Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-11-2019 Ran by Administrador (administrator) on PC0286 (INTEL_ DP67BA__) (25-11-2019 09:26:28) Running from C:\Users\Administrador\Desktop Loaded Profiles: Administrador (Available Profiles: HORACIO & OPERADOR & TURNO NOCHE & VICARIO & CESAR & INDICADORES & Administrador) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Autodesk, Inc. -> Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (NVIDIA Corporation -> ) C:\Windows\System32\nvwmi64.exe (NVIDIA Corporation -> ) C:\Windows\System32\nvwmi64.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Aether Agent\AgentSvc.exe (Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (uvnc bvba -> UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2727568 2015-10-13] (NVIDIA Corporation -> ) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation -> Renesas Electronics Corporation) HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695416 2009-06-11] (Brother Industries, ltd. -> brother) HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1865021304-481513440-2593777952-500\...\Policies\Explorer: [] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\Installer\chrmstp.exe [2019-11-25] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sincronizacion.bat [2017-06-01] () [File not signed] Startup: C:\Users\INDICADORES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sincronizacion.bat [2017-06-01] () [File not signed] GroupPolicy\User: Restriction ? <==== ATTENTION GroupPolicyScripts-x32: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {113494E9-B31F-4153-9C32-A1E126344BD9} - \RealUpgradeScheduledTaskS-1-5-21-1865021304-481513440-2593777952-1003 -> No File <==== ATTENTION Task: {4AE9F5F7-E768-41FC-A7D2-0C2182518C32} - \RealUpgradeLogonTaskS-1-5-21-1865021304-481513440-2593777952-1003 -> No File <==== ATTENTION Task: {602080A4-9B9A-41BB-8902-E1E45F574355} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-06-06] () [File not signed] Task: {634AA190-CAC8-44EA-9EFD-46B0E150272A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-18] (Google Inc -> Google Inc.) Task: {8AB86CC4-15A1-4CE2-823C-E07240F5338D} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [740032 2015-09-27] (@ByELDI -> @ByELDI) [File not signed] Task: {C3B6E86D-40C5-4F4F-97E7-0807FCF0CADF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1018056 2015-03-07] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {EBBA1142-F0B9-4DA7-A247-5553EE37E082} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-18] (Google Inc -> Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{585df129-5dc2-48b3-bb16-0fa77f4ef223} <==== ATTENTION (Restriction - IP) Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.) Hosts: 192.168.5.51 SERVER01 Tcpip\..\Interfaces\{1130A64F-362D-4CBE-86F9-5126AA29E8BE}: [NameServer] 8.8.8.8,8.8.4.4 HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.5.1,-1] Internet Explorer: ================== BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation -> Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-25] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-25] (Google Inc -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default [2019-03-19] CHR Extension: (Presentaciones de Google) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-20] CHR Extension: (Google Docs) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-06] CHR Extension: (Google Drive) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-06] CHR Extension: (YouTube) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-06] CHR Extension: (Hojas de cálculo de Google) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-20] CHR Extension: (Documentos de Google sin conexión) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-06] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-06] CHR Extension: (Gmail) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-06] CHR Extension: (Chrome Media Router) - C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-01] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc. -> Autodesk, Inc.) