901.20096.0_x64__8wekyb3d8bbwe\\images\\OneNoteLogo_150x150.png"

[HKEY_CLASSES_ROOT\AppXhxvgrwt9gsczeedvfbd6sjxs8vamrpnb\DefaultIcon]
@="C:\\Program Files\\WindowsApps\\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8\\Assets\\RequiredImages\\Tile\\Tile.Square.30x30.png"

[HKEY_CLASSES_ROOT\AppXj4qrs60k02d8kcd8ycgdx89mga9t57z3\DefaultIcon]
@="C:\\Program Files\\WindowsApps\\Microsoft.WindowsFeedbackHub_1.1811.10862.0_x64__8wekyb3d8bbwe\\images\\icon.png"

[HKEY_CLASSES_ROOT\AppXky1chvsj9fxe2sn6r33ydd04wsrgwt8s\DefaultIcon]
@="C:\\Program Files\\WindowsApps\\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8\\Assets\\RequiredImages\\Tile\\Tile.Square.30x30.png"

[HKEY_CLASSES_ROOT\AppXztymbw55c24qp3qfb1jac0r6a8w3rtfq\DefaultIcon]
@="C:\\Program Files\\WindowsApps\\Microsoft.Microsoft3DViewer_6.1903.4012.0_x64__8wekyb3d8bbwe\\Assets\\Images\\Tiles\\StoreLogo.png"

[HKEY_CLASSES_ROOT\PCBFile]

[HKEY_CLASSES_ROOT\PCBFile\shell]
@=""

[HKEY_CLASSES_ROOT\Word.Addin.8]

[HKEY_CLASSES_ROOT\Word.Addin.8\shell]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0002CE02-0000-0000-C000-000000000046}]

[HKEY_CLASSES_ROOT\CLSID\{0002CE02-0000-0000-C000-000000000046}\LocalServer32]
@="C:\\Program Files\\Microsoft Office\\Root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE"

[HKEY_CLASSES_ROOT\CLSID\{206FA6D0-A493-41FA-943D-3F655088F7B9}]
@="Perception Simulation Calibration Runtime"

[HKEY_CLASSES_ROOT\CLSID\{206FA6D0-A493-41FA-943D-3F655088F7B9}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{363BE3C0-DDD4-4B21-BC6D-7E9DF8CE19CB}]
@="Perception Simulation Hand Tracker Monitor"

[HKEY_CLASSES_ROOT\CLSID\{363BE3C0-DDD4-4B21-BC6D-7E9DF8CE19CB}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{3F052B8E-512B-419D-9E06-9B9ADDC7118C}]

[HKEY_CLASSES_ROOT\CLSID\{3F052B8E-512B-419D-9E06-9B9ADDC7118C}\InProcServer32]
@="C:\\Windows\\SysWOW64\\MapsCSP.dll"
"ThreadingModel"="Free"

[HKEY_CLASSES_ROOT\CLSID\{5EB699B3-9296-41BA-9258-DE70F03B7D6C}]
@="Perception Simulation Spatial Graph Monitor"

[HKEY_CLASSES_ROOT\CLSID\{5EB699B3-9296-41BA-9258-DE70F03B7D6C}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{8685C4A9-D0E4-444C-87A0-D9FB858235A7}]
@="Perception Simulation Surface Reconstruction Monitor"

[HKEY_CLASSES_ROOT\CLSID\{8685C4A9-D0E4-444C-87A0-D9FB858235A7}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{95BD18C1-D7FB-4BD3-839A-1C37C90131B1}]
@="Perception Simulation Spatial Graph Runtime"

[HKEY_CLASSES_ROOT\CLSID\{95BD18C1-D7FB-4BD3-839A-1C37C90131B1}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{994B3B2F-2880-4318-A583-15C38A01F571}]
@="Perception Simulation Hand Tracker Runtime"

[HKEY_CLASSES_ROOT\CLSID\{994B3B2F-2880-4318-A583-15C38A01F571}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{A020FAD9-D661-4857-AA43-E6A86FF1163E}]
@="Perception Simulation Calibration Monitor"

[HKEY_CLASSES_ROOT\CLSID\{A020FAD9-D661-4857-AA43-E6A86FF1163E}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{A82536D7-C8E6-4CEF-AA66-11E97EDDFC6D}]
@="Perception Simulation Surface Reconstruction Runtime"

[HKEY_CLASSES_ROOT\CLSID\{A82536D7-C8E6-4CEF-AA66-11E97EDDFC6D}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{CDAEB70C-E686-4299-93EB-7D63D77B7F63}]
@="Perception Simulation Head Tracker Runtime"

[HKEY_CLASSES_ROOT\CLSID\{CDAEB70C-E686-4299-93EB-7D63D77B7F63}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{D8E090A5-4149-467D-8103-BFB8F51E8BCB}]
@="Perception Simulation Head Tracker Monitor"

[HKEY_CLASSES_ROOT\CLSID\{D8E090A5-4149-467D-8103-BFB8F51E8BCB}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{FA6C507D-A9AF-4385-86C0-80115F0AE20B}]
@="Perception Simulation Secondary Head Tracker Runtime"

[HKEY_CLASSES_ROOT\CLSID\{FA6C507D-A9AF-4385-86C0-80115F0AE20B}\InProcServer32]
@="C:\\Windows\\SysWOW64\\PerceptionSimulationExtensions.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{021EC49D-F111-4894-BC14-4717AA395DB5}]

[HKEY_CLASSES_ROOT\CLSID\{021EC49D-F111-4894-BC14-4717AA395DB5}\LocalServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,72,00,65,00,6d,00,70,00,6c,00,5c,00,64,00,69,00,73,00,\
  6b,00,74,00,6f,00,61,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,63,00,6f,\
  00,6d,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00

[HKEY_CLASSES_ROOT\CLSID\{38B23829-BA4E-40FB-BC75-FAE304EB2041}]
@="Remove Hello Face FOD"

[HKEY_CLASSES_ROOT\CLSID\{38B23829-BA4E-40FB-BC75-FAE304EB2041}\InprocServer32]
@="C:\\Program Files\\rempl\\strgsnsaddons.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{38B23829-BA4E-40FB-BC75-FAE304EB2041}\ProgID]
@="Sediment.RmvHlFcRecFod.1"

