Jump to content

MartinR

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by MartinR

  1. Hi aura, Yes, she's back but she is going to buy a new laptop. Possibly I will keep this one and install elementary OS or another Linux distro. Thanks for your help
  2. Sorry, my mother in law had to travel so I can't look to hers laptop until Tuesday. I'm sorry
  3. it worked FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017 Ran by no tocar (administrator) on ROSANA-PC (24-08-2017 20:52:30) Running from C:\Users\no tocar\Downloads Loaded Profiles: UpdatusUser & no tocar (Available Profiles: UpdatusUser & Rosana & no tocar) Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Español (España, internacional) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe () C:\Windows\SysWOW64\srvany.exe () C:\Windows\KMService.exe (Telefónica) C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\ImpWiFiSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [CLMLServer] => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" HKLM-x32\...\Run: [RemoteControl10] => "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk [2017-07-04] ShortcutTarget: Windows Explorer.lnk -> C:\Users\no tocar\AppData\Roaming\fneuwm\amdhost.exe (No File) Startup: C:\Users\Rosana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\atajo.lnk [2017-08-24] ShortcutTarget: atajo.lnk -> C:\Users\Rosana\AppData\Roaming\fneuwm\mjhnaukf32.exe (Microsoft Corporation) Startup: C:\Users\Rosana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-01-28] ShortcutTarget: MEGAsync.lnk -> C:\Users\no tocar\AppData\Local\MEGAsync\MEGAsync.exe (No File) Startup: C:\Users\Rosana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla y Selector de OneNote 2010.lnk [2016-04-04] ShortcutTarget: Recorte de pantalla y Selector de OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 200.49.130.41 200.42.4.203 Tcpip\..\Interfaces\{9741A571-DAC8-41F5-975B-7D8B11A05D30}: [DhcpNameServer] 200.42.4.210 200.49.130.41 Tcpip\..\Interfaces\{F85C7A4E-9F6C-4A42-96A5-2003D0C580CD}: [DhcpNameServer] 200.49.130.41 200.42.4.203 Internet Explorer: ================== SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2010-05-13] (Skype Technologies) FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-03-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default [2017-08-24] CHR Extension: (Presentaciones de Google) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-24] CHR Extension: (Google Docs) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-24] CHR Extension: (Google Drive) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-24] CHR Extension: (YouTube) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-24] CHR Extension: (Hojas de cálculo de Google) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-24] CHR Extension: (Documentos de Google sin conexión) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-24] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24] CHR Extension: (Gmail) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-24] CHR Extension: (Chrome Media Router) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-24] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2010-06-15] () [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\ImpWiFiSvc.exe [201080 2011-06-14] (Telefónica) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 massfilter_hs; C:\windows\System32\drivers\massfilter_hs.sys [12800 2010-10-15] (ZTE Incorporated) R2 SGDrv; C:\windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) S3 USBZTECCID; C:\windows\System32\DRIVERS\ZTEusbccid.sys [18432 2010-10-15] (ZTE) S3 ZTEusbMB; C:\windows\System32\DRIVERS\ZTEusbnmeaext2.sys [123520 2010-10-15] (ZTE Incorporated) S3 ZTEusbwwan; C:\windows\System32\DRIVERS\ZTEusbwwan.sys [234496 2010-12-07] (ZTE Incorporated) S3 zte_massejct; C:\windows\System32\Drivers\zte_massejct.sys [19968 2010-11-19] (ZTE Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-24 20:52 - 2017-08-24 20:53 - 000010756 _____ C:\Users\no tocar\Downloads\FRST.txt 2017-08-24 20:51 - 2017-08-24 20:52 - 000000000 ____D C:\FRST 2017-08-24 20:51 - 2017-08-24 20:51 - 002395648 _____ (Farbar) C:\Users\no tocar\Downloads\FRST64.exe 2017-08-24 20:48 - 2017-08-24 20:48 - 000001397 _____ C:\Users\no tocar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-08-24 20:48 - 2017-08-24 20:48 - 000000000 ____D C:\Users\no tocar\AppData\Roaming\Adobe 2017-08-24 20:48 - 2017-08-24 20:48 - 000000000 ____D C:\Users\no tocar\AppData\Local\Google 2017-08-24 20:47 - 2017-08-24 20:48 - 000000000 ____D C:\Users\no tocar 2017-08-24 20:47 - 2017-08-24 20:47 - 000000020 ___SH C:\Users\no tocar\ntuser.ini 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Reciente 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Plantillas 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Mis documentos 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Menú Inicio 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Impresoras 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Entorno de red 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Documents\Mis vídeos 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Documents\Mis imágenes 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Documents\Mi música 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Datos de programa 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Configuración local 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\AppData\Local\Historial 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\AppData\Local\Datos de programa 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\AppData\Local\Archivos temporales de Internet 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 ____D C:\Users\no tocar\AppData\Local\VirtualStore 2017-08-24 20:28 - 2017-08-24 20:28 - 002395648 _____ (Farbar) C:\Users\Rosana\Downloads\FRST64.exe 2017-08-24 20:28 - 2017-08-24 20:28 - 002395648 _____ (Farbar) C:\Users\Rosana\Desktop\FRST64.exe 2017-08-24 20:06 - 2017-08-24 20:22 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-08-24 20:06 - 2017-08-24 20:06 - 000194776 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2017-08-24 20:05 - 2017-08-24 20:05 - 000109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys 2017-08-24 20:04 - 2017-08-24 20:22 - 000000000 ____D C:\Users\Rosana\Desktop\mbar 2017-08-24 20:03 - 2017-08-24 20:03 - 016564750 _____ (Malwarebytes Corp.) C:\Users\Rosana\Downloads\mbar-1.09.4.1001.exe 2017-08-24 19:31 - 2017-08-24 19:31 - 000000000 ____D C:\Users\Rosana\Desktop\Nueva carpeta 2017-08-24 19:30 - 2017-08-24 19:30 - 001305367 _____ C:\Users\Rosana\Downloads\Autoruns.zip 2017-08-24 19:20 - 2017-08-24 19:22 - 000002102 _____ C:\Users\Rosana\Desktop\Rkill.txt 2017-08-24 19:19 - 2017-08-24 19:20 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Rosana\Downloads\rkill.exe 2017-08-24 19:17 - 2017-08-24 19:17 - 006654960 _____ (AVAST Software) C:\Users\Rosana\Downloads\avast_free_antivirus_setup_online_cnet_2.exe 2017-08-24 19:07 - 2017-08-24 19:07 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-08-24 19:07 - 2017-08-24 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-08-24 19:07 - 2017-08-24 19:07 - 000000000 ____D C:\Program Files\Malwarebytes 2017-08-24 19:07 - 2017-08-21 07:20 - 000077440 _____ C:\windows\system32\Drivers\mbae64.sys 2017-08-24 19:05 - 2017-08-24 19:06 - 065942208 _____ (Malwarebytes ) C:\Users\Rosana\Downloads\mb3-setup-35891.35891-3.2.2.2018.exe 2017-08-24 17:57 - 2017-08-24 18:13 - 000093414 _____ C:\windows\ntbtlog.txt 2017-08-24 17:53 - 2017-08-24 17:53 - 006948656 _____ (AVAST Software) C:\Users\Rosana\Downloads\avast_free_antivirus_setup_online_a1h.exe 2017-08-24 17:53 - 2017-08-24 17:53 - 000000000 ____D C:\ProgramData\AVAST Software 2017-08-24 15:48 - 2017-08-24 15:48 - 000063719 _____ C:\Users\Rosana\Desktop\CBU SANTANDER.pdf 2017-08-23 12:32 - 2017-08-23 12:32 - 000009463 _____ C:\Users\Rosana\Downloads\201707_0009096004 (1).pdf 2017-08-23 12:31 - 2017-08-23 12:31 - 000009463 _____ C:\Users\Rosana\Downloads\201707_0009096004.pdf 2017-08-21 16:11 - 2017-08-24 09:38 - 000000000 ____D C:\Users\Rosana\Desktop\Fotos Viaje 2017-08-04 20:34 - 2017-08-04 20:34 - 000001420 _____ C:\Users\Rosana\Downloads\aanep-user-87-tests.csv 2017-08-04 18:32 - 2017-08-04 18:32 - 004875365 _____ C:\Users\Rosana\Downloads\1499358944_Pancreatitits (3).pdf 2017-08-04 18:32 - 2017-08-04 18:32 - 001028390 _____ C:\Users\Rosana\Downloads\1501532804_Módulo 4- _Soporte Nutricional al final de la vida_ _1_ (2).pdf 2017-08-04 18:31 - 2017-08-04 18:31 - 001904490 _____ C:\Users\Rosana\Downloads\1499358844_Hígado (8).pdf 2017-08-04 18:31 - 2017-08-04 18:31 - 001904490 _____ C:\Users\Rosana\Downloads\1499358844_Hígado (7).pdf 2017-08-04 18:31 - 2017-08-04 18:31 - 001157010 _____ C:\Users\Rosana\Downloads\1501532777_insuficiencia intestinal AANEP _1_.pdf 2017-08-04 18:31 - 2017-08-04 18:31 - 001157010 _____ C:\Users\Rosana\Downloads\1501532777_insuficiencia intestinal AANEP _1_ (1).pdf 2017-08-04 18:26 - 2017-08-04 18:26 - 002839162 _____ C:\Users\Rosana\Downloads\1497414040_M1 Senpe (5).pdf 2017-08-04 18:26 - 2017-08-04 18:26 - 002839162 _____ C:\Users\Rosana\Downloads\1497414040_M1 Senpe (4).pdf 2017-08-04 18:26 - 2017-08-04 18:26 - 000340374 _____ C:\Users\Rosana\Downloads\1497414009_M1 2014 ne precoz en pac critico con inestabilidad hemodinamica (3).pdf 2017-08-04 18:26 - 2017-08-04 18:26 - 000340374 _____ C:\Users\Rosana\Downloads\1497414009_M1 2014 ne precoz en pac critico con inestabilidad hemodinamica (2).pdf 2017-08-04 18:25 - 2017-08-04 18:25 - 000134260 _____ C:\Users\Rosana\Downloads\1497414000_M1 Summary Canadienses CPGs 2015 vs 2013 _1_ (5).pdf 2017-08-04 18:25 - 2017-08-04 18:25 - 000134260 _____ C:\Users\Rosana\Downloads\1497414000_M1 Summary Canadienses CPGs 2015 vs 2013 _1_ (4).pdf 2017-08-04 12:04 - 2017-08-04 12:04 - 001421429 _____ C:\Users\Rosana\Downloads\1498667080_CLASE 5 - VITAMINA D (2).pdf 2017-08-04 12:04 - 2017-08-04 12:04 - 001421429 _____ C:\Users\Rosana\Downloads\1498667080_CLASE 5 - VITAMINA D (1).pdf 2017-08-03 18:30 - 2017-08-03 18:30 - 001028390 _____ C:\Users\Rosana\Downloads\1501532804_Módulo 4- _Soporte Nutricional al final de la vida_ _1_.pdf 2017-08-03 18:30 - 2017-08-03 18:30 - 001028390 _____ C:\Users\Rosana\Downloads\1501532804_Módulo 4- _Soporte Nutricional al final de la vida_ _1_ (1).pdf 2017-08-01 18:26 - 2017-08-01 18:26 - 096282347 _____ C:\Users\Rosana\Downloads\15005677731978776078 (3).mp4 2017-08-01 17:40 - 2017-08-01 17:40 - 096282347 _____ C:\Users\Rosana\Downloads\15005677731978776078 (2).mp4 2017-07-31 10:08 - 2017-07-31 10:09 - 096282347 _____ C:\Users\Rosana\Downloads\15005677731978776078 (1).mp4 2017-07-27 19:47 - 2017-08-23 11:51 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-24 20:39 - 2009-07-14 00:20 - 000000000 ____D C:\windows\tracing 2017-08-24 20:38 - 2009-07-14 01:45 - 000016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-08-24 20:38 - 2009-07-14 01:45 - 000016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-08-24 20:36 - 2015-01-28 09:43 - 000001036 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2017-08-24 20:35 - 2012-01-13 22:49 - 000703840 _____ C:\windows\system32\perfh00A.dat 2017-08-24 20:35 - 2012-01-13 22:49 - 000137806 _____ C:\windows\system32\perfc00A.dat 2017-08-24 20:35 - 2009-07-14 02:13 - 001555646 _____ C:\windows\system32\PerfStringBackup.INI 2017-08-24 20:35 - 2009-07-14 00:20 - 000000000 ____D C:\windows\inf 2017-08-24 20:32 - 2016-10-19 14:58 - 000000000 ___HD C:\Users\Rosana\AppData\Roaming\fneuwm 2017-08-24 20:31 - 2009-07-14 02:08 - 000000006 ____H C:\windows\Tasks\SA.DAT 2017-08-24 20:06 - 2015-07-24 14:43 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-08-24 20:06 - 2015-02-07 11:31 - 000001036 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d042e2cc5a5e36.job 2017-08-24 20:03 - 2015-05-17 14:01 - 000001036 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d090c32168b5a5.job 2017-08-23 11:52 - 2015-06-28 17:20 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task 2017-08-21 15:22 - 2015-01-28 09:49 - 000002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-21 15:22 - 2015-01-28 09:49 - 000002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-08-01 21:03 - 2017-02-13 19:46 - 000000000 ____D C:\Users\Rosana\Desktop\Imagenes ==================== Files in the root of some directories ======= 2012-01-13 07:22 - 2012-01-13 07:23 - 000000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2012-01-13 07:14 - 2012-01-13 07:15 - 000000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log 2012-01-13 07:19 - 2012-01-13 07:20 - 000000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2012-01-13 07:16 - 2012-01-13 07:19 - 000000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log 2012-01-13 07:21 - 2012-01-13 07:22 - 000000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Some files in TEMP: ==================== 2015-11-22 18:49 - 2010-10-15 05:50 - 000169808 _____ () C:\Users\Rosana\AppData\Local\Temp\card_setup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-08-21 