Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2019 Ran by Administrador (04-12-2019 11:15:58) Running from F:\ Windows 7 Ultimate Service Pack 1 (X64) (2015-11-18 11:57:18) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1865021304-481513440-2593777952-500 - Administrator - Enabled) => C:\Users\Administrador CESAR (S-1-5-21-1865021304-481513440-2593777952-1005 - Limited - Enabled) => C:\Users\CESAR HORACIO (S-1-5-21-1865021304-481513440-2593777952-1000 - Administrator - Enabled) => C:\Users\HORACIO INDICADORES (S-1-5-21-1865021304-481513440-2593777952-1006 - Limited - Enabled) => C:\Users\INDICADORES Invitado (S-1-5-21-1865021304-481513440-2593777952-501 - Limited - Disabled) OPERADOR (S-1-5-21-1865021304-481513440-2593777952-1001 - Limited - Enabled) => C:\Users\OPERADOR panda (S-1-5-21-1865021304-481513440-2593777952-1002 - Administrator - Enabled) TURNO NOCHE (S-1-5-21-1865021304-481513440-2593777952-1003 - Limited - Enabled) => C:\Users\TURNO NOCHE VICARIO (S-1-5-21-1865021304-481513440-2593777952-1004 - Limited - Enabled) => C:\Users\VICARIO ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated) AutoCAD 2011 - Español (HKLM\...\{5783F2D7-9001-040A-0102-0060B0CE6BBA}) (Version: 18.1.49.0 - Autodesk) Hidden AutoCAD 2011 - Español (HKLM\...\AutoCAD 2011 - Español) (Version: 18.1.49.0 - Autodesk) AutoCAD 2011 Language Pack - Español (HKLM\...\{5783F2D7-9001-040A-1102-0060B0CE6BBA}) (Version: 18.1.49.0 - Autodesk) Hidden AutoCAD 2013 - English (HKLM\...\{5783F2D7-B001-0000-0102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden AutoCAD 2013 - English (HKLM\...\{5783F2D7-B001-0409-2102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk) AutoCAD 2013 - Español (Spanish) (HKLM\...\{5783F2D7-B001-040A-2102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden AutoCAD 2013 Language Pack - English (HKLM\...\{5783F2D7-B001-0409-1102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden AutoCAD 2013 Language Pack - Español (Spanish) (HKLM\...\{5783F2D7-B001-040A-1102-0060B0CE6BBA}) (Version: 19.0.55.0 - Autodesk) Hidden AutoCAD 2013 Language Pack - Español (Spanish) (HKLM\...\AutoCAD 2013 Language Pack - Español (Spanish)) (Version: 19.0.55.0 - Autodesk) Autodesk Content Service (HKLM-x32\...\{62F029AB-85F2-0000-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk) Autodesk Content Service Language Pack (HKLM-x32\...\{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.0.84.0 - Autodesk) Hidden Autodesk Inventor Fusion 2013 (HKLM\...\{FFF5619F-2013-0064-A85E-9994F70A9E5D}) (Version: 2.0.0.206 - Autodesk, Inc.) Hidden Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.) Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}) (Version: 0.2.0.230 - Autodesk) Hidden Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2013) (Version: 0.2.0.230 - Autodesk) Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (HKLM\...\{FE2F4875-095C-427C-9A97-4F8DE05ACF22}) (Version: 0.2.0.230 - Autodesk) Hidden Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk) Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk) Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk) Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk) Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.) AVS Media Player 4.1.8.93 (HKLM-x32\...\AVS Media Player_is1) (Version: - Online Media Technologies Ltd.) AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Brother HL-2170W (HKLM-x32\...\{775D42C2-6C4C-412E-A43D-B9DA23DEE07C}) (Version: 1.00 - Brother) CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform) doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland) EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production) FluidSIM 4.2I Neumática (HKLM-x32\...\FluidSIM 4.2I Neumática4.2I/1.6) (Version: 4.2I/1.6 - Festo Didactic) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel) K-Lite Mega Codec Pack 13.2.4 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.2.4 - KLCP) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation) NVIDIA Controlador de 3D Vision 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation) NVIDIA Controlador de audio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Controlador de gráficos 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation) NVIDIA Controlador de la controladora 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation) NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation) OneWireDrivers_x64 (HKLM\...\{8368A8E4-00FA-4C67-8E8A-82F8F8B83B0A}) (Version: 1.0.0.0 - Maxim Integrated) Panel de control de NVIDIA 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 341.92 - NVIDIA Corporation) Hidden Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation) SGI (HKLM-x32\...\ST6UNST #1) (Version: - ) SolidWorks 2013 x64 Edition SP0 (HKLM\...\{B6B5EA7E-B91F-443D-A958-B0062FB53804}) (Version: 21.100.5024 - SolidWorks) Hidden SolidWorks 2013 x64 Edition SP0 (HKLM-x32\...\SolidWorks Installation Manager 20130-40000-1100-100) (Version: 21.0.0.5024 - SolidWorks Corporation) SolidWorks 2013 x64 Spanish Resources (HKLM\...\{6ECB1674-74E1-402B-916A-94FF5CCBD814}) (Version: 21.100.5024 - SolidWorks) Hidden SolidWorks eDrawings 2013 x64 Edition SP0 (HKLM\...\{C76772EF-40C8-4090-8C0E-EF1D2BD0DB96}) (Version: 13.0.5016 - Dassault Systèmes SolidWorks Corp) Hidden SolidWorks Explorer 2013 SP0 x64 Edition (HKLM\...