Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01 Ran by fisioterapia (administrator) on LENOVO-PC (26-08-2016 15:13:42) Running from C:\Users\fisioterapia\Desktop Loaded Profiles: fisioterapia (Available Profiles: fisioterapia) Platform: Windows 8.1 Single Language (X64) Language: Español (España, internacional) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-20] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67864 2016-08-04] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-06] (Atheros Communications) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] Tcpip\..\Interfaces\{044378CC-3093-4F0A-A76B-DD5EF5F563FE}: [DhcpNameServer] Tcpip\..\Interfaces\{636346F4-D807-48C5-891C-B8E2AEBA8422}: [DhcpNameServer] Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:// HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4080409232-1409504885-1139174345-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps:// HKU\S-1-5-21-4080409232-1409504885-1139174345-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp:// HKU\S-1-5-21-4080409232-1409504885-1139174345-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp:// SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4080409232-1409504885-1139174345-1001 -> DefaultScope {17E0BAE5-4875-4715-A630-14F76081A833} URL = hxxp://{searchTerms}&rlz= SearchScopes: HKU\S-1-5-21-4080409232-1409504885-1139174345-1001 -> {17E0BAE5-4875-4715-A630-14F76081A833} URL = hxxp://{searchTerms}&rlz= SearchScopes: HKU\S-1-5-21-4080409232-1409504885-1139174345-1001 -> {B2EED70F-898B-4C88-8BE4-D9664EAB8BCA} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\fisioterapia\AppData\Roaming\Mozilla\Firefox\Profiles\SPqIyouS.default FF Plugin-x32: WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation) FF Plugin-x32:,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation) FF Plugin-x32:,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-03] (Microsoft Corporation) FF Plugin-x32: -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-23] (Nitro PDF) FF Plugin-x32: Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Extension: (Avira Browser Safety) - C:\Users\fisioterapia\AppData\Roaming\Mozilla\Firefox\Profiles\SPqIyouS.default\Extensions\ [2016-07-18] Chrome: ======= CHR Profile: C:\Users\fisioterapia\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Avira Navegación segura) - C:\Users\fisioterapia\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-07-29] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\fisioterapia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-29] CHR Extension: (Gmail) - C:\Users\fisioterapia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-29] CHR Extension: (Chrome Media Router) - C:\Users\fisioterapia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-23] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps:// CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps:// ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-06] (Windows (R) Win 7 DDK provider) [File not signed] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [320672 2016-08-04] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.) R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.) R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-23] (Nitro PDF Software) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] () S3 vmicvss; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-06] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-06] (Qualcomm Atheros) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [100072 2013-08-02] (GenesysLogic) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.) R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-11-09] (Realtek Semiconductor Corp.) R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-10] (Synaptics Incorporated) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 mfeaack01; \Device\mfeaack01.sys [X] S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-26 15:13 - 2016-08-26 15:14 - 00015214 _____ C:\Users\fisioterapia\Desktop\FRST.txt 2016-08-26 15:13 - 2016-08-26 15:13 - 00000000 ____D C:\FRST 2016-08-26 15:12 - 2016-08-26 15:12 - 02396160 _____ (Farbar) C:\Users\fisioterapia\Desktop\FRST64.exe 2016-08-26 15:09 - 2016-08-26 15:09 - 02396160 _____ (Farbar) C:\Users\fisioterapia\Downloads\FRST64.exe 2016-08-26 11:42 - 2016-08-26 11:42 - 00281632 _____ C:\WINDOWS\Minidump\082616-22328-01.dmp 2016-08-25 10:12 - 2016-08-25 10:12 - 00460883 _____ C:\Users\fisioterapia\Downloads\INVMC_PROCESO_16-13-5483561_219698011_21030448.pdf 2016-08-24 13:31 - 2016-08-24 13:31 - 00146475 _____ C:\Users\fisioterapia\Downloads\INFORME DE ATENCIONES EN SALUD OCUPACIONAL CRC 2015 -2016 A JUNIO 2016 (2).xlsx 2016-08-24 13:29 - 2016-08-24 13:29 - 00064748 _____ C:\Users\fisioterapia\Downloads\crc listado salud ocupacional (1).xlsx 2016-08-24 13:28 - 2016-08-24 13:28 - 00028359 _____ C:\Users\fisioterapia\Downloads\CRC JUNIO DE 2016.xlsx 2016-08-24 13:17 - 2016-08-24 13:17 - 00137689 _____ C:\Users\fisioterapia\Downloads\INFORME DE ATENCIONES EN SALUD OCUPACIONAL CRC 2015 -2016 A JUNIO 2016 (1).xlsx 2016-08-24 13:02 - 2016-08-24 13:02 - 00146475 _____ C:\Users\fisioterapia\Downloads\INFORME DE ATENCIONES EN SALUD OCUPACIONAL CRC 2015 -2016 A JUNIO 2016.xlsx 2016-08-24 11:00 - 2016-08-24 11:00 - 00001165 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2016-08-23 17:33 - 2016-08-23 17:34 - 01029600 _____ C:\WINDOWS\Minidump\082316-21000-01.dmp 2016-08-23 17:10 - 2016-08-23 17:11 - 00795488 _____ C:\WINDOWS\Minidump\082316-25656-01.dmp 2016-08-23 16:08 - 2016-08-23 16:08 - 00281632 _____ C:\WINDOWS\Minidump\082316-39687-01.dmp 2016-08-23 10:58 - 2016-08-23 10:58 - 00281632 _____ C:\WINDOWS\Minidump\082316-23125-01.dmp 2016-08-22 10:24 - 2016-08-22 10:24 - 00281632 _____ C:\WINDOWS\Minidump\082216-27796-01.dmp 2016-08-18 08:36 - 2016-08-18 08:37 - 00262144 _____ C:\WINDOWS\Minidump\081816-51312-01.dmp 2016-08-17 23:00 - 2016-08-17 23:00 - 00072202 _____ C:\Users\fisioterapia\Downloads\Resultado10074020.pdf 2016-08-17 22:21 - 2016-08-17 22:22 - 06355379 _____ C:\Users\fisioterapia\Downloads\DISTINTIVOS HABILITACION FUNRESER 2016-08-17 22:06 - 2016-08-17 22:06 - 00035860 _____ C:\Users\fisioterapia\Downloads\CA_190010719901_17_08_2016_10_06horas.pdf 2016-08-17 22:05 - 2016-08-17 22:05 - 00035860 _____ C:\Users\fisioterapia\Downloads\CA_190010719901_17_08_2016_10_05horas.pdf 2016-08-17 22:02 - 2016-08-17 22:02 - 00044236 _____ C:\Users\fisioterapia\Downloads\PS_190010719901_17_08_2016_10_02horas.pdf 2016-08-17 22:02 - 2016-08-17 22:02 - 00044236 _____ C:\Users\fisioterapia\Downloads\PS_190010719901_17_08_2016_10_02horas (1).pdf 2016-08-17 19:06 - 2016-08-17 19:06 - 01118135 _____ C:\Users\fisioterapia\Downloads\INVMC_PROCESO_16-13-5450168_116001000_20902260.pdf 2016-08-17 13:02 - 2016-08-17 13:02 - 00006497 _____ C:\Users\fisioterapia\Desktop\ZHPCleaner.txt 2016-08-17 12:38 - 2016-08-17 12:38 - 00000896 _____ C:\Users\fisioterapia\Desktop\ZHPCleaner.lnk 2016-08-17 12:36 - 2016-08-17 12:37 - 02344960 _____ C:\Users\fisioterapia\Downloads\ZHPCleaner.exe 2016-08-17 10:22 - 2016-08-17 10:22 - 00281632 _____ C:\WINDOWS\Minidump\081716-24578-01.dmp 2016-08-14 21:34 - 2016-08-14 21:34 - 00019064 _____ C:\Users\fisioterapia\Downloads\ANALISIS PORCENTUAL DE BCE Y E.R..xlsx 2016-08-12 21:37 - 2016-08-12 21:38 - 00281632 _____ C:\WINDOWS\Minidump\081216-36171-01.dmp 2016-08-12 11:53 - 2016-08-12 11:54 - 03712064 _____ C:\Users\fisioterapia\Downloads\adwcleaner_5.201 (1).exe 2016-08-12 11:52 - 2016-08-12 11:52 - 03712064 _____ C:\Users\fisioterapia\Downloads\adwcleaner_5.201.exe 2016-08-12 09:52 - 2016-08-12 09:52 - 00003267 _____ C:\Users\fisioterapia\Desktop\ZHPFixReport.txt 2016-08-11 15:48 - 2016-08-26 15:05 - 00000000 ___RD C:\Users\fisioterapia\SkyDrive 2016-08-11 15:47 - 2016-08-11 15:47 - 00281632 _____ C:\WINDOWS\Minidump\081116-21953-01.dmp 2016-08-11 11:21 - 2016-08-11 11:21 - 00048936 _____ C:\Users\fisioterapia\Downloads\CA_190010719901-11_08_2016_11_21horas.pdf 2016-08-11 10:54 - 2016-08-11 10:54 - 00044233 _____ C:\Users\fisioterapia\Downloads\PS_190010719901_11_08_2016_10_54horas.pdf 2016-08-11 10:54 - 2016-08-11 10:54 - 00044233 _____ C:\Users\fisioterapia\Downloads\PS_190010719901_11_08_2016_10_54horas (1).pdf 2016-08-08 17:11 - 2016-08-08 17:11 - 00281632 _____ C:\WINDOWS\Minidump\080816-22218-01.dmp 2016-08-05 13:49 - 2016-08-05 13:49 - 01416098 _____ C:\Users\fisioterapia\Downloads\Nueva exploración-20160803095130-00001.tif 2016-08-05 09:40 - 2016-08-05 09:40 - 00281632 _____ C:\WINDOWS\Minidump\080516-17421-01.dmp 2016-08-03 15:33 - 2016-08-03 15:33 - 00364242 _____ C:\Users\fisioterapia\Downloads\cotizacion fundacion restaura tu ser.pdf 