Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019 Ran by Absent (28-06-2019 16:26:56) Running from C:\Users\Absent\Downloads Windows 10 Pro Version 1809 17763.557 (X64) (2018-11-16 17:21:22) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Absent (S-1-5-21-3126805088-1096401988-3500408547-1000 - Administrator - Enabled) => C:\Users\Absent Administrador (S-1-5-21-3126805088-1096401988-3500408547-500 - Administrator - Enabled) DefaultAccount (S-1-5-21-3126805088-1096401988-3500408547-503 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3126805088-1096401988-3500408547-1002 - Limited - Enabled) Invitado (S-1-5-21-3126805088-1096401988-3500408547-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3126805088-1096401988-3500408547-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Actualización de NVIDIA 37.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 37.0.0.0 - NVIDIA Corporation) Hidden Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated) AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.) BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.32.75.1002 - BlueStack Systems, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform) Cheat Engine 6.8.3 (HKLM-x32\...\Cheat Engine 6.8.3_is1) (Version: - Cheat Engine) Crash Bandicoot N Sane Trilogy MULTi6 - ElAmigos versión 1.0 (HKLM-x32\...\{327BFB1B-E44E-4824-9EB7-EA92A8D3CAEC}_is1) (Version: 1.0 - Activision) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.9.0.0677 - Disc Soft Ltd) Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software) Diablo MULTi7 - ElAmigos versión 1.09b (HKLM-x32\...\{8B6583BB-A564-4AFB-A33F-1CAC35EC65F7}_is1) (Version: 1.09b - Blizzard) Epic Games Launcher (HKLM-x32\...\{BB514C00-3DAB-4E6E-8F41-58A61FA35851}) (Version: 1.1.206.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Fallout 4 Spanish Language Pack (HKLM-x32\...\Fallout 4 Spanish Language Pack_is1) (Version: - ) Far Cry 5 Gold Edition MULTi15 - ElAmigos versión 1.2.0 (HKLM-x32\...\{94EF50C3-1479-48BE-8E80-D54680BCB911}_is1) (Version: 1.2.0 - Ubisoft) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Grand Theft Auto V MULTi12 - ElAmigos versión 1.41 build 1180.1 (HKLM-x32\...\{4959470E-EDAC-4710-A636-276D79A81B94}_is1) (Version: 1.41 build 1180.1 - Rockstar Games) Hi-Rez Studios Games (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Hotspot Shield 7.15.1 (HKLM-x32\...\{3e29a499-0bcd-49f6-aa46-3e9ff41419f3}) (Version: 7.15.1.11114 - AnchorFree Inc.) Hotspot Shield 7.15.1 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925C117BE8D}) (Version: 7.15.1.11114 - AnchorFree Inc.) Hidden Hotspot Shield 7.15.1 (HKLM-x32\...\HotspotShield) (Version: 7.15.1 - AnchorFree Inc.) Hidden HWiNFO64 Version 5.90 (HKLM\...\HWiNFO64_is1) (Version: 5.90 - Martin Malík - REALiX) Java 8 Update 211 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180211F0}) (Version: 8.0.2110.12 - Oracle Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Mario Kart 8 MULTi8 - ElAmigos versión 4.1 (HKLM-x32\...\{0904BD9C-9992-4619-A26A-EE56ADC78D6F}_is1) (Version: 4.1 - Nintendo) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Minecraft (HKLM-x32\...\{2D1ED4EA-B59D-4665-ACB3-9325872A300D}) (Version: 1.0.4.0 - Mojang) MSI Afterburner 4.6.1 (HKLM-x32\...\Afterburner) (Version: 4.6.1 - MSI Co., LTD) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6 - Notepad++ Team) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden NVIDIA Controlador de audio HD 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation) NVIDIA Controlador de gráficos 430.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 430.86 - NVIDIA Corporation) NVIDIA GeForce Experience 3.19.0.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.19.0.94 - NVIDIA Corporation) NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20348 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20348 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20348 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.10730.20348 - Microsoft Corporation) Hidden Operation7 (HKLM-x32\...\Operation7_is1) (Version: 1 - Softnyx Co., Ltd.) Panel de control de NVIDIA 430.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 430.86 - NVIDIA Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek) RivaTuner Statistics Server 7.2.2 (HKLM-x32\...\RTSS) (Version: 7.2.2 - Unwinder) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - ) WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH) Worms Clan Wars (HKLM-x32\...