[HKEY_CLASSES_ROOT\CLSID\{38B23829-BA4E-40FB-BC75-FAE304EB2041}\VersionIndependentProgID]
@="Sediment.RmvHlFcRecFod"

[HKEY_CLASSES_ROOT\CLSID\{6A5C0F4A-378F-4BFC-8D8F-EC8214C9E77E}]
@="Remove Mixed Reality FOD"

[HKEY_CLASSES_ROOT\CLSID\{6A5C0F4A-378F-4BFC-8D8F-EC8214C9E77E}\InprocServer32]
@="C:\\Program Files\\rempl\\strgsnsaddons.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{6A5C0F4A-378F-4BFC-8D8F-EC8214C9E77E}\ProgID]
@="Sediment.RmvMxrltyFod.1"

[HKEY_CLASSES_ROOT\CLSID\{6A5C0F4A-378F-4BFC-8D8F-EC8214C9E77E}\VersionIndependentProgID]
@="Sediment.RmvMxrltyFod"

[HKEY_CLASSES_ROOT\CLSID\{7E744FEF-A7B0-4F35-B0B9-8E359030CAD4}]
@="Clean Users Download Folder"

[HKEY_CLASSES_ROOT\CLSID\{7E744FEF-A7B0-4F35-B0B9-8E359030CAD4}\InprocServer32]
@="C:\\Program Files\\rempl\\strgsnsaddons.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{7E744FEF-A7B0-4F35-B0B9-8E359030CAD4}\ProgID]
@="Sediment.ClnUsrDwldFldr.1"

[HKEY_CLASSES_ROOT\CLSID\{7E744FEF-A7B0-4F35-B0B9-8E359030CAD4}\VersionIndependentProgID]
@="Sediment.ClnUsrDwldFldr"

[HKEY_CLASSES_ROOT\CLSID\{889C03C8-ABAD-4004-BF0A-BC7BB825E166}]
@="APO de efectos de detección de proxy de audio de Microsoft"

[HKEY_CLASSES_ROOT\CLSID\{889C03C8-ABAD-4004-BF0A-BC7BB825E166}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4d,00,73,00,\
  41,00,70,00,6f,00,46,00,78,00,50,00,72,00,6f,00,78,00,79,00,2e,00,64,00,6c,\
  00,6c,00,00,00
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{8A34A896-02DE-40DB-8905-53245391B697}]
@="Remove OneDrive files local copy"

[HKEY_CLASSES_ROOT\CLSID\{8A34A896-02DE-40DB-8905-53245391B697}\InprocServer32]
@="C:\\Program Files\\rempl\\strgsnsaddons.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{8A34A896-02DE-40DB-8905-53245391B697}\ProgID]
@="Sediment.RmODvFlLclCp.1"

[HKEY_CLASSES_ROOT\CLSID\{8A34A896-02DE-40DB-8905-53245391B697}\VersionIndependentProgID]
@="Sediment.RmODvFlLclCp"

[HKEY_CLASSES_ROOT\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}]

[HKEY_CLASSES_ROOT\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\LocalServer32]
@="C:\\ProgramData\\Lenovo\\ImController\\Plugins\\LenovoAppPromotionPlugin\\x64\\DesktopToastsHelper.exe"

[HKEY_CLASSES_ROOT\CLSID\{F213F55D-27C2-4FD0-97EF-2F8DC8092AF0}]
@="Compress System Drive"

[HKEY_CLASSES_ROOT\CLSID\{F213F55D-27C2-4FD0-97EF-2F8DC8092AF0}\InprocServer32]
@="C:\\Program Files\\rempl\\strgsnsaddons.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{F213F55D-27C2-4FD0-97EF-2F8DC8092AF0}\ProgID]
@="Sediment.CmprsSysDrv.1"

[HKEY_CLASSES_ROOT\CLSID\{F213F55D-27C2-4FD0-97EF-2F8DC8092AF0}\VersionIndependentProgID]
@="Sediment.CmprsSysDrv"

[HKEY_CLASSES_ROOT\CLSID\{FFF1A07D-1624-4044-9C4C-C4972AA5A96D}]
@="Clean up system restore point add on"

[HKEY_CLASSES_ROOT\CLSID\{FFF1A07D-1624-4044-9C4C-C4972AA5A96D}\InprocServer32]
@="C:\\Program Files\\rempl\\strgsnsaddons.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{FFF1A07D-1624-4044-9C4C-C4972AA5A96D}\ProgID]
@="Sediment.Clnupsysres.1"

[HKEY_CLASSES_ROOT\CLSID\{FFF1A07D-1624-4044-9C4C-C4972AA5A96D}\VersionIndependentProgID]
@="Sediment.Clnupsysres"

[HKEY_CLASSES_ROOT\Applications\provtool.exe\shell\open]

[HKEY_CLASSES_ROOT\Applications\provtool.exe\shell\open\command]
@=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
  00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,70,00,\
  72,00,6f,00,76,00,74,00,6f,00,6f,00,6c,00,2e,00,65,00,78,00,65,00,22,00,20,\
  00,22,00,25,00,31,00,22,00,20,00,2f,00,73,00,6f,00,75,00,72,00,63,00,65,00,\
  20,00,53,00,68,00,65,00,6c,00,6c,00,4f,00,70,00,65,00,6e,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\\Program Files (x86)\\Microsoft Games\\Zoo Tycoon\\zoo.exe"="$ DWM8And16BitMitigation"

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\\Program Files (x86)\\Microsoft Games\\Zoo Tycoon\\zoo.exe"="DWM8And16BitMitigation"