17:55 ==================== End of FRST.txt ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by no tocar (24-08-2017 20:53:27) Running from C:\Users\no tocar\Downloads Windows 7 Home Basic Service Pack 1 (X64) (2015-01-28 11:51:56) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-297820468-187987108-3971814952-500 - Administrator - Disabled) Invitado (S-1-5-21-297820468-187987108-3971814952-501 - Limited - Disabled) no tocar (S-1-5-21-297820468-187987108-3971814952-1002 - Administrator - Enabled) => C:\Users\no tocar Rosana (S-1-5-21-297820468-187987108-3971814952-1001 - Administrator - Enabled) => C:\Users\Rosana UpdatusUser (S-1-5-21-297820468-187987108-3971814952-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\{48DB5914-8772-472D-B8DF-E2092BE598F6}) (Version: 10.3.181.34 - Adobe Systems Incorporated) Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) Escritorio Movistar Latam (HKLM-x32\...\MovistarLATAM) (Version: 8.7.6.765 - Escritorio Movistar Latam) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version: - ) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) Malwarebytes versión 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) MEGAsync 1.0.22 (HKLM-x32\...\MEGAsync) (Version: 1.0.22 - Mega Limited) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) NVIDIA Graphics Driver 268.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.83 - NVIDIA Corporation) Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation) PASW Statistics 18 (HKLM-x32\...\{C25215FC-5900-48B0-B93C-8D3379027312}) (Version: 18.0.0 - SPSS Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.) Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung) Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.) User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - ) WHO Anthro (HKLM-x32\...\{AC66F0B8-8E0E-4106-AF80-3F8F1F93BE14}_is1) (Version: 3.2.2.1 - WHO) WHO AnthroPlus (HKLM-x32\...\{13A42C71-87A5-41F7-B7C9-5DC7D56038FC}_is1) (Version: 1.0.4 - WHO) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.31_TME - ZTE Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] () ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] () ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-10-18] (Intel Corporation) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (Alexander Roshal) ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] () ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2010-12-16] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\system32\nvshext.dll [2011-06-04] (NVIDIA Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07CB5A75-96E0-4D66-88C7-F2666F94077D} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC) Task: {121DE78F-183A-4F59-9AA5-1C57FA8A5136} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd) Task: {53F6F71F-4A3E-4176-8E94-27DBC07AFEC2} - System32\Tasks\GoogleUpdateTaskMachineUA1d090c32168b5a5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {5515514A-2CB2-4A60-91D7-37D4182B9151} - System32\Tasks\GoogleUpdateTaskMachineUA1d042e2cc5a5e36 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {5DABAC5F-FD17-44F4-90BC-394A0837F5D0} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy Task: {66D69F35-443E-40EF-93EC-C19FC4498399} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {7021709C-206D-4684-8AAA-2DCCED3157C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {7AFFE065-2FE6-4B8C-80C4-42DDA6B5644A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {F78D955E-7D98-4EA1-8766-B22A586EBB07} - System32\Tasks\GoogleUpdateTaskMachineUA1d0c0ba410d388d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d042e2cc5a5e36.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d090c32168b5a5.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-01-28 16:00 - 2010-06-15 20:44 - 000008192 _____ () C:\windows\SysWOW64\srvany.exe 2015-01-28 16:00 - 2013-02-14 10:44 - 000273920 _____ () C:\windows\KMService.exe 2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2014-05-01 11:13 - 2017-06-22 19:48 - 000598528 _____ () C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll 2011-07-21 02:51 - 2010-12-16 06:37 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-05-01 11:15 - 2017-06-22 19:48 - 000569856 _____ () C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX32.dll 2010-01-30 02:41 - 2010-01-30 02:41 - 004254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2017-08-21 