Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-12-2019 Ran by SYSTEM on MININT-BEC89N7 (02-12-2019 11:43:39) Running from G:\ Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation -> Renesas Electronics Corporation) HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp HKU\CESAR\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) HKU\CESAR\...\Policies\Explorer: [] HKU\CESAR\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\BAMBIS~1.SCR [4281810 2017-09-05] () HKU\INDICADORES\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) HKU\INDICADORES\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\BAMBIS~1.SCR [4281810 2017-09-05] () HKU\OPERADOR\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\BAMBIS~1.SCR [4281810 2017-09-05] () HKU\TURNO NOCHE\...\Policies\system: [NoDispScrSavPage] 1 HKU\TURNO NOCHE\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\BAMBIS~1.SCR [4281810 2017-09-05] () HKU\VICARIO\...\Policies\system: [NoDispScrSavPage] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sincronizacion.bat [2017-06-01] () Startup: C:\Users\INDICADORES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sincronizacion.bat [2017-06-01] () ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2C59BC43-2A93-4C5F-BCEC-8DF26C87FFFC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) Task: {602080A4-9B9A-41BB-8902-E1E45F574355} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-06-06] () Task: {634AA190-CAC8-44EA-9EFD-46B0E150272A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-18] (Google Inc -> Google Inc.) Task: {8AB86CC4-15A1-4CE2-823C-E07240F5338D} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [740032 2015-09-27] (@ByELDI -> @ByELDI) Task: {8CAFC395-AEFF-45A2-A4FE-5621407DB813} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd) Task: {C3B6E86D-40C5-4F4F-97E7-0807FCF0CADF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1018056 2015-03-07] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {EBBA1142-F0B9-4DA7-A247-5553EE37E082} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-18] (Google Inc -> Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc. -> Autodesk, Inc.) S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation) S2 HPSIService; C:\Windows\system32\HPSIsvc.exe [127800 2010-04-07] (Hewlett-Packard Company -> HP) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation -> Intel Corporation) S2 Ms64B4101AAppB; C:\Windows\System32\Ms64B4101AApp.dll [516608 2019-11-28] () S2 NVWMI; C:\Windows\system32\nvwmi64.exe [2692272 2015-10-13] (NVIDIA Corporation -> ) S3 PSEXESVC; C:\Windows\PSEXESVC.exe [145568 2017-09-08] (Microsoft Corporation -> Sysinternals) S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [739520 2015-09-27] (@ByELDI -> @ByELDI) S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11639536 2018-09-10] (TeamViewer GmbH -> TeamViewer GmbH) S2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [2287408 2017-06-13] (uvnc bvba -> UltraVNC) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-28] (Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-21] (Microsoft Corporation) S1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2014-04-28] (Microsoft Corporation) S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-21] (Microsoft Corporation) S1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] (Microsoft Corporation) S3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2014-04-28] (Microsoft Corporation) S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.) S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.) S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] (Brother Industries Ltd.) S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.) S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.) S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.) S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-14] (Microsoft Corporation) S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-14] (Microsoft Corporation) S3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-21] (Microsoft Corporation) S1 CSC; C:\Windows\System32\drivers\csc.sys [514560 2010-11-21] (Microsoft Corporation) S1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] (Microsoft Corporation) S3 dmvsc; C:\Windows\system32\drivers\dmvsc.sys [71168 2010-11-21] (Microsoft Corporation) S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] (Microsoft Corporation) S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.) S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-21] (Microsoft Corporation) S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-14] (Microsoft Corporation) S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-14] (Microsoft Corporation) S3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-21] (Microsoft Corporation) S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-21] (Microsoft Corporation) S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] (Microsoft Corporation) S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] (Microsoft Corporation) S2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] (Microsoft Corporation) S2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] (Microsoft Corporation) S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] (Microsoft Corporation) S3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] (Microsoft Corporation) S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2014-04-28] (Microsoft Corporation) S3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2014-04-28] (Microsoft Corporation) S3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2014-04-28] (Microsoft Corporation) S3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2014-04-28] (Microsoft Corporation) S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] (Microsoft Corporation) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-03-06] (Marvell Semiconductor, Inc.) S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] (Microsoft Corporation) S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] (Microsoft Corporation) S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] (Microsoft Corporation) S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] (Microsoft Corporation) S1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] (Microsoft Corporation) S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] (Microsoft Corporation) S3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-14] (Microsoft Corporation) S1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] (Microsoft Corporation) S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165888 2010-11-21] (Microsoft Corporation) S1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] (Microsoft Corporation) S1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] (Microsoft Corporation) S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2014-04-28] (Microsoft Corporation) S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2014-04-28] (Microsoft Corporation) S2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] (Microsoft Corporation) S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [6656 2010-11-21] (Microsoft Corporation) S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] (Microsoft Corporation) S2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] (Microsoft Corporation) S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] (Microsoft Corporation) S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] (Microsoft Corporation) S3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2014-04-28] (Microsoft Corporation) S3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2014-04-28] (Microsoft Corporation) S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2014-04-28] (Microsoft Corporation) S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2014-04-28] (Microsoft Corporation) S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] (Microsoft Corporation) S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2014-04-28] (Microsoft Corporation) S3 terminpt; C:\Windows\system32\drivers\terminpt.sys [29696 2014-04-28] (Microsoft Corporation) S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2014-04-28] (Microsoft