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313\\FileSyncConfig.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,78,7c,03,00,37,65,\
  04,00,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,e6,3f,48,6b,2a,a0,d2,\
  01,00,00,00,01,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\VulkanRT\\1.0.37.0\\UninstallVulkanRT.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,20,4b,06,00,ad,0b,\
  07,00,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,e6,3f,48,6b,2a,a0,d2,\
  01,00,00,00,00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,40,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,7f,bd,01,00,00,00,00,00,01,\
  00,00,00,01,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\AppData\\Local\\Host App Service\\Engine\\HostAppService.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,a0,4f,76,00,8e,80,\
  76,00,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,e6,3f,48,6b,2a,a0,d2,\
  01,00,00,00,00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,16,89,00,00,00,00,00,00,01,\
  00,00,00,01,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\AppData\\Local\\Host App Service\\Uninstall.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,68,17,1a,00,38,70,\
  1a,00,03,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,e6,3f,48,6b,2a,a0,d2,\
  01,00,00,00,00,00,00,00,00,05,00,00,00,10,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,9f,87,00,00,00,00,00,00,01,00,\
  00,00,01,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\TempState\\Downloads\\ChromeSetup.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,38,92,11,00,d8,cf,\
  11,00,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,e6,3f,48,6b,2a,a0,d2,\
  01,00,00,00,80,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0e,e2,01,00,00,00,00,00,01,\
  00,00,00,01,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\AppData\\Local\\Temp\\Temp1_PcWonderland.com_PTC.Mathcad.Prime.5.0.0.0.x64.zip\\PcWonderland.com_PTC.Mathcad.Prime.5.0.0.0.x64\\Setup\\install\\addon\\qualityagent_64.msi"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,00,02,01,00,13,d4,\
  01,00,01,00,00,00,00,00,00,00,00,00,01,05,00,10,00,00,e7,8e,16,3c,2a,a0,d2,\
  01,00,00,00,00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,54,3a,01,00,00,00,00,00,01,\
  00,00,00,01,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\Downloads\\winrar-x64-571es.exe"=hex:53,41,43,50,01,00,\
  00,00,00,00,00,00,07,00,00,00,28,00,00,00,58,4f,31,00,5b,0a,32,00,01,00,00,\
  00,00,00,00,00,00,00,00,0a,00,21,00,00,e7,8e,16,3c,2a,a0,d2,01,00,00,00,00,\
  00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,40,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,35,55,00,00,00,00,00,00,01,00,00,00,01,00,\
  00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\Downloads\\Programa\\Programa\\Setup\\setup.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,d8,48,06,00,ec,ed,\
  06,00,01,00,00,00,00,00,00,00,00,00,01,06,00,01,00,00,e6,3f,48,6b,2a,a0,d2,\
  01,00,00,00,00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,40,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e5,6d,12,00,00,00,00,00,02,\
  00,00,00,02,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\Downloads\\Programa\\Programa\\Setup\\install\\addon\\qualityagent_64.msi"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,00,02,01,00,13,d4,\
  01,00,01,00,00,00,00,00,00,00,00,00,01,05,00,10,00,00,e7,8e,16,3c,2a,a0,d2,\
  01,00,00,00,00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fb,41,00,00,00,00,00,00,01,\
  00,00,00,01,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\AppData\\Local\\Microsoft\\OneDrive\\19.070.0410.0005\\FileSyncConfig.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,60,bc,04,00,2a,69,\
  05,00,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,e6,3f,48,6b,2a,a0,d2,\
  01,00,00,00,01,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\EXCEL.EXE"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,d0,63,9d,02,00,14,\
  9e,02,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,e6,3f,48,6b,2a,a0,d2,\
  01,00,00,00,01,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\Downloads\\msxmlspa.msi"=hex:53,41,43,50,01,00,00,00,00,\
  00,00,00,07,00,00,00,28,00,00,00,00,02,01,00,13,d4,01,00,01,00,00,00,00,00,\
  00,00,00,00,01,05,00,10,00,00,e7,8e,16,3c,2a,a0,d2,01,00,00,00,00,00,00,00,\
  00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,d6,df,23,00,00,00,00,00,01,00,00,00,01,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\Desktop\\PTC.LICENSE.WINDOWS.2018-08-18-SSQ\\FillLicense.bat"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,00,26,04,00,17,c9,\
  04,00,01,00,00,00,00,00,00,00,00,00,01,05,00,10,00,00,e7,8e,16,3c,2a,a0,d2,\
  01,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files\\PTC\\Mathcad Prime 5.0.0.0\\MathcadPrime.exe"=hex:53,41,\
  43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,00,4c,05,00,f1,53,05,\
  00,01,00,00,00,00,00,00,00,00,00,00,0a,f3,22,00,00,bf,a2,13,9d,ed,d1,d3,01,\
  00,00,00,00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,26,e6,f1,22,00,00,00,00,10,00,\
  00,00,10,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\AppData\\Local\\Microsoft\\OneDrive\\19.070.0410.0007\\FileSyncConfig.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,60,bc,04,00,10,0c,\
  05,00,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,e6,3f,48,6b,2a,a0,d2,\
  01,00,00,00,01,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\POWERPNT.EXE"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,f0,15,1d,00,e3,28,\
  1d,00,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,e6,3f,48,6b,2a,a0,d2,\
  01,00,00,00,01,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\Downloads\\auto 10\\KMSAuto Net.exe"=hex:53,41,43,50,01,\
  00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,80,aa,89,00,3e,38,8a,00,01,00,\
  00,00,00,00,00,00,00,00,00,0a,f5,22,00,00,e6,3f,48,6b,2a,a0,d2,01,00,00,00,\
  00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,40,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,1b,19,16,00,00,00,00,00,02,00,00,00,02,\
  00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\Downloads\\Activador\\KMSAC1.4.2\\KMSAuto Net.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,80,aa,89,00,3e,38,\
  8a,00,01,00,00,00,00,00,00,00,00,00,00,0a,75,22,00,00,bf,a2,13,9d,ed,d1,d3,\
  01,00,00,00,00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,40,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,11,47,02,00,00,00,00,00,02,\
  00,00,00,02,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\OneDriveSetup.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,38,c7,f9,01,da,35,\
  fa,01,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,bf,a2,13,9d,ed,d1,d3,\
  01,00,00,00,01,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\AppData\\Local\\Microsoft\\OneDrive\\19.086.0502.0006\\FileSyncConfig.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,38,c9,04,00,21,88,\
  05,00,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,bf,a2,13,9d,ed,d1,d3,\
  01,00,00,00,01,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files\\WindowsApps\\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\\SkypeBridge\\SkypeBridge.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,00,ea,08,00,00,00,\
  00,00,01,00,00,00,00,00,00,00,00,00,00,0a,73,20,00,00,bf,a2,13,9d,ed,d1,d3,\
  01,00,00,00,00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,10,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5a,f6,b7,05,00,00,00,00,05,\
  00,00,00,05,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\WINWORD.EXE"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,c8,3b,1e,00,58,1e,\
  1f,00,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,bf,a2,13,9d,ed,d1,d3,\
  01,00,00,00,01,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\Downloads\\Office 2019\\Office 2013-2019 C2R Install v6.4.4\\OInstall.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,58,95,97,00,74,8b,\
  98,00,01,00,00,00,00,00,00,00,00,00,00,0a,71,22,00,00,bf,a2,13,9d,ed,d1,d3,\
  01,00,00,00,00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,40,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,29,a1,26,00,00,00,00,00,01,\
  00,00,00,01,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\Downloads\\mb3-setup-consumer-3.7.1.2839-1.0.586-1.0.11154.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,98,da,d0,03,16,5c,\
  d1,03,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,bf,a2,13,9d,ed,d1,d3,\