\Worms Clan Wars_is1) (Version: - Team17 Digital Ltd) Packages: ========= Correo y Calendario -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-12] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-12] (Microsoft Corporation) [MS Ad] MSN El tiempo -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.478.0_x64__mcm4njqhnhss8 [2019-06-27] (Netflix, Inc.) SoundCloud for Windows (Beta) -> C:\Program Files\WindowsApps\SoundcloudLtd.SoundCloudforWindowsBeta_1.1.36.0_x64__2xc63xn306dnw [2019-01-14] (Soundcloud Ltd.) Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.7.25.0_x64__43tkc6nmykmb6 [2019-06-18] (Ookla) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0 [2019-06-17] (Spotify AB) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3126805088-1096401988-3500408547-1000_Classes\CLSID\{6807C9E2-7EB5-4451-AE11-85E34F294E7A} -> [MEGA] => C:\Users\Absent\Downloads\MEGA [2019-02-01 12:18] CustomCLSID: HKU\S-1-5-21-3126805088-1096401988-3500408547-1000_Classes\CLSID\{EF7E71C9-8012-4BE3-BB46-AC5A0D278A19} -> [Tesis] => C:\Users\Absent\Desktop\Tesis [2019-05-22 14:37] ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-11-12] (Notepad++ -> ) ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Absent\AppData\Local\MEGAsync\ShellExtX64.dll [2019-06-05] (Mega Limited -> ) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Absent\Juegos\Mario Kart 8.lnk -> H:\Mario Kart 8\cemu\StartGame.bat () ==================== Loaded Modules (Whitelisted) ============== 2018-11-16 17:31 - 2018-11-16 17:30 - 000662016 _____ () [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll 2018-11-16 17:32 - 2011-07-12 18:14 - 000147456 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll 2018-11-16 17:32 - 2012-10-08 16:07 - 000972288 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll 2018-11-16 17:32 - 2010-09-08 20:25 - 000053248 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\cpuutil.dll 2018-11-16 17:33 - 2013-05-08 16:22 - 001040896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll 2018-11-16 17:32 - 2010-10-05 07:22 - 000208896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll 2018-11-16 17:32 - 2010-10-05 07:22 - 000253952 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll 2018-11-16 17:32 - 2012-05-28 20:27 - 001622528 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll 2018-11-16 17:32 - 2009-08-12 19:15 - 000253952 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll 2018-11-16 17:32 - 2013-04-15 13:19 - 000883712 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll 2018-11-16 17:32 - 2011-09-19 19:18 - 001243136 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll 2018-11-16 17:32 - 2011-07-21 08:06 - 000846848 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll 2018-11-16 17:32 - 2012-08-29 17:09 - 000875520 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll 2018-11-16 17:33 - 2018-11-16 17:30 - 000043520 ____N () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll 2018-11-16 17:33 - 2013-08-19 16:21 - 000253952 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll 2018-11-16 17:31 - 2018-11-16 17:30 - 000104448 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll 2018-11-16 17:31 - 2019-06-28 13:20 - 000033792 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll 2019-04-21 04:33 - 2019-04-21 04:33 - 000232448 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll 2019-04-21 04:32 - 2019-04-21 04:32 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll 2019-04-21 04:33 - 2019-04-21 04:33 - 000649216 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2019-04-21 04:32 - 2019-04-21 04:32 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2019-04-21 04:33 - 2019-04-21 04:33 - 000367104 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll 2019-03-09 03:50 - 2019-03-09 03:50 - 000057344 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll 2019-03-09 03:51 - 2019-03-09 03:51 - 000072704 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll 2019-03-09 03:50 - 2019-03-09 03:50 - 000364544 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll 2018-11-16 17:31 - 2018-11-16 17:30 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\ASACPI.DLL 2018-11-16 17:32 - 2010-08-09 20:33 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\AsAcpi.dll 2018-11-16 17:32 - 2010-09-08 20:25 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\asacpi.dll 2018-11-16 17:33 - 2013-08-19 16:21 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\ASACPI.DLL 2018-11-16 17:33 - 2018-11-16 17:30 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsAcpi.dll 2018-11-16 17:31 - 2018-11-16 17:30 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\asacpiEx.dll 2018-11-16 17:32 - 2010-08-12 06:52 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\asacpiEx.dll 2018-11-16 17:32 - 2010-10-05 07:22 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\AsMultiLang.dll 2019-06-17 13:14 - 2013-01-15 10:52 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\AsMultiLang.dll 2019-06-17 