Corporation) S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56832 2014-04-28] (Microsoft Corporation) S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [29696 2014-04-28] (Microsoft Corporation) S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [117248 2010-11-21] (Microsoft Corporation) S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] (Microsoft Corporation) S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2014-04-28] (Microsoft Corporation) S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2014-04-28] (Microsoft Corporation) S3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [53248 2014-04-28] (Microsoft Corporation) S3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2014-04-28] (Microsoft Corporation) S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2014-04-28] (Microsoft Corporation) S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] (Microsoft Corporation) S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2014-04-28] (Microsoft Corporation) S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2014-04-28] (Microsoft Corporation) S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2014-04-28] (Microsoft Corporation) S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2014-04-28] (Microsoft Corporation) S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] (Microsoft Corporation) S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2009-07-14] (Microsoft Corporation) S1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] (Microsoft Corporation) S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-21] (Microsoft Corporation) S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2014-04-28] (Microsoft Corporation) S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2014-04-28] (Microsoft Corporation) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: Ms64B4101AApp -> no filepath. NETSVC: Ms64B4101AAppA -> no filepath. NETSVC: Ms64B4101AAppBak -> no filepath. NETSVC: Ms64B4101AAppB -> C:\Windows\System32\Ms64B4101AApp.dll () ==================== Three months (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-11-28 12:55 - 2019-11-28 12:55 - 000000000 ____D C:\Users\CESAR\AppData\Local\TeamViewer 2019-11-28 09:47 - 2019-11-28 09:47 - 000516608 ____N C:\Windows\System32\Ms64B4101AApp.dll 2019-11-28 09:45 - 2019-11-28 09:45 - 000000000 ____D C:\Program Files (x86)\FONDQXIMSYHLISNDBCFPGGQDFFXNKBARIRJH 2019-11-27 12:18 - 2019-11-27 12:18 - 000000263 _____ C:\Users\Administrador\Documents\DelFix.txt 2019-11-27 12:16 - 2019-11-27 12:16 - 000000000 ____D C:\Windows\ERUNT 2019-11-27 12:00 - 2019-11-27 12:00 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update 2019-11-27 12:00 - 2019-11-27 12:00 - 000002820 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2019-11-27 12:00 - 2019-11-27 12:00 - 000000000 ____D C:\Program Files\CCleaner 2019-11-27 11:49 - 2019-11-27 11:49 - 000000000 ____D C:\Users\CESAR\AppData\Roaming\WinRAR 2019-11-25 13:36 - 2019-11-25 13:36 - 000106592 _____ C:\Users\Administrador\Desktop\FRST_Addition.txt 2019-11-25 13:36 - 2019-11-25 13:36 - 000104622 _____ C:\Users\Administrador\Desktop\FRST_Shortcut.txt 2019-11-25 13:29 - 2019-11-25 13:29 - 000104619 _____ C:\Users\Administrador\Desktop\Shortcut.txt 2019-11-25 13:28 - 2019-11-25 13:29 - 000106589 _____ C:\Users\Administrador\Desktop\Addition.txt 2019-11-25 13:26 - 2019-12-02 11:43 - 000000000 ____D C:\FRST 2019-11-25 13:26 - 2019-11-25 13:36 - 000036417 _____ C:\Users\Administrador\Desktop\FRST.txt 2019-11-25 13:26 - 2019-11-25 13:26 - 000000000 ____D C:\Users\Administrador\Desktop\FRST-OlderVersion 2019-11-25 13:25 - 2019-11-25 13:26 - 002262016 _____ (Farbar) C:\Users\Administrador\Desktop\Farbar Recovery Scan Tool 64.exe 2019-11-25 13:25 - 2019-11-13 11:07 - 001989120 _____ (Farbar) C:\Users\Administrador\Desktop\Farbar Recovery Scan Tool 32.exe 2019-11-25 12:58 - 2019-11-25 13:24 - 000675412 _____ C:\TDSSKiller.3.1.0.28_25.11.2019_08.58.16_log.txt 2019-11-25 12:54 - 2019-11-25 13:24 - 000337659 _____ C:\Users\Administrador\Desktop\Reporte tdsskiller.txt 2019-11-25 12:51 - 2019-11-25 12:54 - 000199810 _____ C:\TDSSKiller.3.1.0.28_25.11.2019_08.51.05_log.txt 2019-11-25 12:49 - 2019-11-25 12:49 - 000000000 ____D C:\Users\Administrador\AppData\Roaming\WinRAR 2019-11-25 12:22 - 2019-11-25 12:22 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\63327507.sys 2019-11-25 12:22 - 2019-11-25 12:22 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-11-25 12:19 - 2019-11-25 12:19 - 001113271 _____ C:\Windows\SysWOW64\04B488D9F147B24006A0D80CDAE15ABD.CPB116 2019-11-25 12:16 - 2019-11-25 12:55 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2019-11-25 12:16 - 2019-11-25 12:49 - 000000000 ____D C:\Users\Administrador\Desktop\mbar 2019-11-25 12:16 - 2019-11-25 12:16 - 000192952 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys 2019-11-25 12:15 - 2019-11-25 11:16 - 005054744 _____ (AO Kaspersky Lab) C:\Users\Administrador\Desktop\tdsskiller.exe 2019-11-25 12:15 - 2019-11-25 11:15 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Administrador\Desktop\mbar-1.10.3.1001 (1).exe 2019-11-22 17:54 - 2019-11-22 17:54 - 000284056 _____ C:\Windows\Minidump\112219-30279-01.dmp 2019-11-22 11:55 - 2019-11-22 11:55 - 000284424 _____ C:\Windows\Minidump\112219-31059-01.dmp 2019-11-22 11:49 - 2019-11-22 11:49 - 000285768 _____ C:\Windows\Minidump\112219-30747-01.dmp 2019-11-22 08:00 - 2019-11-22 08:00 - 000285384 _____ C:\Windows\Minidump\112219-31371-01.dmp 2019-11-21 18:56 - 2019-11-21 18:56 - 000283720 _____ C:\Windows\Minidump\112119-30513-01.dmp 2019-11-21 18:54 - 2019-11-21 18:54 - 000283152 _____ C:\Windows\Minidump\112119-29406-01.dmp 2019-11-21 18:46 - 2019-11-21 18:46 - 000283088 _____ C:\Windows\Minidump\112119-28641-01.dmp 2019-11-21 18:14 - 2019-11-21 18:14 - 000287888 _____ C:\Windows\Minidump\112119-30451-01.dmp 2019-11-21 17:46 - 2019-11-21 17:46 - 000283336 _____ C:\Windows\Minidump\112119-29234-01.dmp 2019-11-21 17:43 - 2019-11-21 17:43 - 000285816 _____ C:\Windows\Minidump\112119-31512-01.dmp 2019-11-21 11:47 - 2019-11-21 11:47 - 000285784 _____ C:\Windows\Minidump\112119-34211-01.dmp 2019-11-21 10:54 - 2019-11-21 10:54 - 000283088 _____ C:\Windows\Minidump\112119-36987-01.dmp 2019-11-21 10:26 - 2019-11-21 10:26 - 000286536 _____ C:\Windows\Minidump\112119-29546-01.dmp 2019-11-20 09:55 - 2019-11-20 09:55 - 000289320 _____ C:\Windows\Minidump\112019-30763-01.dmp 2019-11-20 08:47 - 2019-11-20 08:47 - 000283088 _____ C:\Windows\Minidump\112019-30856-01.dmp 2019-11-20 08:13 - 2019-11-20 08:13 - 000285656 _____ C:\Windows\Minidump\112019-28532-01.dmp 2019-11-19 10:13 - 2019-11-19 10:13 - 000283344 _____ C:\Windows\Minidump\111919-28626-01.dmp 2019-11-19 10:05 - 2019-11-19 10:05 - 000287224 _____ C:\Windows\Minidump\111919-32432-01.dmp 2019-11-14 17:36 - 2019-11-14 17:37 - 000053740 _____ C:\Windows\ntbtlog.txt 2019-11-14 10:24 - 2019-11-14 10:24 - 000286504 _____ C:\Windows\Minidump\111419-31028-01.dmp 2019-11-11 18:58 - 2019-11-11 18:58 - 000283536 _____ C:\Windows\Minidump\111119-27721-01.dmp 2019-11-11 16:50 - 2019-11-11 16:50 - 000286904 _____ C:\Windows\Minidump\111119-30123-01.dmp 2019-11-11 08:32 - 2019-11-11 08:32 - 000286024 _____ C:\Windows\Minidump\111119-28329-01.dmp 2019-11-07 15:57 - 2019-11-07 15:57 - 000290104 _____ C:\Windows\Minidump\110719-31122-01.dmp 2019-11-07 04:34 - 2019-11-07 04:34 - 000283088 _____ C:\Windows\Minidump\110719-35115-01.dmp 2019-11-06 19:02 - 2019-11-06 19:02 - 000362432 _____ C:\Windows\Minidump\110619-30451-01.dmp 2019-11-06 10:18 - 2019-11-06 10:18 - 000286648 _____ C:\Windows\Minidump\110619-30279-01.dmp 2019-11-06 08:16 - 2019-11-06 08:16 - 000285176 _____ C:\Windows\Minidump\110619-31168-01.dmp 2019-11-05 18:09 - 2019-11-05 18:09 - 000283152 _____ C:\Windows\Minidump\110519-27222-01.dmp 2019-11-05 18:01 - 2019-11-05 18:01 - 000286408 _____ C:\Windows\Minidump\110519-28407-01.dmp 2019-11-05 15:15 - 2019-11-05 15:15 - 000288808 _____ C:\Windows\Minidump\110519-31075-01.dmp 2019-11-05 12:19 - 2019-11-05 12:19 - 000287528 _____ C:\Windows\Minidump\110519-29343-01.dmp 2019-11-05 09:35 - 2019-11-05 09:35 - 000283728 _____ C:\Windows\Minidump\110519-28314-01.dmp 2019-11-05 