  01,00,00,00,00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,83,cf,07,00,00,00,00,00,01,\
  00,00,00,01,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Microsoft Games\\Zoo Tycoon\\zoo.exe"=hex:53,41,43,\
  50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,87,3c,25,00,6c,a9,25,00,\
  01,00,00,00,00,00,00,00,00,00,01,05,71,20,00,00,bf,a2,13,9d,ed,d1,d3,01,00,\
  00,00,00,00,00,00,00,02,00,00,00,28,00,00,00,00,00,00,00,00,00,00,10,00,00,\
  00,40,00,00,00,00,00,00,00,00,00,00,00,00,45,ab,0d,00,00,00,00,00,01,00,00,\
  00,01,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\RS1399\\AppData\\Local\\Microsoft\\OneDrive\\19.103.0527.0003\\FileSyncConfig.exe"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,78,d4,04,00,9b,c1,\
  05,00,01,00,00,00,00,00,00,00,00,00,00,0a,00,21,00,00,bf,a2,13,9d,ed,d1,d3,\
  01,00,00,00,01,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Microsoft Games\\Zoo Tycoon\\UNINSTAL.EXE"=hex:53,\
  41,43,50,01,00,00,00,00,00,00,00,07,00,00,00,28,00,00,00,61,30,08,00,00,00,\
  00,00,01,00,00,00,00,00,00,00,00,00,01,05,71,20,00,00,bf,a2,13,9d,ed,d1,d3,\
  01,00,00,00,00,00,00,00,00,01,00,00,00,04,00,00,00,01,00,00,00,02,00,00,00,\
  28,00,00,00,00,00,00,00,80,08,00,50,00,00,20,00,00,00,00,00,00,00,20,00,00,\
  00,00,00,14,7e,01,00,00,00,00,00,02,00,00,00,02,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Installer\\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Installer\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Lenovo\\OneKey App\\OneKey Recovery\\WSVD\\7_X64\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Lenovo\\OneKey App\\OneKey Recovery\\WSVD\\8_X64\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Lenovo\\OneKey App\\OneKey Recovery\\WSVD\\Vista_X64\\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CyberLink]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\PTC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-P2PHost-In-TCP"="v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32003|[email protected],-32006|[email protected],-32002|Edge=TRUE|Defer=App|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-P2PHost-Out-TCP"="v2.28|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32007|[email protected],-32010|[email protected],-32002|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-P2PHost-WSD-In-UDP"="v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32011|[email protected],-32014|[email protected],-32002|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Collab-P2PHost-WSD-Out-UDP"="v2.28|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|[email protected],-32015|[email protected],-32018|[email protected],-32002|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-In-TCP"="v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30761|[email protected],-30764|[email protected],-30752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-Out-TCP"="v2.28|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30765|[email protected],-30768|[email protected],-30752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-In-UDP"="v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=50009|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected]dll,-30801|[email protected],-30804|[email protected],-30752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-Out-UDP"="v2.28|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\ehome\\ehshell.exe|[email protected],-30805|[email protected],-30808|[email protected],-30752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-Prov-Out-TCP"="v2.28|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\ehome\\mcx2prov.exe|[email protected],-30812|[email protected],-30813|[email protected],-30752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"MCX-McrMgr-Out-TCP"="v2.28|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\ehome\\mcrmgr.exe|[email protected],-30818|[email protected],-30819|[email protected],-30752|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sedsvc]
"DisplayName"="Windows Remediation Service"
"Description"="Remediates Windows Update Components"
"FailureActions"=hex:00,00,00,00,01,00,00,00,01,00,00,00,03,00,00,00,14,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00
"DelayedAutostart"=dword:00000001
"Type"=dword:00000010
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
  00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,72,00,65,00,6d,00,70,00,\
  6c,00,5c,00,73,00,65,00,64,00,73,00,76,00,63,00,2e,00,65,00,78,00,65,00,22,\
  00,00,00
"DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,00,00,00,00
"ObjectName"="LocalSystem"
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2019
Ran by Alex Rm (administrator) on DESKTOP-JNB7THA (LENOVO 80S9) (14-08-2019 15:49:54)
Running from C:\Users\RS1399\Desktop
Loaded Profiles: Alex Rm (Available Profiles: Alex Rm)
Platform: Windows 10 Home Single Language Version 1803 17134.885 (X64) Language: Español (España, internacional)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\YMC\ymc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\RS1399\Desktop\adwcleaner_7.4.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\RS1399\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16776704 2016-12-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2016-12-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2016-12-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKU\S-1-5-21-863497707-3813972252-4002891903-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22691064 2019-06-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-14] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18F41DC5-FD21-42E6-A276-23CBE5D5531C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {271AD444-1560-419A-B908-617EEB54DA6D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6450840 2019-08-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {3974022C-0560-48D9-9427-237C3F1D99C5} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [154072 2019-08-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {537AE6D1-34D9-4CA8-8C59-6245EC37C012} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-28] (Google Inc -> Google LLC)
Task: {6BF407D3-3725-4F03-BD9D-A4F9AABD597A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [154072 2019-08-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {74E3BB48-DE82-43CE-A093-132AC035E22B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2206352 2019-08-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {771D1DF0-3C40-4B4B-B974-B2D69D66DFD0} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-02-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {8162D64A-B057-47E9-A43D-E4806A124835} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16664352 2019-06-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8223B6CA-CEBB-4DC5-93E5-7D8C759669C8} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {9AF7412F-3814-4936-B58F-09DC766BC4D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A1270082-ACDF-455E-AF00-81130497561B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6450840 2019-08-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {B1D86935-B72F-44A2-914F-41F44E90773F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2206352 2019-08-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {C4248186-34A0-4E36-987D-B4A824E9A1D7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C6E48418-05F2-45DC-B52E-D0792064B6FA} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {CBF3ED7D-81F0-4577-85F9-38F57BE81DA1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {CD636848-1173-4A64-A82C-FC623C436E9B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-29] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D69F1F5F-6BE9-425E-8620-451D804B7FF1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-06-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DD2A2292-5BC9-426C-A1CA-EEB0A3F6CBFB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {E9F3587F-1602-46FE-BD56-56EDBDD4A4DB} - \Lenovo\ImController\TimeBasedEvents\9889368f-e0c7-4a6a-aebb-d2533f7e4a7d -> No File <==== ATTENTION
Task: {FD6C0A11-A3EE-4DD3-86F8-1353A44AB21B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-28] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 148.226.223.6 148.226.223.5
Tcpip\..\Interfaces\{ac721230-4da5-4c5e-b94f-5097b9809ff7}: [DhcpNameServer] 148.226.223.6 148.226.223.5
Tcpip\..\Interfaces\{cbf5ffb1-6539-4fb1-aa9c-5c36fcd66925}: [DhcpNameServer] 169.254.54.64