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation) R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [127800 2010-04-07] (Hewlett-Packard Company -> HP) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation -> Intel Corporation) R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2692272 2015-10-13] (NVIDIA Corporation -> ) R2 PandaAetherAgent; C:\Program Files (x86)\Panda Security\Panda Aether Agent\AgentSvc.exe [203296 2019-11-13] (Panda Security S.L. -> Panda Security, S.L.) S3 PSEXESVC; C:\Windows\PSEXESVC.exe [145568 2017-09-08] (Microsoft Corporation -> Sysinternals) R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [739520 2015-09-27] (@ByELDI -> @ByELDI) [File not signed] S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-11-18] (SolidWorks) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11639536 2018-09-10] (TeamViewer GmbH -> TeamViewer GmbH) R2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [2287408 2017-06-12] (uvnc bvba -> UltraVNC) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-28] (Microsoft Windows -> Microsoft Corporation) S2 Ms64B4101AApp; C:\Windows\System32\Ms64B4101AApp.dll [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.) R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [96768 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation) R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [213504 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: Ms64B4101AAppBak -> no filepath. NETSVC: Ms64B4101AApp -> C:\Windows\System32\Ms64B4101AApp.dll ==> No File ==================== Three months (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-11-25 09:26 - 2019-11-25 09:27 - 000014238 _____ C:\Users\Administrador\Desktop\FRST.txt 2019-11-25 09:26 - 2019-11-25 09:26 - 000000000 ____D C:\Users\Administrador\Desktop\FRST-OlderVersion 2019-11-25 09:26 - 2019-11-25 09:26 - 000000000 ____D C:\FRST 2019-11-25 09:25 - 2019-11-25 09:26 - 002262016 _____ (Farbar) C:\Users\Administrador\Desktop\Farbar Recovery Scan Tool 64.exe 2019-11-25 09:25 - 2019-11-13 07:07 - 001989120 _____ (Farbar) C:\Users\Administrador\Desktop\Farbar Recovery Scan Tool 32.exe 2019-11-25 08:58 - 2019-11-25 09:24 - 000675412 _____ C:\TDSSKiller.3.1.0.28_25.11.2019_08.58.16_log.txt 2019-11-25 08:54 - 2019-11-25 09:24 - 000337659 _____ C:\Users\Administrador\Desktop\Reporte tdsskiller.txt 2019-11-25 08:51 - 2019-11-25 08:54 - 000199810 _____ C:\TDSSKiller.3.1.0.28_25.11.2019_08.51.05_log.txt 2019-11-25 08:49 - 2019-11-25 08:49 - 000000000 ____D C:\Users\Administrador\AppData\Roaming\WinRAR 2019-11-25 08:22 - 2019-11-25 08:22 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\63327507.sys 2019-11-25 08:22 - 2019-11-25 08:22 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-11-25 08:19 - 2019-11-25 08:19 - 001113271 _____ C:\Windows\SysWOW64\04B488D9F147B24006A0D80CDAE15ABD.CPB116 2019-11-25 08:16 - 2019-11-25 08:55 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2019-11-25 08:16 - 2019-11-25 08:49 - 000000000 ____D C:\Users\Administrador\Desktop\mbar 2019-11-25 08:16 - 2019-11-25 08:16 - 000192952 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2019-11-25 