09:31 - 2019-11-05 09:31 - 000285384 _____ C:\Windows\Minidump\110519-29187-01.dmp 2019-11-04 16:01 - 2019-11-04 16:01 - 000285304 _____ C:\Windows\Minidump\110419-31621-01.dmp 2019-11-04 15:36 - 2019-11-04 15:36 - 000289400 _____ C:\Windows\Minidump\110419-50247-01.dmp 2019-11-01 16:01 - 2019-11-01 16:01 - 000285896 _____ C:\Windows\Minidump\110119-30763-01.dmp 2019-11-01 14:52 - 2019-11-01 14:52 - 000285416 _____ C:\Windows\Minidump\110119-27939-01.dmp 2019-11-01 14:43 - 2019-11-01 14:43 - 000286984 _____ C:\Windows\Minidump\110119-27799-01.dmp 2019-10-31 12:24 - 2019-10-31 12:24 - 000285928 _____ C:\Windows\Minidump\103119-30342-01.dmp 2019-10-31 10:40 - 2019-10-31 10:40 - 000283088 _____ C:\Windows\Minidump\103119-32198-01.dmp 2019-10-31 10:12 - 2019-10-31 10:12 - 000286392 _____ C:\Windows\Minidump\103119-29936-01.dmp 2019-10-30 13:19 - 2019-10-30 13:19 - 000290360 _____ C:\Windows\Minidump\103019-43773-01.dmp 2019-10-29 11:19 - 2019-10-29 11:19 - 000286168 _____ C:\Windows\Minidump\102919-28922-01.dmp ==================== Three months (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-12-02 13:23 - 2011-04-12 10:10 - 000744748 _____ C:\Windows\System32\perfh00A.dat 2019-12-02 13:23 - 2011-04-12 10:10 - 000157248 _____ C:\Windows\System32\perfc00A.dat 2019-12-02 13:23 - 2009-07-14 06:13 - 001668880 _____ C:\Windows\System32\PerfStringBackup.INI 2019-12-02 13:23 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2019-12-02 09:57 - 2009-07-14 05:45 - 000028976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-12-02 09:57 - 2009-07-14 05:45 - 000028976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-12-02 09:42 - 2018-07-23 11:48 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-12-02 09:42 - 2015-11-18 13:23 - 000000000 ____D C:\ProgramData\NVIDIA 2019-12-02 09:42 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-11-27 12:20 - 2016-12-12 15:10 - 000000000 ____D C:\Users\TURNO NOCHE\AppData\LocalLow\Temp 2019-11-27 12:20 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\System32\GroupPolicy 2019-11-27 12:20 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy 2019-11-27 11:59 - 2016-03-17 16:27 - 000000105 _____ C:\Windows\Brownie.ini 2019-11-27 08:41 - 2016-07-25 15:08 - 000154272 _____ C:\Users\CESAR\AppData\Local\GDIPFONTCACHEV1.DAT 2019-11-26 18:55 - 2018-01-03 14:35 - 000154272 _____ C:\Users\INDICADORES\AppData\Local\GDIPFONTCACHEV1.DAT 2019-11-26 18:52 - 2009-07-14 05:45 - 000555936 _____ C:\Windows\System32\FNTCACHE.DAT 2019-11-26 11:10 - 2016-08-24 12:39 - 000154272 _____ C:\Users\Administrador\AppData\Local\GDIPFONTCACHEV1.DAT 2019-11-25 13:23 - 2017-09-25 12:00 - 000000000 ____D C:\Users\Administrador\AppData\Local\ElevatedDiagnostics 2019-11-25 12:43 - 2017-08-01 13:24 - 000000000 ____D C:\Program Files\KMSpico 2019-11-25 12:18 - 2015-11-18 15:07 - 000002188 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-11-25 12:12 - 2016-07-29 01:14 - 000003472 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2019-11-25 12:12 - 2016-07-29 01:14 - 000003344 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2019-11-25 12:12 - 2015-11-18 15:00 - 000000000 ____D C:\Program Files (x86)\Google 2019-11-25 12:06 - 2017-09-26 14:36 - 000000008 __RSH C:\Users\Administrador\ntuser.pol 2019-11-25 12:06 - 2016-08-24 12:39 - 000000000 ____D C:\users\Administrador 2019-11-22 17:54 - 2016-08-30 11:34 - 000000000 ____D C:\Windows\Minidump 2019-11-22 17:41 - 2018-01-03 14:34 - 000000008 __RSH C:\Users\INDICADORES\ntuser.pol 2019-11-22 17:41 - 2018-01-03 14:34 - 000000000 ____D C:\users\INDICADORES 2019-11-21 11:43 - 2017-09-07 16:22 - 000000008 __RSH C:\Users\CESAR\ntuser.pol 2019-11-21 11:43 - 2016-07-25 15:08 - 000000000 ____D C:\users\CESAR 2019-11-20 12:56 - 2016-07-25 15:08 - 000000000 ____D C:\Users\CESAR\AppData\Roaming\SolidWorks 2019-11-12 22:03 - 2010-11-21 04:27 - 000748816 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2019-11-05 18:45 - 2017-08-01 13:17 - 000000000 ____D C:\Users\CESAR\AppData\Local\cache 2019-11-05 13:57 - 2017-12-13 13:23 - 000000000 ____D C:\Users\CESAR\cristian 2019-11-05 13:49 - 2016-11-07 12:36 - 000000000 ____D C:\Users\CESAR\AppData\Local\TempDirectorio de copias de seguridad de SW 2019-11-04 12:54 - 2015-11-18 14:36 - 000000000 _RSHD C:\Windows\PSICache ==================== KnownDLLs (Whitelisted) ========================= ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\dllhost.exe => MD5 is legit C:\Windows\SysWOW64\dllhost.