\{168EB20E-FC09-4D2E-83A9-49483710304C}) (Version: 21.00.5024 - SolidWorks Corporation) Hidden SolidWorks Plastics 2013 SP0 x64 Edition (HKLM\...\{BA812540-2D88-4A6A-A527-E7728D577D7D}) (Version: 21.00.5024 - SolidWorks Corporation) Hidden TeamViewer 13 Host (HKLM-x32\...\TeamViewer) (Version: 13.2.26558 - TeamViewer) UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.1.5 - uvnc bvba) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1865021304-481513440-2593777952-1005_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1865021304-481513440-2593777952-1005_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc -> Autodesk, Inc.) [File not signed] CustomCLSID: HKU\S-1-5-21-1865021304-481513440-2593777952-1005_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1865021304-481513440-2593777952-1005_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc -> Autodesk, Inc.) [File not signed] CustomCLSID: HKU\S-1-5-21-1865021304-481513440-2593777952-1005_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc -> Autodesk, Inc.) [File not signed] CustomCLSID: HKU\S-1-5-21-1865021304-481513440-2593777952-1005_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\es-ES\acadficn.dll (Autodesk Development Sarl -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1865021304-481513440-2593777952-500_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1865021304-481513440-2593777952-500_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1865021304-481513440-2593777952-500_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc -> Autodesk, Inc.) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6718864 2011-02-12] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc -> Autodesk, Inc.) ShellIconOverlayIdentifiers: [Identificador de icono superpuesto para firmas digitales de AutoCAD] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc -> Autodesk, Inc.) ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files (x86)\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2012-01-30] (Autodesk, Inc -> Autodesk) ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2015-10-13] (NVIDIA Corporation -> ) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-10-13] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3642880 2016-05-08] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [126976 2015-10-24] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3621888 2016-05-08] (x264vfw project) [File not signed] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed] ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2018-02-23 11:24 - 2012-07-21 07:55 - 000180736 _____ (fccHandler) [File not signed] C:\Windows\system32\ac3acm.acm 2017-08-01 08:45 - 2017-08-01 08:45 - 000109568 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 2011-04-19 00:03 - 2011-04-19 03:03 - 000120320 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\E_YLMI4E.DLL ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\25992868.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dump_64B4101A.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ms64B4101AAppA => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\25992868.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dump_64B4101A.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ms64B4101AAppA => ""="Service" ==================== Association (Whitelisted) ================= (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-1865021304-481513440-2593777952-1005\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1" HKU\S-1-5-21-1865021304-481513440-2593777952-500\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 23:34 - 2019-11-27 08:20 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT HKU\S-1-5-21-1865021304-481513440-2593777952-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\CESAR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1865021304-481513440-2593777952-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Inicio rápido de SolidWorks 2013.lnk => C:\Windows\pss\Inicio rápido de SolidWorks 2013.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Programa de descargas en segundo plano de SolidWorks.lnk => C:\Windows\pss\Programa de descargas en segundo plano de SolidWorks.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: BrStsWnd => C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 25-11-2019 08:08:30 Removed Panda Endpoint Protection Plus. 25-11-2019 08:09:38 Removed Panda Endpoint Protection Plus. 25-11-2019 08:43:24 Malwarebytes Anti-Rootkit Restore Point 26-11-2019 07:15:31 Windows Update 27-11-2019 08:03:55 Removed Panda Endpoint Agent. 27-11-2019 08:20:24 Restore Point Created by FRST ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (12/04/2019 09:40:26 AM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Event-ID 16 Error: (12/04/2019 09:39:52 AM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Event-ID 16 Error: (12/04/2019 09:39:39 AM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Event-ID 16 Error: (12/04/2019 09:38:53 AM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Event-ID 16 Error: (12/04/2019 09:38:36 AM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Event-ID 16 Error: (12/04/2019 09:38:01 AM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Event-ID 16 Error: (12/04/2019 09:37:57 AM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Event-ID 16 Error: (12/04/2019 05:57:38 AM) (Source: MsiInstaller) (EventID: 1024) (User: PC0286) Description: Producto: Adobe Acrobat Reader