15:22 - 2017-08-11 03:24 - 002881368 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll 2017-08-21 15:22 - 2017-08-11 03:24 - 000086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll 2012-01-13 06:25 - 2010-05-07 11:22 - 001636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 23:34 - 2009-06-10 18:00 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-297820468-187987108-3971814952-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\no tocar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 200.49.130.41 - 200.42.4.203 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{1A418863-A2F1-4E6B-A310-D8D0E6EE09CF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{176B72BE-1CBA-436D-9BBB-BF94541B379F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{DE375D98-2F97-4D92-A1F9-2C623D8D052A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{587907F4-564A-4122-81DE-302FF871D30B}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe FirewallRules: [{6ADCB451-128C-478C-8210-50FFE451A385}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe FirewallRules: [{E7013C7A-65D6-4113-84EA-8D3A1C1DC5A0}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com FirewallRules: [{061CA267-62E6-4F7A-932C-4C8EA076148B}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe FirewallRules: [{675287DB-5E90-4F15-9E6A-4DD5BA57BDA6}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe FirewallRules: [{23B1AD8B-1924-4BBF-AF9A-4250F8F48D86}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com FirewallRules: [TCP Query User{6080E1D4-5A0B-41B3-9251-25771FA4C916}C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe] => (Block) C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe FirewallRules: [UDP Query User{E5B41267-9043-431B-9B4F-51B6638F9951}C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe] => (Block) C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe FirewallRules: [TCP Query User{B3278673-BA8F-4884-B2CA-63FE94D1B5B2}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe FirewallRules: [UDP Query User{4F784418-C4E8-4E03-8DC9-5B3B9CE4E0CF}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe FirewallRules: [{8B38C1FB-CC6C-4ADA-A087-F0A8C3BA8C53}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 21-05-2017 10:28:39 Windows Update 11-06-2017 17:13:19 Windows Update 28-06-2017 18:47:56 Punto de control programado 06-07-2017 20:12:25 Punto de control programado 27-07-2017 21:12:40 Punto de control programado 23-08-2017 10:00:05 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/24/2017 08:32:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema. Error: (08/24/2017 07:23:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1169, marca de tiempo: 0x599723f1 Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x001a9fd6 Id. del proceso con errores: 0x108 Hora de inicio de la aplicación con errores: 0x01d31d2793c6d1a7 Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Id. del informe: d18ac517-891a-11e7-bf77-e8039a50c695 Error: (08/24/2017 07:16:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1169, marca de tiempo: 0x599723f1 Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x001a9fd6 Id. del proceso con errores: 0x13ac Hora de inicio de la aplicación con errores: 0x01d31d26a27a5598 Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Id. del informe: e03966f6-8919-11e7-bf77-e8039a50c695 Error: (08/24/2017 07:15:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1169, marca de tiempo: 0x599723f1 Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x001a9fd6 Id. del proceso con errores: 0x10c4 Hora de inicio de la aplicación con errores: 0x01d31d2680cfad65 Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Id. del informe: be8bd889-8919-11e7-bf77-e8039a50c695 Error: (08/24/2017 07:13:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: assistant.exe, versión: 3.0.0.1169, marca de tiempo: 0x5997238a Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x001a9fd6 Id. del proceso con errores: 0x1248 Hora de inicio de la aplicación con errores: 0x01d31d263b4e4d1c Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Id. del informe: 7907b915-8919-11e7-bf77-e8039a50c695 Error: (08/24/2017 07:13:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1169, marca de tiempo: 0x599723f1 Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x001a9fd6 Id. del