Internet Explorer:
==================
HKU\S-1-5-21-863497707-3813972252-4002891903-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-863497707-3813972252-4002891903-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-863497707-3813972252-4002891903-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-863497707-3813972252-4002891903-1001 -> DefaultScope {A4F5D26E-D907-47EC-847C-8DA872A1E53D} URL = 
SearchScopes: HKU\S-1-5-21-863497707-3813972252-4002891903-1001 -> {A4F5D26E-D907-47EC-847C-8DA872A1E53D} URL = 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-06-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-08-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-08-14] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-06-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-28] (Google Inc -> Google LLC)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\RS1399\AppData\Local\Google\Chrome\User Data\Default [2019-08-14]
CHR Extension: (Presentaciones) - C:\Users\RS1399\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-28]
CHR Extension: (Documentos) - C:\Users\RS1399\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-28]
CHR Extension: (Google Drive) - C:\Users\RS1399\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-28]
CHR Extension: (YouTube) - C:\Users\RS1399\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-28]
CHR Extension: (Hojas de cálculo) - C:\Users\RS1399\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-28]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\RS1399\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-05-29]
CHR Extension: (AdBlock) - C:\Users\RS1399\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-08-14]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\RS1399\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-28]
CHR Extension: (Gmail) - C:\Users\RS1399\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-28]
CHR Extension: (Chrome Media Router) - C:\Users\RS1399\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [307624 2017-03-02] (Advanced Micro Devices, Inc. -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [134872 2017-07-06] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [61768 2017-01-23] (Lenovo -> Lenovo Group Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [51208 2017-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ymc; C:\Program Files\Lenovo\YMC\ymc.exe [49032 2016-12-23] (LENOVO -> Lenovo)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34704 2016-08-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [54160 2016-09-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [100744 2017-01-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0311693.inf_amd64_4467bbf6f1c735a7\atikmdag.sys [32710056 2017-03-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0311693.inf_amd64_4467bbf6f1c735a7\atikmpag.sys [533928 2017-03-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [255368 2017-01-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32336 2016-11-10] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-14] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-14] (Malwarebytes Corporation -> Malwarebytes)
R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2407344 2017-01-17] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2016-08-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek Semiconductor Corp. -> Realtek )
R3 SNP2UVCW10; C:\WINDOWS\system32\DRIVERS\snp2uvcW10.sys [1706600 2016-08-15] (Sonix Technology CO., LTD -> )
R3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [44784 2015-05-05] (Shaul Eizikovich -> Shaul Eizikovich)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-29] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-29] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-14 15:49 - 2019-08-14 15:51 - 000021543 _____ C:\Users\RS1399\Desktop\FRST.txt
2019-08-14 15:49 - 2019-08-14 15:49 - 000000000 ____D C:\FRST
2019-08-14 15:43 - 2019-08-14 15:43 - 000001584 _____ C:\Users\RS1399\Desktop\AdwCleaner[C00].txt
2019-08-14 15:38 - 2019-08-14 15:38 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-14 15:38 - 2019-08-14 15:38 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-08-14 15:38 - 2019-08-14 15:38 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-08-14 15:38 - 2019-08-14 15:38 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-08-14 15:33 - 2019-08-14 15:36 - 000000000 ____D C:\AdwCleaner
2019-08-14 15:30 - 2019-08-14 15:30 - 000001551 _____ C:\Users\RS1399\Desktop\Resumen Malwarebytes.txt
2019-08-14 15:24 - 2019-08-14 15:24 - 000000000 ___HD C:\OneDriveTemp
2019-08-14 13:19 - 2019-08-14 13:19 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-08-14 13:18 - 2019-08-14 13:18 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-14 13:18 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-08-14 13:17 - 2019-08-14 13:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-14 13:17 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-08-14 13:07 - 2019-08-14 13:07 - 000073458 _____ C:\Users\RS1399\Desktop\Registro de limpieza de CCleaner 2.txt
2019-08-14 13:06 - 2019-08-14 13:06 - 000073458 _____ C:\Users\RS1399\Desktop\cc_20190814_130559.reg
2019-08-14 12:59 - 2019-08-14 12:59 - 000009940 _____ C:\Users\RS1399\Desktop\Registro de limpieza de CCleaner.txt
2019-08-14 12:54 - 2019-08-14 12:54 - 000002892 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-08-14 12:53 - 2019-08-14 15:47 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-08-14 12:53 - 2019-08-14 15:38 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
2019-08-14 12:53 - 2019-08-14 12:54 - 000000000 ____D C:\Program Files\CCleaner
2019-08-14 12:53 - 2019-08-14 12:53 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-08-14 12:53 - 2019-08-14 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-08-14 12:46 - 2019-08-14 12:46 - 001612800 _____ (Farbar) C:\Users\RS1399\Desktop\FRST64.exe
2019-08-14 12:41 - 2019-08-14 12:41 - 007623880 _____ (Malwarebytes) C:\Users\RS1399\Desktop\adwcleaner_7.4.exe
2019-08-14 12:38 - 2019-08-14 12:39 - 064988640 _____ (Malwarebytes ) C:\Users\RS1399\Desktop\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11983.exe
2019-08-14 12:35 - 2019-08-14 12:35 - 020638704 _____ (Piriform Software Ltd) C:\Users\RS1399\Desktop\ccsetup558.exe
2019-07-23 14:21 - 2019-07-23 14:21 - 000000000 ____D C:\Users\RS1399\usb_driver
2019-07-23 14:20 - 2019-07-23 14:20 - 005158456 _____ (akeo.ie) C:\Users\RS1399\Downloads\zadig-2.4.exe
2019-07-21 20:45 - 2019-07-21 20:45 - 000000000 ____D C:\Users\RS1399\AppData\Roaming\Cuphead
2019-07-21 20:44 - 2019-07-21 20:44 - 000000000 ____D C:\Users\RS1399\AppData\LocalLow\Studio MDHR
2019-07-21 20:44 - 2019-07-21 20:44 - 000000000 ____D C:\Users\Public\Documents\Steam
2019-07-21 20:01 - 2019-07-21 20:01 - 000000744 _____ C:\Users\Public\Desktop\Cuphead.lnk
2019-07-21 20:01 - 2019-07-21 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cuphead
2019-07-21 19:58 - 2019-07-21 19:58 - 000000000 ____D C:\Games
2019-07-21 19:55 - 2019-07-21 19:55 - 000000000 ____D C:\Users\RS1399\AppData\Local\Matt_Cunningham
2019-07-21 19:44 - 2019-07-21 19:44 - 000000000 ____D C:\Users\RS1399\Documents\Dolphin Emulator
2019-07-21 19:32 - 2019-07-21 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vJoy
2019-07-21 19:32 - 2019-07-21 19:32 - 000000000 ____D C:\Program Files\vJoy
2019-07-21 19:32 - 2015-05-05 08:40 - 000044784 _____ (Shaul Eizikovich) C:\WINDOWS\system32\Drivers\vjoy.sys
2019-07-21 19:32 - 2015-05-05 08:40 - 000017648 _____ (Windows (R) Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\hidkmdf.sys
2019-07-21 19:30 - 2019-07-23 14:21 - 000000282 __RSH C:\ProgramData\ntuser.pol
2019-07-21 19:30 - 2019-07-21 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wii U USB GCN adapter
2019-07-21 19:30 - 2019-07-21 19:32 - 000000000 ____D C:\Program Files (x86)\GCNadapter
2019-07-21 19:30 - 2019-07-21 19:30 - 001795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2019-07-21 19:30 - 2019-07-21 19:30 - 001002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2019-07-21 19:24 - 2019-07-21 19:24 - 000000000 ____D C:\Users\RS1399\Documents\Cuphead Deluxe Edition v1.2 ElAmigos