13:14 - 2013-01-15 10:52 - 001086464 _____ (ASUSTek Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll 2018-11-16 17:32 - 2010-09-08 20:25 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\AsMultiLang.dll 2018-11-16 17:32 - 2010-09-08 20:25 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\asacpiEx.dll 2018-11-16 17:32 - 2010-09-08 20:25 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\AsMultiLang.dll 2018-11-16 17:32 - 2013-08-26 13:00 - 001016320 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Cpu Frequency\CpuFrequency.dll 2018-11-16 17:33 - 2012-11-12 13:56 - 001095680 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\FAN Xpert\FANXpert.dll 2018-11-16 17:32 - 2010-03-08 16:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AsMultiLang.dll 2018-11-16 17:32 - 2010-03-08 16:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\Splitter\AsMultiLang.dll 2018-11-16 17:33 - 2012-12-25 10:55 - 001236992 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\System Information\SystemInfo.dll 2018-11-16 17:32 - 2010-03-08 16:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\AsMultiLang.dll 2018-11-16 17:33 - 2013-08-19 16:21 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\asacpiEx.dll 2018-11-16 17:33 - 2013-08-19 16:21 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\AsMultiLang.dll 2018-11-16 17:33 - 2013-08-19 16:21 - 001876992 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\IccHelper_old.dll 2018-11-16 17:33 - 2013-08-19 16:21 - 001643008 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVEVO.dll 2018-11-16 17:33 - 2013-08-19 16:21 - 001108992 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe 2018-11-16 17:33 - 2010-03-08 16:11 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\AsMultiLang.dll 2018-11-16 17:33 - 2014-02-17 14:03 - 000886272 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\Express.dll 2018-11-16 17:33 - 2018-11-16 17:30 - 000677376 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\asacpiEx.dll 2018-11-16 17:33 - 2018-11-16 17:31 - 001632256 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Absent\Datos de programa:7dd1e1189f9fcf05a559dccee48d89c6 [362] AlternateDataStreams: C:\Users\Absent\AppData\Roaming:7dd1e1189f9fcf05a559dccee48d89c6 [362] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [440] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\sharepoint.com -> hxxps://inacapmailcl-files.sharepoint.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2019-06-21 19:34 - 000000002 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Absent\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20190526_121859.jpg DNS Servers: 1.1.1.1 - 1.1.1.2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "SecurityHealth" HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-3126805088-1096401988-3500408547-1000\...\StartupApproved\Run: => "ZUKR35S3BSTZNSD" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{CFC56B7F-5B17-41BA-9A22-E34C25809B94}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{69224B17-72E9-4DD3-9A73-1DEAA534A50D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9A426C59-CFE4-4B08-AFFA-6F0E7FCBB450}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [{5B970E7D-3798-4862-BE8E-5A8898C46230}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [{661B969A-3BF7-4B8E-B881-1B74ED55E69F}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) FirewallRules: [{ACB7B0C9-F0E4-4D31-A79C-D8D431E52CF2}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) FirewallRules: [{30B13DA9-6E58-40FF-927B-38176D463867}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{59D0B246-7495-4F7A-AEDD-4772C98C1B9C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8F4FD64B-705C-4006-ADB2-04F73AAA1BA9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{6E0CBAC0-CE26-462F-8D5B-81D06256847A}F:\games\worms clan wars\wormsclanwars.exe] => (Allow) F:\games\worms clan wars\wormsclanwars.exe () [File not signed] FirewallRules: [UDP Query User{06CC0256-211D-4698-B27E-5DF46D7581CE}F:\games\worms clan wars\wormsclanwars.exe] => (Allow) F:\games\worms clan wars\wormsclanwars.exe () [File not signed] FirewallRules: [{D166D9F2-C150-4158-AC9A-C32B50A1C825}] => (Block) LPort=9150 FirewallRules: [{63DB08A4-C520-40B4-9B88-7652286A43AD}] => (Block) LPort=9150 FirewallRules: [{FF51A73D-F1DA-44C0-8749-23522C580A81}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{053048AB-B302-421E-B386-5735C7AFCB73}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{B36CB414-E39C-4CE5-AAB2-8068464A5D0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{BC94B87A-3073-47FB-AEB9-69A6B5011F5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{43C44605-3869-4DCC-806B-5C1EF1A04484}] => (Allow) F:\SteamLibrary\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{91218BA7-6BDE-459F-9BB4-A039EE1CF18F}] => (Allow) F:\SteamLibrary\steamapps\common\SMITE\Binaries\Win64\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{DA7D07C9-866A-4B43-BD40-21F1D1DA8F22}] => (Allow) F:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{8C91BEA3-F7D0-4143-A6B4-7CBAA1F8F239}] => (Allow) F:\SteamLibrary\steamapps\common\SMITE\Binaries\Win32\SmiteEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [TCP Query User{D6B5C219-68DB-4E9A-994A-F4B692D54E39}F:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) F:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [UDP Query User{925174D1-9ED0-46BA-A9B3-6BA3FDACFD0B}F:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) F:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe (Hirez Studios, Inc.) [File not signed] FirewallRules: [{7B7498F4-30FD-4A92-987C-D8A8BB6B02A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{615FB62F-BC28-4FFA-84FD-A1111A4FC085}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{B8DDC3AE-5682-4F55-A967-05FC76B6FC39}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{E5F67049-5F05-4A8A-8021-A95A7038CD4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{F6FF48CC-81F0-4C87-B494-AE63D88A4B3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{C81DE36E-841E-4126-A6B0-47EC14557187}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{6952FD5E-2946-471B-B0E2-006AFA7E8D04}] => (Allow) H:\gta\Grand Theft Auto V\GTA5.exe (Rockstar Games) [File not signed] FirewallRules: [{3D5412FC-7F3B-4DC0-ABC9-6395CC05CE9D}] => (Allow) H:\gta\Grand Theft Auto V\GTA5.exe (Rockstar Games) [File not signed] FirewallRules: [TCP Query User{7B6EB7A0-7E2D-45C6-B0CA-DC225343D2E4}E:\games\crash bandicoot n sane trilogy\crashbandicootnsanetrilogy.exe] => (Allow) E:\games\crash bandicoot n sane trilogy\crashbandicootnsanetrilogy.exe (Activision Publishing Inc -> ) [File not signed] FirewallRules: [UDP Query User{578D5B46-7B7A-4FF8-A61B-D6B75C03CA88}E:\games\crash bandicoot n sane trilogy\crashbandicootnsanetrilogy.exe] => (Allow) E:\games\crash bandicoot n sane trilogy\crashbandicootnsanetrilogy.exe (Activision Publishing Inc -> ) [File not signed] FirewallRules: [{70CFF764-A1F7-4182-AE8E-8F71BD9573DE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{98C1398F-B9E5-4032-8C1E-65FD4CB0DB4F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{920A92A2-8172-49B4-AFC2-E91EF5C09286}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{7BFA3234-092E-4DF0-90B9-E33C6C4BD235}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{496DCF8E-6FBD-4BB1-AD9D-CE8FE754D668}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{6456D896-4583-463A-9C6C-DC1F0561ACA7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{4BD40142-9753-4BC1-964F-B1F025ED4848}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{F0DE19EC-2D74-46FC-B6DA-69BE539B0C1C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{1C34547E-D997-4A2A-9DC6-2D64E1D98280}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{A947FDCC-8E84-4E9B-AD54-61F06BE0841F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{87FE1A50-CF3F-4B44-BDF6-BD990755D5B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 24-06-2019 14:44:53 Punto de control programado ==================== Faulty Device Manager Devices ============= Name: Controladora de sonido multimedia Description: Controladora de sonido multimedia Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/28/2019 01:25:08 PM) (Source: ESENT) (EventID: 481) (User: ) Description: DllHost (840,D,50) WebCacheLocal: Al intentar leer en el archivo "C:\Users\Absent\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 0 (0x0000000000000000) 4096 (0x00001000) bytes se produjo el error de sistema 5 (0x00000005) después de 0.000 segundos: "Acceso denegado. ". La operación de lectura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior. Error: (06/28/2019 01:25:08 PM) (Source: ESENT) (EventID: 481) (User: ) Description: DllHost (840,D,50) WebCacheLocal: Al intentar leer en el archivo "C:\Users\Absent\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 65536 (0x0000000000010000) 65536 (0x00010000) bytes se produjo el error de sistema 5 (0x00000005) después de 0.000 segundos: "Acceso denegado. ". La operación de lectura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior. Error: (06/28/2019 01:25:08 PM) (Source: ESENT) (EventID: 481) (User: ) Description: DllHost (840,D,50) WebCacheLocal: Al intentar leer en el archivo "C:\Users\Absent\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 0 (0x0000000000000000) 65536 (0x00010000) bytes se produjo el error de sistema 5 (0x00000005) después de 0.000 segundos: "Acceso denegado. ". La operación de