2016-08-02 14:29 - 2016-08-02 14:29 - 00280760 _____ C:\WINDOWS\Minidump\080216-34781-01.dmp 2016-08-01 18:53 - 2016-08-01 18:54 - 07080798 _____ C:\Users\fisioterapia\Downloads\RESTAURA - copia (7).zip 2016-08-01 12:42 - 2016-08-01 12:42 - 00000038 _____ C:\Users\fisioterapia\Documents\lien.txt 2016-08-01 12:38 - 2016-08-01 12:38 - 00080508 _____ C:\Users\fisioterapia\Documents\ZHPDiag.txt 2016-08-01 12:32 - 2016-08-01 12:32 - 00080505 _____ C:\Users\fisioterapia\Desktop\ZHPDiag.txt 2016-08-01 12:19 - 2016-08-01 12:20 - 00000000 ____D C:\Program Files (x86)\ZHPFix 2016-08-01 12:19 - 2016-08-01 12:19 - 00001876 _____ C:\Users\Public\Desktop\ZHPFix.lnk 2016-08-01 12:19 - 2016-08-01 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2016-08-01 12:03 - 2016-08-17 12:48 - 00000000 ____D C:\Users\fisioterapia\AppData\Roaming\ZHP 2016-08-01 12:03 - 2016-08-01 12:30 - 00000886 _____ C:\Users\fisioterapia\Desktop\ZHPDiag.lnk 2016-08-01 12:03 - 2016-08-01 12:03 - 02234880 _____ C:\Users\fisioterapia\Downloads\ZHPDiag3.exe 2016-08-01 09:25 - 2016-08-01 10:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-08-01 09:24 - 2016-08-01 09:24 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-08-01 09:24 - 2016-08-01 09:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-08-01 09:24 - 2016-08-01 09:24 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-08-01 09:24 - 2016-08-01 09:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-08-01 09:24 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-08-01 09:24 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-08-01 09:24 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-08-01 09:20 - 2016-08-01 09:21 - 22851472 _____ (Malwarebytes ) C:\Users\fisioterapia\Downloads\mbam-setup- 2016-08-01 09:13 - 2016-08-24 12:11 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4080409232-1409504885-1139174345-1001 2016-07-29 18:11 - 2016-07-29 18:11 - 00281632 _____ C:\WINDOWS\Minidump\072916-23015-01.dmp 2016-07-29 17:25 - 2016-07-27 14:25 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2016-07-29 16:39 - 2016-07-29 16:40 - 00281632 _____ C:\WINDOWS\Minidump\072916-24265-01.dmp 2016-07-29 16:28 - 2016-07-29 16:28 - 00281520 _____ C:\WINDOWS\Minidump\072916-51734-01.dmp 2016-07-29 16:00 - 2016-08-09 16:12 - 00002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-07-29 16:00 - 2016-08-09 16:12 - 00002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-07-29 15:59 - 2016-07-29 16:26 - 00000000 ____D C:\Program Files\Google 2016-07-29 15:58 - 2016-08-26 15:08 - 00001064 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-29 15:58 - 2016-08-26 15:05 - 00001060 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-29 15:58 - 2016-07-29 16:03 - 00004036 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-29 15:58 - 2016-07-29 16:03 - 00003800 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-29 15:20 - 2016-07-29 15:20 - 00000000 ____D C:\Users\fisioterapia\Documents\ProcAlyzer Dumps 2016-07-29 12:43 - 2016-08-11 15:48 - 00000000 ___RD C:\Users\fisioterapia\SkyDrive (4).old 2016-07-29 12:39 - 2016-08-26 11:42 - 543417191 _____ C:\WINDOWS\MEMORY.DMP 2016-07-29 12:39 - 2016-07-29 12:40 - 00281632 _____ C:\WINDOWS\Minidump\072916-21234-01.dmp 2016-07-29 12:32 - 2016-08-12 11:54 - 00000000 ____D C:\AdwCleaner 2016-07-28 20:59 - 2016-07-28 21:32 - 00000000 ___HD C:\$WINDOWS.~BT ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-26 15:05 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf 2016-08-26 12:44 - 2014-04-26 22:44 - 00812192 _____ C:\WINDOWS\system32\perfh00A.dat 2016-08-26 12:44 - 2014-04-26 22:44 - 00167450 _____ C:\WINDOWS\system32\perfc00A.dat 2016-08-26 12:44 - 2013-10-07 13:27 - 01833224 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-08-26 12:39 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-08-26 12:37 - 2013-08-22 09:44 - 00484008 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData 2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\WinStore 2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\migwiz 2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\et-EE 2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\en-GB 2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\MediaViewer 2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Portable Devices 