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-14 15:50 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-14 15:38 - 2019-06-06 23:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-14 15:37 - 2018-04-11 16:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-08-14 15:37 - 2017-08-24 22:47 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2019-08-14 15:36 - 2019-06-06 23:22 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2019-08-14 15:36 - 2018-08-11 23:53 - 000000000 ____D C:\Users\RS1399\AppData\Local\Lenovo
2019-08-14 15:36 - 2017-08-24 23:00 - 000000000 ____D C:\Program Files (x86)\Lenovo
2019-08-14 15:36 - 2017-08-24 22:26 - 000000000 ____D C:\Program Files\Lenovo
2019-08-14 15:36 - 2017-08-24 22:13 - 000000000 ____D C:\ProgramData\Lenovo
2019-08-14 15:24 - 2018-02-16 18:13 - 000000000 ___RD C:\Users\RS1399\OneDrive
2019-08-14 14:02 - 2019-06-03 10:46 - 000000000 ____D C:\Users\RS1399\Documents\Ingenieria
2019-08-14 13:59 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-14 13:18 - 2018-04-11 18:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-08-14 13:17 - 2019-06-20 16:39 - 000000000 ____D C:\Program Files\Malwarebytes
2019-08-14 13:15 - 2019-06-20 16:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-14 13:13 - 2019-06-06 23:02 - 000405504 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-14 12:56 - 2019-06-03 11:23 - 000000000 ___DC C:\WINDOWS\Panther
2019-08-14 12:56 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-08-14 12:56 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-08-14 12:56 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-08-14 12:53 - 2019-06-18 13:10 - 000000000 ____D C:\Program Files\Microsoft Office
2019-08-14 12:37 - 2019-05-28 00:14 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-14 12:37 - 2019-05-28 00:14 - 000002265 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-08-14 12:21 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-14 12:18 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-14 12:16 - 2019-06-06 23:22 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-863497707-3813972252-4002891903-1001
2019-08-14 12:16 - 2019-06-06 23:08 - 000002407 _____ C:\Users\RS1399\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-13 15:30 - 2019-06-10 16:27 - 000004220 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{433B43EA-85CD-4671-B383-ECD2045957A4}
2019-07-29 18:31 - 2018-02-16 18:09 - 000000000 ____D C:\Users\RS1399\AppData\Local\Packages
2019-07-29 18:26 - 2019-05-28 19:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-29 16:10 - 2019-06-06 23:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-23 17:19 - 2019-06-06 23:08 - 000000000 ____D C:\Users\RS1399
2019-07-23 15:37 - 2018-02-16 18:09 - 000000000 ____D C:\Users\RS1399\AppData\Local\AMD
2019-07-21 19:46 - 2019-06-06 23:20 - 001768608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-21 19:46 - 2018-04-12 11:18 - 000787744 _____ C:\WINDOWS\system32\perfh00A.dat
2019-07-21 19:46 - 2018-04-12 11:18 - 000155340 _____ C:\WINDOWS\system32\perfc00A.dat
2019-07-21 19:30 - 2017-03-18 16:03 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2019-07-21 19:25 - 2019-07-05 08:52 - 000000000 ____D C:\Users\RS1399\Documents\MONSE