lectura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior. Error: (06/28/2019 01:25:08 PM) (Source: ESENT) (EventID: 481) (User: ) Description: DllHost (840,D,50) WebCacheLocal: Al intentar leer en el archivo "C:\Users\Absent\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 32768 (0x0000000000008000) 32768 (0x00008000) bytes se produjo el error de sistema 5 (0x00000005) después de 0.000 segundos: "Acceso denegado. ". La operación de lectura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior. Error: (06/28/2019 01:25:08 PM) (Source: ESENT) (EventID: 481) (User: ) Description: DllHost (840,D,50) WebCacheLocal: Al intentar leer en el archivo "C:\Users\Absent\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 0 (0x0000000000000000) 32768 (0x00008000) bytes se produjo el error de sistema 5 (0x00000005) después de 0.000 segundos: "Acceso denegado. ". La operación de lectura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior. Error: (06/28/2019 01:25:08 PM) (Source: ESENT) (EventID: 481) (User: ) Description: DllHost (840,D,50) WebCacheLocal: Al intentar leer en el archivo "C:\Users\Absent\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 16384 (0x0000000000004000) 16384 (0x00004000) bytes se produjo el error de sistema 5 (0x00000005) después de 0.000 segundos: "Acceso denegado. ". La operación de lectura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior. Error: (06/28/2019 01:25:08 PM) (Source: ESENT) (EventID: 481) (User: ) Description: DllHost (840,D,50) WebCacheLocal: Al intentar leer en el archivo "C:\Users\Absent\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 0 (0x0000000000000000) 16384 (0x00004000) bytes se produjo el error de sistema 5 (0x00000005) después de 0.000 segundos: "Acceso denegado. ". La operación de lectura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior. Error: (06/28/2019 01:25:08 PM) (Source: ESENT) (EventID: 481) (User: ) Description: DllHost (840,D,50) WebCacheLocal: Al intentar leer en el archivo "C:\Users\Absent\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat", en la posición 8192 (0x0000000000002000) 8192 (0x00002000) bytes se produjo el error de sistema 5 (0x00000005) después de 0.000 segundos: "Acceso denegado. ". La operación de lectura se cerrará con el error -1032 (0xfffffbf8). Si el error persiste, es posible que el archivo esté dañado y sea necesario restaurarlo desde una copia de seguridad anterior. System errors: ============= Error: (06/28/2019 03:39:56 PM) (Source: DCOM) (EventID: 10016) (User: ABSENTPPC) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario AbsentpPC\Absent con SID (S-1-5-21-3126805088-1096401988-3500408547-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (06/28/2019 01:30:17 PM) (Source: DCOM) (EventID: 10016) (User: ABSENTPPC) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario AbsentpPC\Absent con SID (S-1-5-21-3126805088-1096401988-3500408547-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (06/28/2019 01:29:02 PM) (Source: DCOM) (EventID: 10016) (User: ABSENTPPC) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario AbsentpPC\Absent con SID (S-1-5-21-3126805088-1096401988-3500408547-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (06/28/2019 01:27:34 PM) (Source: DCOM) (EventID: 10016) (User: ABSENTPPC) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario AbsentpPC\Absent con SID (S-1-5-21-3126805088-1096401988-3500408547-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (06/28/2019 01:21:26 PM) (Source: DCOM) (EventID: 10016) (User: ABSENTPPC) Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} y APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} al usuario AbsentpPC\Absent con SID (S-1-5-21-3126805088-1096401988-3500408547-1000) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0 (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (06/28/2019 01:21:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID Windows.SecurityCenter.WscDataProtection y APPID No disponible al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (06/28/2019 01:21:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID Windows.SecurityCenter.WscBrokerManager y APPID No disponible al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Error: (06/28/2019 01:21:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID Windows.SecurityCenter.SecurityAppBroker y APPID No disponible al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes. Windows Defender: =================================== Date: 2019-06-27 12:02:01.724 Description: El examen de Antivirus de Windows Defender se detuvo antes de completarse. Id. de examen: {C3108FFF-5223-414E-B8CE-F5A17ADD34CA} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM Date: 2019-06-27 11:49:37.683 Description: El examen de Antivirus