2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform 2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-08-26 12:33 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2016-08-26 12:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe 2016-08-26 12:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2016-08-26 12:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-08-26 12:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-08-26 12:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Dism 2016-08-26 12:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\servicing 2016-08-26 12:32 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\setup 2016-08-26 12:32 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\FileManager 2016-08-26 12:32 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Camera 2016-08-26 11:42 - 2016-07-14 15:13 - 00000000 ____D C:\WINDOWS\Minidump 2016-08-25 18:28 - 2015-10-19 18:23 - 00004010 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DB518F97-88CB-4A74-A57C-B5853D44264A} 2016-08-25 17:15 - 2016-06-22 14:22 - 00000000 ____D C:\Users\fisioterapia\Desktop\mercadeo 2016-08-25 16:43 - 2013-08-22 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-08-24 13:39 - 2015-10-19 18:13 - 00000000 ____D C:\Users\fisioterapia 2016-08-24 13:31 - 2015-10-19 18:13 - 00000000 ____D C:\Users\fisioterapia\AppData\Local\Packages 2016-08-24 11:00 - 2016-07-18 15:32 - 00000000 ____D C:\ProgramData\Package Cache 2016-08-24 11:00 - 2016-07-18 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-08-22 15:12 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache 2016-08-19 17:07 - 2015-12-03 15:27 - 00000000 ____D C:\Users\fisioterapia\Documents\fonoaudiología 2016-08-17 02:28 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2016-08-17 02:26 - 2013-08-22 14:12 - 00000000 ____D C:\Program Files\Windows Journal 2016-08-16 09:57 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\ 2016-08-16 09:54 - 2015-10-19 18:33 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-08-11 11:22 - 2015-10-23 11:24 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-08-11 11:17 - 2015-10-23 11:24 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-08-05 19:42 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-08-05 09:46 - 2015-10-19 18:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-08-01 09:45 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM 2016-07-29 16:26 - 2016-07-18 15:32 - 00000000 ____D C:\ProgramData\Avira 2016-07-29 16:26 - 2015-10-19 18:25 - 00000000 ____D C:\Program Files (x86)\Google 2016-07-29 16:13 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-07-29 16:13 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-07-29 16:06 - 2016-07-14 15:05 - 00000085 _____ C:\WINDOWS\wininit.ini 2016-07-29 16:06 - 2016-07-14 14:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-07-29 16:05 - 2015-10-19 18:25 - 00000000 ____D C:\Users\fisioterapia\AppData\Local\Google 2016-07-29 16:00 - 2015-10-19 18:59 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-07-29 12:43 - 2016-04-01 10:20 - 00000000 ___RD C:\Users\fisioterapia\SkyDrive (3).old 2016-07-28 21:33 - 2016-07-19 15:38 - 00000000 ___HD C:\$GetCurrent 2016-07-28 21:32 - 2016-07-23 02:15 - 00001908 _____ C:\WINDOWS\diagwrn.xml 2016-07-28 21:32 - 2016-07-23 02:15 - 00001908 _____ C:\WINDOWS\diagerr.xml 2016-07-28 21:32 - 2013-10-07 14:23 - 00000000 ____D C:\WINDOWS\Panther 2016-07-28 21:26 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration 2016-07-28 20:59 - 2016-07-23 02:08 - 00000036 _____ C:\WINDOWS\progress.ini 2016-07-28 12:02 - 2014-04-26 13:49 - 00000000 ____D C:\ProgramData\Energy Manager 2016-07-28 12:02 - 2014-04-26 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo 2016-07-28 12:02 - 2014-04-26 13:43 - 00000000 ____D C:\Program Files (x86)\Lenovo 2016-07-28 12:02 - 2014-04-26 13:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-07-28 11:59 - 2016-07-19 14:07 - 00000000 ____D C:\Users\fisioterapia\AppData\LocalLow\Adblock Plus for IE 2016-07-28 11:58 - 2015-10-19 18:44 - 00000000 ____D C:\Users\fisioterapia\AppData\Local\CrashDumps ==================== Files in the root of some directories ======= 2014-04-26 13:25 - 2014-04-26 13:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. LastRegBack: 2016-08-12 17:06 ==================== End of FRST.txt ============================