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by Alex Rm (14-08-2019 15:53:17)
Running from C:\Users\RS1399\Desktop
Windows 10 Home Single Language Version 1803 17134.885 (X64) (2019-06-07 04:24:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-863497707-3813972252-4002891903-500 - Administrator - Disabled)
Alex Rm (S-1-5-21-863497707-3813972252-4002891903-1001 - Administrator - Enabled) => C:\Users\RS1399
DefaultAccount (S-1-5-21-863497707-3813972252-4002891903-503 - Limited - Disabled)
Invitado (S-1-5-21-863497707-3813972252-4002891903-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-863497707-3813972252-4002891903-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Analizador y SDK de MSXML 4.0 SP2 (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Audio By Harman (HKLM\...\{F2DA805F-3FBD-4A4E-970F-5EE7027107EB}) (Version: 1.4.0.0 - Harman, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{F00A12D0-2F38-8F82-BCCE-BE11FAEB53DB}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{3CFC9ECD-600A-BE9E-1B7D-8B47AC972A79}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{BF2E5916-7C1E-D699-C410-1B853EE5FEF7}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A9205043-EBD3-48C6-83B3-D99F511F8062}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{A795FE9F-54F0-7768-CE46-3B5E7C8DD558}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{9ACDCA5A-37EA-A0C5-EBFA-CC8D4AFDBD14}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{5EE5B213-E89B-8985-3B77-47FE9C374D05}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{FA36129A-FD3C-6EC1-0059-8E9E9554DDE0}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AEE95DAC-922F-CFD2-635F-589E42E208C1}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{F7FBDCDE-0CEF-855C-8BCB-7719C0C0F0A1}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{916D4ABF-B38B-DE61-8C77-8D1257DD4F0E}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{EAE08C99-8FA4-873E-19B2-5A6CE37FDA6B}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{4FF4D007-9792-9CBA-D519-0286C663CA63}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{763419CC-AA80-DC75-A9DD-75CB1AB99B20}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{8A801B97-8A84-CDAE-6C34-331FBE45D0BC}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6BE50FA8-19E5-BEE8-3FF0-F51802201CAA}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{5A6F1854-0D85-8C8B-E241-DB18F866A7B3}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{0116E76D-1568-29A1-6E79-B5D55A4BBD46}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{6FC4EFEF-5AC9-8F4F-8C8A-429054A9FF1E}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{C2BE91D2-5E28-B515-65C2-9C126547000E}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{12176A4D-8169-D264-6AB3-95ABC6297E43}) (Version: 2017.0214.1432.26131 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.58 - Piriform)
Cuphead Deluxe Edition - ElAmigos versión 1.2 (HKLM-x32\...\{769FAE74-94DA-476F-8C88-300E6E932232}_is1) (Version: 1.2 - StudioMDHR)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.9 - Lenovo)
Malwarebytes versión 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Mathcad PDSi viewable support (HKLM-x32\...\{AC76D478-1033-0000-3478-000000000004}) (Version: 9.0.0 - Adobe Systems) Hidden
Mathcad PDSi viewable support (HKLM-x32\...\Mathcad PDSi viewable support) (Version: 9.0.0 - Adobe Systems)
Microsoft Office Profesional Plus 2019 - es-es (HKLM\...\ProPlus2019Retail - es-es) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-863497707-3813972252-4002891903-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
PTC Diagnostic Tools (HKLM\...\{7FF72FA4-BC28-46BA-B8D7-D9940E02801A}) (Version: 5.0.0.0 - PTC)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{2E8B8BDD-03DF-4C1C-8C99-E6A4BCBF43CE}) (Version: 2.51.0.0 - Microsoft Corporation)
vJoy Device Driver 0.2.0.5 (HKLM\...\{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 0.2.0.5 - Shaul Eizikovich)
Wii U USB GCN adapter version 3.2.1 (HKLM-x32\...\{B3898604-95BA-4EBA-A8D7-C4C2BDC2712A}_is1) (Version: 3.2.1 - Matt Cunningham)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-06-05] (Autodesk Inc.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.143.600.0_x86__kgqvnymyfvs32 [2019-07-10] (king.com)
Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-10] (Microsoft Corporation) [MS Ad]
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2019-05-28] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-06-10] (LENOVO INC.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.2.0.9_x86__h6adky7gbf63m [2019-07-31] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-06-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-06-05] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-18] (Microsoft Studios) [MS Ad]
MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
Portal de cuenta de Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2019-05-28] (LENOVO INCORPORATED.)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2019-06-05] (WinZip Computing)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat Elements\ContextMenu64.dll [2008-10-06] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-02-14] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat Elements\ContextMenu64.dll [2008-10-06] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-09-14 02:18 - 2016-09-14 02:18 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 02:18 - 2016-09-14 02:18 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-14 02:19 - 2016-09-14 02:19 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-14 02:18 - 2016-09-14 02:18 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-14 02:18 - 2016-09-14 02:18 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-14 02:18 - 2016-09-14 02:18 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-14 02:18 - 2016-09-14 02:18 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-14 02:18 - 2016-09-14 02:18 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-14 02:18 - 2016-09-14 02:18 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-14 02:18 - 2016-09-14 02:18 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-14 02:18 - 2016-09-14 02:18 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-14 02:18 - 2016-09-14 02:18 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-14 02:18 - 2016-09-14 02:18 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 16:03 - 2017-03-18 16:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-863497707-3813972252-4002891903-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\RS1399\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{423a8356-4ff5-4de6-9633-b09909e11ec6}.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C48BF34B-BCC2-48FC-8441-E38CD6C143DF}] => (Allow) LPort=1688
FirewallRules: [{F35DA341-7B98-4DF7-9082-7DCACBD80EDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