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= Restore point date: 2019-11-19 11:00 Restore point date: 2019-11-25 12:08 Restore point date: 2019-11-25 12:09 Restore point date: 2019-11-25 12:43 Restore point date: 2019-11-25 13:26 Restore point date: 2019-11-25 13:26 Restore point date: 2019-11-26 11:15 Restore point date: 2019-11-27 12:04 Restore point date: 2019-11-27 12:20 Restore point date: 2019-11-28 12:50 Restore point date: 2019-12-02 10:04 ==================== BCD ================================ Administrador de arranque de Windows ---------------------------------- Identificador {bootmgr} device partition=Y: description Windows Boot Manager locale es-ES inherit {globalsettings} default {default} resumeobject {e9b31bca-8dc8-11e5-815c-ea059e98c909} displayorder {default} toolsdisplayorder {memdiag} timeout 30 Cargador de arranque de Windows ----------------------------- Identificador {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale es-ES inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {e9b31bca-8dc8-11e5-815c-ea059e98c909} nx OptIn Cargador de arranque de Windows ----------------------------- Identificador {current} device ramdisk=[C:]\Recovery\e9b31bcc-8dc8-11e5-815c-ea059e98c909\Winre.wim,{e9b31bcd-8dc8-11e5-815c-ea059e98c909} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\e9b31bcc-8dc8-11e5-815c-ea059e98c909\Winre.wim,{e9b31bcd-8dc8-11e5-815c-ea059e98c909} systemroot \windows nx OptIn winpe Yes Reanudar tras hibernaci�n ------------------------- Identificador {e9b31bca-8dc8-11e5-815c-ea059e98c909} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale es-ES inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Herramienta de comprobaci�n de memoria de Windows ------------------------------------------------- Identificador {memdiag} device partition=Y: path \boot\memtest.exe description Herramienta de diagn�stico de memoria de Windows locale es-ES inherit {globalsettings} badmemoryaccess Yes Configuraci�n de EMS -------------------- Identificador {emssettings} bootems Yes Configuraci�n del depurador --------------------------- Identificador {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Defectos de RAM --------------- Identificador {badmemory} Configuraci�n global -------------------- Identificador {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Configuraci�n del cargador de arranque ------------------------------------ Identificador {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Configuraci�n de hipervisor ------------------- Identificador {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Reanudar la configuraci�n del cargador -------------------------------------- Identificador {resumeloadersettings} inherit {globalsettings} Opciones de dispositivo ----------------------- Identificador {e9b31bcd-8dc8-11e5-815c-ea059e98c909} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\e9b31bcc-8dc8-11e5-815c-ea059e98c909\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 8169.44 MB Available physical RAM: 7245.1 MB Total Virtual: 8167.64 MB Available Virtual: 7224.33 MB ==================== Drives ================================ Drive c: (SISTEMA) (Fixed) (Total:78.03 GB) (Free:2.76 GB) NTFS Drive d: (RESPALDO) (Fixed) (Total:387.62 GB) (Free:249.13 GB) NTFS Drive g: (WIN10-64) (Removable) (Total:28.82 GB) (Free:24.94 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 44C744C6) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=387.6 GB) - (Type=0F Extended) ========================================================== Disk: 1 (Protective MBR) (Size: 28.8 GB) (Disk ID: 00000000) Partition: GPT. LastRegBack: 2019-11-29 10:33 ==================== End of FRST.txt ========================