08:15 - 2019-11-25 07:16 - 005054744 _____ (AO Kaspersky Lab) C:\Users\Administrador\Desktop\tdsskiller.exe 2019-11-25 08:15 - 2019-11-25 07:15 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Administrador\Desktop\mbar-1.10.3.1001 (1).exe 2019-11-25 08:13 - 2019-11-25 08:13 - 000000000 ____D C:\Program Files (x86)\FONDQXIMSYHLISNDBCFPGGQDFFXNKBARIRJH 2019-11-22 13:54 - 2019-11-22 13:54 - 000284056 _____ C:\Windows\Minidump\112219-30279-01.dmp 2019-11-22 07:55 - 2019-11-22 07:55 - 000284424 _____ C:\Windows\Minidump\112219-31059-01.dmp 2019-11-22 07:49 - 2019-11-22 07:49 - 000285768 _____ C:\Windows\Minidump\112219-30747-01.dmp 2019-11-22 04:00 - 2019-11-22 04:00 - 000285384 _____ C:\Windows\Minidump\112219-31371-01.dmp 2019-11-21 14:56 - 2019-11-21 14:56 - 000283720 _____ C:\Windows\Minidump\112119-30513-01.dmp 2019-11-21 14:54 - 2019-11-21 14:54 - 000283152 _____ C:\Windows\Minidump\112119-29406-01.dmp 2019-11-21 14:46 - 2019-11-21 14:46 - 000283088 _____ C:\Windows\Minidump\112119-28641-01.dmp 2019-11-21 14:14 - 2019-11-21 14:14 - 000287888 _____ C:\Windows\Minidump\112119-30451-01.dmp 2019-11-21 13:46 - 2019-11-21 13:46 - 000283336 _____ C:\Windows\Minidump\112119-29234-01.dmp 2019-11-21 13:43 - 2019-11-21 13:43 - 000285816 _____ C:\Windows\Minidump\112119-31512-01.dmp 2019-11-21 07:47 - 2019-11-21 07:47 - 000285784 _____ C:\Windows\Minidump\112119-34211-01.dmp 2019-11-21 06:54 - 2019-11-21 06:54 - 000283088 _____ C:\Windows\Minidump\112119-36987-01.dmp 2019-11-21 06:26 - 2019-11-21 06:26 - 000286536 _____ C:\Windows\Minidump\112119-29546-01.dmp 2019-11-20 05:55 - 2019-11-20 05:55 - 000289320 _____ C:\Windows\Minidump\112019-30763-01.dmp 2019-11-20 04:47 - 2019-11-20 04:47 - 000283088 _____ C:\Windows\Minidump\112019-30856-01.dmp 2019-11-20 04:13 - 2019-11-20 04:13 - 000285656 _____ C:\Windows\Minidump\112019-28532-01.dmp 2019-11-19 06:13 - 2019-11-19 06:13 - 000283344 _____ C:\Windows\Minidump\111919-28626-01.dmp 2019-11-19 06:05 - 2019-11-19 06:05 - 000287224 _____ C:\Windows\Minidump\111919-32432-01.dmp 2019-11-14 13:36 - 2019-11-14 13:37 - 000053740 _____ C:\Windows\ntbtlog.txt 2019-11-14 06:24 - 2019-11-14 06:24 - 000286504 _____ C:\Windows\Minidump\111419-31028-01.dmp 2019-11-11 14:58 - 2019-11-11 14:58 - 000283536 _____ C:\Windows\Minidump\111119-27721-01.dmp 2019-11-11 12:50 - 2019-11-11 12:50 - 000286904 _____ C:\Windows\Minidump\111119-30123-01.dmp 2019-11-11 04:32 - 2019-11-11 04:32 - 000286024 _____ C:\Windows\Minidump\111119-28329-01.dmp 2019-11-07 11:57 - 2019-11-07 11:57 - 000290104 _____ C:\Windows\Minidump\110719-31122-01.dmp 2019-11-07 00:34 - 2019-11-07 00:34 - 000283088 _____ C:\Windows\Minidump\110719-35115-01.dmp 2019-11-06 15:02 - 2019-11-06 15:02 - 000362432 _____ C:\Windows\Minidump\110619-30451-01.dmp 2019-11-06 06:18 - 2019-11-06 06:18 - 000286648 _____ C:\Windows\Minidump\110619-30279-01.dmp 2019-11-06 04:16 - 2019-11-06 04:16 - 000285176 _____ C:\Windows\Minidump\110619-31168-01.dmp 2019-11-05 14:09 - 2019-11-05 14:09 - 000283152 _____ C:\Windows\Minidump\110519-27222-01.dmp 2019-11-05 14:01 - 2019-11-05 14:01 - 000286408 _____ C:\Windows\Minidump\110519-28407-01.dmp 2019-11-05 11:15 - 2019-11-05 11:15 - 000288808 _____ C:\Windows\Minidump\110519-31075-01.dmp 2019-11-05 08:19 - 2019-11-05 08:19 - 000287528 _____ C:\Windows\Minidump\110519-29343-01.dmp 2019-11-05 05:35 - 2019-11-05 05:35 - 000283728 _____ C:\Windows\Minidump\110519-28314-01.dmp 2019-11-05 05:31 - 2019-11-05 05:31 - 000285384 _____ C:\Windows\Minidump\110519-29187-01.dmp 2019-11-04 12:01 - 2019-11-04 12:01 - 000285304 _____ C:\Windows\Minidump\110419-31621-01.dmp 2019-11-04 11:36 - 2019-11-04 11:36 - 000289400 _____ C:\Windows\Minidump\110419-50247-01.dmp 2019-11-01 12:01 - 2019-11-01 12:01 - 000285896 _____ C:\Windows\Minidump\110119-30763-01.dmp 2019-11-01 10:52 - 2019-11-01 10:52 - 000285416 _____ C:\Windows\Minidump\110119-27939-01.dmp 2019-11-01 10:43 - 2019-11-01 10:43 - 000286984 _____ C:\Windows\Minidump\110119-27799-01.dmp 2019-10-31 08:24 - 2019-10-31 08:24 - 000285928 _____ C:\Windows\Minidump\103119-30342-01.dmp 2019-10-31 06:40 - 2019-10-31 06:40 - 000283088 _____ C:\Windows\Minidump\103119-32198-01.dmp 2019-10-31 06:12 - 2019-10-31 06:12 - 000286392 _____ C:\Windows\Minidump\103119-29936-01.dmp 2019-10-30 09:19 - 2019-10-30 09:19 - 000290360 _____ C:\Windows\Minidump\103019-43773-01.dmp 2019-10-29 07:19 - 2019-10-29 07:19 - 000286168 _____ C:\Windows\Minidump\102919-28922-01.dmp ==================== Three months (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-11-25 09:23 - 2017-09-25 08:00 - 000000000 ____D C:\Users\Administrador\AppData\Local\ElevatedDiagnostics 2019-11-25 09:11 - 2009-07-14 01:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-11-25 09:11 - 2009-07-14 01:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-11-25 09:02 - 2011-04-12 06:10 - 000744748 _____ C:\Windows\system32\perfh00A.dat 2019-11-25 09:02 - 2011-04-12 06:10 - 000157248 _____ C:\Windows\system32\perfc00A.dat 2019-11-25 09:02 - 2009-07-14 02:13 - 001669262 _____ C:\Windows\system32\PerfStringBackup.INI 2019-11-25 09:02 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf 2019-11-25 08:58 - 2016-03-17 12:27 - 000000105 _____ C:\Windows\Brownie.ini 2019-11-25 08:56 - 2018-07-23 07:48 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-11-25 08:55 - 2015-11-18 09:23 - 000000000 ____D C:\ProgramData\NVIDIA 2019-11-25 08:55 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-11-25 08:43 - 2017-08-01 09:24 - 000000000 ____D C:\Program Files\KMSpico 2019-11-25 08:18 - 2015-11-18 11:07 - 000002229 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-11-25 08:18 - 2015-11-18 11:07 - 000002188 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-11-25 08:18 - 2015-11-18 11:07 - 000002188 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2019-11-25 08:15 - 2009-07-14 01:45 - 000508640 _____ C:\Windows\system32\FNTCACHE.DAT 2019-11-25 08:12 - 2016-07-28 21:14 - 000003472 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2019-11-25 08:12 - 2016-07-28 21:14 - 000003344 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2019-11-25 08:12 - 2015-11-18 11:00 - 000000000 ____D C:\Program Files (x86)\Google 2019-11-25 08:11 - 2015-11-18 10:36 - 000000000 ____D C:\ProgramData\Panda Security 2019-11-25 08:06 - 2017-09-26 10:36 - 000000008 __RSH C:\Users\Administrador\ntuser.pol 2019-11-25 08:06 - 2016-08-24 08:39 - 000154272 _____ C:\Users\Administrador\AppData\Local\GDIPFONTCACHEV1.DAT 2019-11-25 08:06 - 2016-08-24 08:39 - 000000000 ____D C:\Users\Administrador 2019-11-25 03:50 - 2016-07-25 11:08 - 000154272 _____ C:\Users\CESAR\AppData\Local\GDIPFONTCACHEV1.DAT 2019-11-25 03:48 - 2009-07-14 00:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2019-11-22 13:54 - 2016-08-30 07:34 - 000000000 ____D C:\Windows\Minidump 2019-11-22 13:41 - 2018-01-03 10:34 - 000000008 __RSH C:\Users\INDICADORES\ntuser.pol 2019-11-22 13:41 - 2018-01-03 10:34 - 000000000 ____D C:\Users\INDICADORES 2019-11-21 07:43 - 2017-09-07 12:22 - 000000008 __RSH C:\Users\CESAR\ntuser.pol 2019-11-21 07:43 - 2016-07-25 11:08 - 000000000 ____D C:\Users\CESAR 2019-11-20 08:56 - 2016-07-25 11:08 - 000000000 ____D