03-07-2019 11:47:30 Punto de control programado
10-07-2019 21:07:56 Windows Update
24-07-2019 15:56:41 Removed PTC Mathcad Prime 5.0.0.0

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2019 03:36:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina QueryFullProcessImageNameW. HR = 0x80070006, Controlador no válido.
.


Operación:
   Ejecutando operación asincrónica

Contexto:
   Estado actual: DoSnapshotSet

Error: (08/13/2019 03:34:21 PM) (Source: COM) (EventID: 10031) (User: )
Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {41FD88F7-F295-4D39-91AC-A85F3149A05B}

Error: (08/13/2019 03:34:21 PM) (Source: COM) (EventID: 10031) (User: )
Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {95CABCC9-BC57-4C12-B8DF-BA193232AA01}

Error: (08/13/2019 03:27:40 PM) (Source: COM) (EventID: 10031) (User: )
Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {41FD88F7-F295-4D39-91AC-A85F3149A05B}

Error: (08/13/2019 03:27:40 PM) (Source: COM) (EventID: 10031) (User: )
Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {95CABCC9-BC57-4C12-B8DF-BA193232AA01}

Error: (08/13/2019 03:26:36 PM) (Source: COM) (EventID: 10031) (User: )
Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {41FD88F7-F295-4D39-91AC-A85F3149A05B}

Error: (08/13/2019 03:26:36 PM) (Source: COM) (EventID: 10031) (User: )
Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {95CABCC9-BC57-4C12-B8DF-BA193232AA01}

Error: (08/13/2019 03:25:59 PM) (Source: COM) (EventID: 10031) (User: )
Description: Se realizó una comprobación de directiva de anulación de serialización al anular la serialización de un objeto con serialización personalizada; se rechazó la clase {41FD88F7-F295-4D39-91AC-A85F3149A05B}


System errors:
=============
Error: (08/14/2019 03:40:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (08/14/2019 03:40:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (08/14/2019 03:39:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario NT AUTHORITY\SERVICIO LOCAL con SID (S-1-5-19) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.

Error: (08/14/2019 03:36:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio System Interface Foundation Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 20 milisegundos: Reiniciar el servicio.

Error: (08/14/2019 03:36:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio Hacer clic y ejecutar de Microsoft Office terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.

Error: (08/14/2019 03:36:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio ymc se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (08/14/2019 03:36:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio AtherosSvc se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (08/14/2019 03:36:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Elan Service se terminó de manera inesperada. Esto ha sucedido 1 veces.


Windows Defender:
===================================
Date: 2019-08-14 15:52:32.671
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nombre: HackTool:Win32/AutoKMS
Id.: 2147685180
Gravedad: Alta
Categoría: Herramienta
Ruta de acceso: file:_C:\Windows\System32\SppExtComObjHook.dll
Origen de detección: Equipo local
Tipo de detección: Concreto
Fuente de detección: Protección en tiempo real
Usuario: DESKTOP-JNB7THA\Alex Rm
Nombre de proceso: C:\Users\RS1399\Desktop\FRST64.exe
Versión de firma: AV: 1.299.1918.0, AS: 1.299.1918.0, NIS: 1.299.1918.0
Versión de motor: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-07-02 21:24:07.110
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {5CBF0A6B-97CC-4962-85E3-163935462BD8}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-07-01 15:49:20.831
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {7DEDFCF5-2994-4C3F-859F-A3B9435F2C86}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-07-01 15:31:08.267
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {DE3AF338-7C82-4BA3-B982-9690A252475F}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-06-26 11:11:29.715
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {53A5A93A-24F6-400A-91E9-A746CCF96B79}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2019-08-14 15:48:46.900
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.299.1918.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16200.1
Código de error: 0x8024402c
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-08-14 15:48:46.085
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.299.1918.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16200.1
Código de error: 0x8024402c
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-08-14 13:38:59.705
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.299.1918.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16200.1
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-08-14 12:47:11.877
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.299.1918.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16200.1
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico. 

Date: 2019-07-29 16:28:45.464
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.299.423.0
Origen de actualización: Centro de protección contra malware de Microsoft
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\Servicio de red
Versión de motor actual: 
Versión de motor anterior: 1.1.16200.1
Código de error: 0x80072ee7
Descripción del error: No se pudo resolver el nombre de servidor o su dirección 

CodeIntegrity:
===================================

Date: 2019-08-14 15:39:56.191
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2019-08-14 15:21:44.583
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2019-08-14 13:24:24.869
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2019-08-14 13:18:26.225
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2019-08-14 13:14:36.434
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2019-08-14 12:54:16.046
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2019-08-14 12:54:11.379
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2019-08-14 12:22:34.129
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

==================== Memory info =========================== 

BIOS: LENOVO 1RCN27WW(V1.07) 01/13/2017
Motherboard: LENOVO Lenovo YOGA 510-14AST
Processor: AMD A9-9410 RADEON R5, 5 COMPUTE CORES 2C+3G 
Percentage of memory in use: 31%
Total physical RAM: 7636.18 MB
Available physical RAM: 5233.19 MB
Total Virtual: 8852.18 MB
Available Virtual: 6449.41 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:893.02 GB) (Free:835.21 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.87 GB) NTFS

\\?\Volume{7ed2adc0-cd42-4a8f-8efb-b63611d47b0e}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{8e437e66-810f-4ab6-857a-f1de6b719e5f}\ (LENOVO_PART) (Fixed) (Total:11.27 GB) (Free:1.84 GB) NTFS
\\?\Volume{1618b25f-dd23-431f-9748-f23e06d9851b}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C53707B0)

Partition: GPT.

==================== End of Addition.txt ============================

Muchas gracias por la atención y el tiempo empleado para atender mi post, un saludo :grin:

Hola.

Parece que TU equipo esta completamente limpio en relación a infecciones. :+1:

Para hacer un mantenimiento preventivo sigue las indicaciones que se dan en esta guía :arrow_right: Liberar Espacio en Discos y Particiones.

Y en concreto las indicaciones iniciales que se explican en ese tema y NO las específicas que se indican para Windows 10 que en función de la version de Windows 10 que tengamos pueden haber cambiado. :roll_eyes:

Cuando hagas esos pasos REINICIAS el equipo y comentas su funcionamiento. :thinking:

Saludos.