proceso con errores: 0xef8 Hora de inicio de la aplicación con errores: 0x01d31d262936d75b Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Id. del informe: 670f1668-8919-11e7-bf77-e8039a50c695 Error: (08/24/2017 07:09:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1169, marca de tiempo: 0x599723f1 Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x001a9fd6 Id. del proceso con errores: 0x850 Hora de inicio de la aplicación con errores: 0x01d31d25a23cb5d7 Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Id. del informe: dffdea1d-8918-11e7-bf77-e8039a50c695 Error: (08/24/2017 07:03:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema. Error: (08/24/2017 05:59:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema. Error: (08/24/2017 09:26:13 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema. System errors: ============= Error: (08/24/2017 07:20:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio KMService terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio. Error: (08/24/2017 07:16:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio Malwarebytes Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio. Error: (08/24/2017 06:05:12 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: Error de DCOM "1068" al intentar iniciar el servicio BITS con argumentos "" para ejecutar el servidor: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (08/24/2017 05:58:44 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: Error de DCOM "1084" al intentar iniciar el servicio NVSvc con argumentos "" para ejecutar el servidor: {DCAB0989-1301-4319-BE5F-ADE89F88581C} Error: (08/24/2017 05:58:24 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor: {9E175B6D-F52A-11D8-B9A5-505054503030} Error: (08/24/2017 05:58:24 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (08/24/2017 05:58:22 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: Error de DCOM "1084" al intentar iniciar el servicio EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (08/24/2017 05:58:16 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "" para ejecutar el servidor: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/24/2017 05:57:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: discache SABI spldr Wanarpv6 Error: (08/21/2017 05:27:40 PM) (Source: Disk) (EventID: 11) (User: ) Description: El controlador detectó un error de controladora en \Device\Harddisk1\DR5. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Percentage of memory in use: 72% Total physical RAM: 1961.55 MB Available physical RAM: 545.38 MB Total Virtual: 3923.09 MB Available Virtual: 2305.49 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:443.58 GB) (Free:375.2 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 16C5B7BC) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=443.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=22.1 GB) - (Type=27) ==================== End of Addition.txt ============================
  4. talking of weird, FRST doesn't work, even in adm mode, but when i open it again two windows open for a second and play the sound of task done but there is no .txt on desktop EDIT i've managed to take a screenshot of the two windows. i attach it
  5. Hí Aura Here is the log of MBAR Malwarebytes Anti-Rootkit BETA 1.9.4.1001 www.malwarebytes.org Database version: main: v2017.08.24.07 rootkit: v2017.08.02.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17633 Rosana :: ROSANA-PC [administrator] 24/08/2017 08:06:36 p.m. mbar-log-2017-08-24 (20-06-36).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 286203 Time elapsed: 15 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Let me know anything Martín
  6. Hi! i have the task to protect my mothers in law notebook. Last week she claimed her notebook was infected so i have to watch it, but when i tried to open Malwarebytes it wont open. I thought if i reinstall it it will work, but it doesn't. So i downloaded Avast, just to try, but it doesn't even install. I've tried the safe mode, in this case malwarebytes works but in the scans are clean, so i don't know what to do. if it was my notebook i would reinstall windows 7 and problem solved, but she have a lot of files she doesn't know if are backed up so is not an option. Anything you need just say it and sorry for my bad english Martín
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.