C:\Users\CESAR\AppData\Roaming\SolidWorks 2019-11-05 14:45 - 2017-08-01 09:17 - 000000000 ____D C:\Users\CESAR\AppData\Local\cache 2019-11-05 09:57 - 2017-12-13 09:23 - 000000000 ____D C:\Users\CESAR\cristian 2019-11-05 09:49 - 2016-11-07 08:36 - 000000000 ____D C:\Users\CESAR\AppData\Local\TempDirectorio de copias de seguridad de SW 2019-11-04 08:54 - 2015-11-18 10:36 - 000000000 _RSHD C:\Windows\PSICache 2019-11-04 08:54 - 2015-11-18 09:43 - 000000000 ____D C:\Program Files (x86)\Panda Security 2019-10-30 11:52 - 2015-11-18 10:18 - 000000000 ____D C:\Temp 2019-10-30 03:53 - 2009-07-14 02:08 - 000032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== SigCheckExt ========================= 2007-04-09 22:06 - 2007-04-10 01:06 - 000010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL 2011-03-14 00:03 - 2011-03-14 03:03 - 000083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BI4E.DLL 2011-04-19 00:03 - 2011-04-19 03:03 - 000120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMI4E.DLL 2018-02-23 11:24 - 2015-10-24 13:00 - 000126976 _____ C:\Windows\system32\ff_vfw.dll 2015-11-18 10:53 - 2010-02-05 14:00 - 001700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2018-02-23 11:24 - 2011-12-07 14:37 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll 2014-02-14 05:22 - 2014-02-14 05:22 - 000056584 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2009-06-25 09:27 - 2009-06-25 09:27 - 000541184 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\mvtcpmon.dll 2009-06-25 09:27 - 2009-06-25 09:27 - 000868864 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\mvtcpui.dll 2015-11-18 09:23 - 2015-10-13 14:26 - 000067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2009-06-25 09:25 - 2009-06-25 09:25 - 000144896 _____ (OpenSLP) C:\Windows\system32\slp64.dll 2017-08-01 09:24 - 2010-12-05 23:16 - 000090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll 2018-02-23 11:24 - 2016-05-08 06:19 - 003642880 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll 2018-02-23 11:24 - 2015-12-18 06:00 - 000755200 _____ C:\Windows\system32\xvidcore.dll 2018-02-23 11:24 - 2015-12-18 06:00 - 000309248 _____ C:\Windows\system32\xvidvfw.dll 2015-11-18 11:57 - 2016-06-29 05:58 - 000151552 _____ C:\Windows\KMSEmulator.exe 2018-01-03 10:50 - 2018-01-03 10:50 - 000253952 _____ (Microsoft Corporation) C:\Windows\Setup1.exe 2018-01-03 10:50 - 2018-01-03 10:50 - 000074240 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE 1998-07-28 00:00 - 1998-07-28 00:00 - 000015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ADODCES.DLL 2013-11-14 11:35 - 2013-11-14 11:35 - 000114688 _____ C:\Windows\SysWOW64\ATVTemplate.dll 2016-03-17 12:28 - 2004-09-23 12:00 - 000024223 _____ (brother Industries Ltd) C:\Windows\SysWOW64\BRLM03A.DLL 2016-03-17 12:28 - 2004-08-10 00:42 - 000077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\brlmw03a.dll 2016-03-17 12:28 - 2006-12-21 11:23 - 000176128 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL 2016-03-17 12:28 - 2007-08-19 13:34 - 000094208 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE 1998-07-28 00:00 - 1998-07-28 00:00 - 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMCT2ES.DLL 1998-07-28 00:00 - 1998-07-28 00:00 - 000028672 _____ (Microsoft Corporation ) C:\Windows\SysWOW64\CMCT3ES.DLL 1998-07-28 00:00 - 1998-07-28 00:00 - 000100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMCTLES.DLL 1998-07-28 00:00 - 1998-07-28 00:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGES.DLL 2015-11-18 09:17 - 2013-08-21 15:16 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll 2018-02-23 