DC - Español - la actualización "{AC76BA86-7AD7-0000-2550-AC0F174E6600}" no se pudo instalar. Código de error 1625. Windows Installer no puede crear registros para ayudar a solucionar problemas de instalación de paquetes de software. Use el vínculo siguiente para obtener instrucciones sobre la activación de la compatibilidad de registro: http://go.microsoft.com/fwlink/?LinkId=23127 System errors: ============= Error: (12/04/2019 05:44:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio Service KMSELDI no pudo iniciarse debido al siguiente error: El sistema no puede encontrar el archivo especificado. Error: (12/04/2019 05:44:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio Ms64B4101AAppA no pudo iniciarse debido al siguiente error: Este servicio se configuró para ejecutarse en un programa ejecutable, pero el programa no implementa el servicio. Error: (12/03/2019 07:45:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: Se ha bloqueado la descarga de este controlador Error: (12/03/2019 07:45:19 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Se bloqueó la carga de \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador. Error: (12/03/2019 07:45:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: Se ha bloqueado la descarga de este controlador Error: (12/03/2019 07:45:18 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Se bloqueó la carga de \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador. Error: (12/03/2019 07:45:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: Se ha bloqueado la descarga de este controlador Error: (12/03/2019 07:45:18 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Se bloqueó la carga de \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador. Windows Defender: =================================== Date: 2019-11-04 14:08:43.965 Description: El examen de Windows Defender se detuvo antes de completarse. Id. de examen:{BED5FA97-876A-44A8-AF79-014F081FCB16} Tipo de examen:AntiSpyware Parámetros de examen:Examen rápido Usuario:PC0286\CESAR Date: 2017-01-24 03:00:28.897 Description: El examen de Windows Defender se detuvo antes de completarse. Id. de examen:{FC006677-D97E-410E-B5BB-865B762ADCCB} Tipo de examen:AntiSpyware Parámetros de examen:Examen rápido Usuario:NT AUTHORITY\Servicio de red Date: 2019-11-26 07:54:23.320 Description: Windows Defender encontró un error al intentar actualizar el motor. Nueva versión de motor:1.1.16500.1 Versión de motor anterior:1.1.6402.0 Origen de actualización:Usuario Usuario:NT AUTHORITY\SYSTEM Código de error:0x8050800c Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. Date: 2019-11-26 07:15:51.821 Description: Windows Defender encontró un error al intentar actualizar el motor. Nueva versión de motor:1.1.16500.1 Versión de motor anterior:1.1.6402.0 Origen de actualización:Usuario Usuario:NT AUTHORITY\SYSTEM Código de error:0x8050800c Descripción de error:Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. CodeIntegrity: =================================== Date: 2019-11-25 13:06:29.305 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Panda Security\WAC\Drivers\W10\PSBoot.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2019-11-25 13:06:29.289 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Panda Security\WAC\Drivers\W10\PSBoot.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2019-11-25 13:06:29.274 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Panda Security\WAC\Drivers\W10\pskmad.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2019-11-25 13:06:29.149 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Panda Security\WAC\Drivers\W10\pskmad.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2019-11-25 13:06:29.102 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Panda Security\WAC\Drivers\PSINDvct\W10\PSINDvct.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2019-11-25 13:06:29.087 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Panda Security\WAC\Drivers\PSINDvct\W10\PSINDvct.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2019-11-25 13:06:29.040 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Panda Security\WAC\Drivers\dvctprov\W10\dvctprov.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema. Date: 2019-11-25 13:06:28.977 Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files (x86)\Panda Security\WAC\Drivers\dvctprov\W10\dvctprov.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema. ==================== Memory info =========================== BIOS: Intel Corp. BAP6710H.86A.0070.2011.0824.1720 08/24/2011 Motherboard: Intel Corporation DP67BA Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz Percentage of memory in use: 40% Total physical RAM: 8169.44 MB Available physical RAM: 4899.24 MB Total Virtual: 41167.62 MB Available Virtual: 37866.43 MB ==================== Drives ================================ Drive c: (SISTEMA) (Fixed) (Total:78.03 GB) (Free:3.43 GB) NTFS Drive d: (RESPALDO) (Fixed) (Total:387.62 GB) (Free:248.99 GB) NTFS Drive f: (WIN10-64) (Removable) (Total:28.82 GB) (Free:24.77 GB) FAT32 \\?\Volume{899e893b-8dea-11e5-b704-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 44C744C6) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=387.6 GB) - (Type=0F Extended) ========================================================== Disk: 2 (Protective MBR) (Size: 28.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================