de Windows Defender se detuvo antes de completarse. Id. de examen: {EBB08220-DF2C-4872-A5CA-1CB0104AC396} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM Date: 2019-06-27 10:44:56.421 Description: El examen de Antivirus de Windows Defender se detuvo antes de completarse. Id. de examen: {3803AB8B-EF95-4677-B403-F69CBE711AC0} Tipo de examen: Antimalware Parámetros de examen: Examen rápido Usuario: NT AUTHORITY\SYSTEM Date: 2019-06-21 19:22:12.360 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0 Nombre: Trojan:Win32/Conteban.B!ml Id.: 2147735507 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: containerfile:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe; file:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe->[lowcase_mzpe]; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore->(UTF-16LE); file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA->(UTF-16LE); taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA Origen de detección: Equipo local Tipo de detección: FastPath Fuente de detección: Sistema Usuario: NT AUTHORITY\SYSTEM Nombre de proceso: Unknown Versión de firma: AV: 1.295.1184.0, AS: 1.295.1184.0, NIS: 1.295.1184.0 Versión de motor: AM: 1.1.16000.6, NIS: 1.1.16000.6 Date: 2019-06-21 19:20:02.399 Description: Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado. Para obtener más información consulte lo siguiente: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Conteban.B!ml&threatid=2147735507&enterprise=0 Nombre: Trojan:Win32/Conteban.B!ml Id.: 2147735507 Gravedad: Grave Categoría: Caballo de Troya Ruta de acceso: containerfile:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe; file:_C:\Program Files (x86)\Google\Update\GoogleUpdate.exe->[lowcase_mzpe]; file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore->(UTF-16LE); file:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA->(UTF-16LE); taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore; taskscheduler:_C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA Origen de detección: Equipo local Tipo de detección: FastPath Fuente de detección: Usuario Usuario: AbsentpPC\Absent Nombre de proceso: Unknown Versión de firma: AV: 1.295.1184.0, AS: 1.295.1184.0, NIS: 1.295.1184.0 Versión de motor: AM: 1.1.16000.6, NIS: 1.1.16000.6 CodeIntegrity: =================================== Date: 2019-06-28 14:40:41.200 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system. Date: 2019-06-28 14:09:32.353 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system. Date: 2019-06-28 13:46:37.871 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll because the set of per-page image hashes could not be found on the system. Date: 2019-06-22 04:49:37.079 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\xhunter1.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-22 04:49:36.803 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-21 19:17:16.306 Description: Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes. ==================== Memory info =========================== BIOS: American Megatrends Inc. 2501 04/09/2014 Motherboard: ASUSTeK COMPUTER INC. M5A97 LE R2.0 Processor: AMD FX(tm)-8320 Eight-Core Processor Percentage of memory in use: 35% Total physical RAM: 8093.12 MB Available physical RAM: 5239.47 MB Total Virtual: 16541.12 MB Available Virtual: 11673.76 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:110.87 GB) (Free:49.58 GB) NTFS Drive d: (Windows) (Fixed) (Total:442.83 GB) (Free:244.93 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (Disco de Multimedia) (Fixed) (Total:146.48 GB) (Free:76.18 GB) NTFS Drive f: (Disco Juegos) (Fixed) (Total:195.31 GB) (Free:44.89 GB) NTFS Drive g: (RECOVERY) (Fixed) (Total:21.35 GB) (Free:2.16 GB) NTFS ==>[system with boot components (obtained from drive)] Drive h: (Cosas) (Fixed) (Total:123.84 GB) (Free:11.99 GB) NTFS \\?\Volume{a8801747-ae00-11e8-94fb-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS \\?\Volume{3fc227da-7ec8-4f27-809d-9e9948a6d1d3}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.13 GB) NTFS \\?\Volume{bff38b3a-b677-43ff-aa5f-0111e0f152b1}\ () (Fixed) (Total:0.81 GB) (Free:0.34 GB) NTFS \\?\Volume{1240bd0f-0000-0000-0000-00be1b000000}\ () (Fixed) (Total:0.82 GB) (Free:0.34 GB) NTFS \\?\Volume{b457c898-625e-472f-bdcc-804d38a32003}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 1240BD0F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=110.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=839 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 2DFD2DFC) Partition: GPT. ======================================================== Disk: 2 (Size: 465.8 GB) (Disk ID: 1E1F4777) Partition: GPT. ==================== End of Addition.txt ============================