11:24 - 2015-10-24 13:00 - 000112128 _____ C:\Windows\SysWOW64\ff_vfw.dll 2001-01-30 04:33 - 2001-01-30 04:33 - 000028944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20ESP.DLL 2015-11-18 10:55 - 2011-06-22 11:32 - 001700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2015-01-22 11:19 - 2015-01-22 11:19 - 000090112 _____ (Maxim Integrated Products) C:\Windows\SysWOW64\IB97E32.dll 2015-01-22 11:19 - 2015-01-22 11:19 - 000106496 _____ (Maxim Integrated Products) C:\Windows\SysWOW64\IB97U32.dll 2015-01-22 11:19 - 2015-01-22 11:19 - 000135168 _____ (Maxim Integrated Products) C:\Windows\SysWOW64\IBFS32.dll 2015-01-22 11:19 - 2015-01-22 11:19 - 000086016 _____ (Maxim Integrated Products) C:\Windows\SysWOW64\IBTMJAVA.dll 2015-01-22 11:19 - 2015-01-22 11:19 - 000147456 _____ (Maxim Integrated Products) C:\Windows\SysWOW64\IBUSB32.dll 2012-04-20 13:59 - 2012-04-20 13:59 - 000001536 _____ C:\Windows\SysWOW64\IusEventLog.dll 2018-02-23 11:24 - 2011-12-07 14:32 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll 2003-03-28 09:00 - 2003-03-28 09:00 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40loc.dll 2002-01-05 04:48 - 2002-01-05 04:48 - 000974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70.dll 2002-01-05 04:36 - 2002-01-05 04:36 - 000964608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70u.dll 2004-02-23 00:00 - 2004-02-23 00:00 - 000078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSBIND.DLL 1998-07-28 00:00 - 1998-07-28 00:00 - 000060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2ES.DLL 1998-07-28 00:00 - 1998-07-28 00:00 - 000140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCES.DLL 1998-07-28 00:00 - 1998-07-28 00:00 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMES.DLL 1998-07-23 00:00 - 1998-07-23 00:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSHFGES.DLL 1998-07-28 00:00 - 1998-07-28 00:00 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMSKES.DLL 2005-09-23 07:57 - 2005-09-23 07:57 - 000094208 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\msstkprp.dll 2002-01-05 03:38 - 2002-01-05 03:38 - 000054784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvci70.dll 2002-01-05 03:40 - 2002-01-05 03:40 - 000487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll 2003-03-19 09:44 - 2003-03-19 09:44 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll 2002-01-05 03:37 - 2002-01-05 03:37 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll 2015-11-18 10:55 - 2011-06-22 11:32 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll 2003-04-18 16:46 - 2003-04-18 16:46 - 001233920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll 2003-04-18 16:29 - 2003-04-18 16:29 - 000082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll 2016-03-17 12:28 - 2009-05-25 19:14 - 000196608 _____ (brother) C:\Windows\SysWOW64\Pdrvinst.dll 1998-07-28 00:00 - 1998-07-28 00:00 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RCHTXES.DLL 1998-07-31 00:00 - 1998-07-31 00:00 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\STDFTES.DLL 1998-06-18 00:00 - 1998-06-18 00:00 - 000089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL 2000-10-02 00:00 - 2000-10-02 00:00 - 000119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6ES.DLL 2000-07-15 00:00 - 2000-07-15 00:00 - 000101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL 2011-12-15 09:57 - 2011-12-15 09:57 - 000139264 _____ (FreeVBCode.com) C:\Windows\SysWOW64\vbSendMail.dll 2018-02-23 11:24 - 2016-05-08 06:19 - 003621888 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll 2018-02-23 11:24 - 2015-12-18 06:00 - 000674816 _____ C:\Windows\SysWOW64\xvidcore.dll 2018-02-23 11:24 - 2015-12-18 06:00 - 000282112 _____ C:\Windows\SysWOW64\xvidvfw.dll 2019-11-25 09:25 - 2019-11-13 07:07 - 001989120 _____ (Farbar) C:\Users\Administrador\Desktop\Farbar Recovery Scan Tool 32.exe 2019-11-25 09:25 - 2019-11-25 09:26 - 002262016 _____ (Farbar) C:\Users\Administrador\Desktop\Farbar Recovery Scan Tool 64.exe 2016-12-14 07:59 - 2016-12-14 07:59 - 005974040 _____ (© pdfforge GmbH.) C:\Users\TURNO NOCHE\Downloads\PDF_Architect_4_Installer (1).exe 2016-12-14 07:59 - 2016-12-14 08:00 - 005974040 _____ (© pdfforge GmbH.) C:\Users\TURNO NOCHE\Downloads\PDF_Architect_4_Installer.exe 2016-07-20 09:59 - 2016-07-20 10:09 - 059160870 _____ (PortableApps.com) C:\Users\TURNO NOCHE\Downloads\UCBrowserPortable_5.6.13108.1201_on_Chrome_48.0.2564.116_rev_1.paf.exe 2015-12-10 08:13 - 2014-06-08 21:38 - 024677393 _____ C:\Users\TURNO NOCHE\Documents\vlc-2.1.3-win32.exe ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== BCD ================================ Administrador de arranque de Windows ---------------------------------- Identificador {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale es-ES inherit {globalsettings} default {current} resumeobject {e9b31bca-8dc8-11e5-815c-ea059e98c909} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Cargador de arranque de Windows ----------------------------- Identificador {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale es-ES inherit {bootloadersettings} recoverysequence {e9b31bcc-8dc8-11e5-815c-ea059e98c909} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {e9b31bca-8dc8-11e5-815c-ea059e98c909} nx OptIn Cargador de arranque de Windows ----------------------------- Identificador {e9b31bcc-8dc8-11e5-815c-ea059e98c909} device ramdisk=[C:]\Recovery\e9b31bcc-8dc8-11e5-815c-ea059e98c909\Winre.wim,{e9b31bcd-8dc8-11e5-815c-ea059e98c909} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\e9b31bcc-8dc8-11e5-815c-ea059e98c909\Winre.wim,{e9b31bcd-8dc8-11e5-815c-ea059e98c909} systemroot \windows nx OptIn winpe Yes Reanudar tras hibernaci�n ------------------------- Identificador {e9b31bca-8dc8-11e5-815c-ea059e98c909} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale es-ES inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Herramienta de comprobaci�n de memoria de Windows ------------------------------------------------- Identificador {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Herramienta de diagn�stico de memoria de Windows locale es-ES inherit {globalsettings} badmemoryaccess Yes Configuraci�n de EMS -------------------- Identificador {emssettings} bootems Yes Configuraci�n del depurador --------------------------- Identificador {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Defectos de RAM --------------- Identificador {badmemory} Configuraci�n global -------------------- Identificador {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Configuraci�n del cargador de arranque ------------------------------------ Identificador {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Configuraci�n de hipervisor ------------------- Identificador {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Reanudar la configuraci�n del cargador -------------------------------------- Identificador {resumeloadersettings} inherit {globalsettings} Opciones de dispositivo ----------------------- Identificador {e9b31bcd-8dc8-11e5-815c-ea059e98c909} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\e9b31bcc-8dc8-11e5-815c-ea059e98c909\boot.sdi LastRegBack: 2019-11-19 06:53 ==================== End of FRST.txt ========================