MartinR
Members-
Posts
6 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by MartinR
-
Can't open or install any antivirus
MartinR replied to MartinR's topic in Resolved Malware Removal Logs
Hi aura, Yes, she's back but she is going to buy a new laptop. Possibly I will keep this one and install elementary OS or another Linux distro. Thanks for your help -
Can't open or install any antivirus
MartinR replied to MartinR's topic in Resolved Malware Removal Logs
Sorry, my mother in law had to travel so I can't look to hers laptop until Tuesday. I'm sorry -
Can't open or install any antivirus
MartinR replied to MartinR's topic in Resolved Malware Removal Logs
it worked FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017 Ran by no tocar (administrator) on ROSANA-PC (24-08-2017 20:52:30) Running from C:\Users\no tocar\Downloads Loaded Profiles: UpdatusUser & no tocar (Available Profiles: UpdatusUser & Rosana & no tocar) Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Español (España, internacional) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe () C:\Windows\SysWOW64\srvany.exe () C:\Windows\KMService.exe (Telefónica) C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\ImpWiFiSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [CLMLServer] => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" HKLM-x32\...\Run: [RemoteControl10] => "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk [2017-07-04] ShortcutTarget: Windows Explorer.lnk -> C:\Users\no tocar\AppData\Roaming\fneuwm\amdhost.exe (No File) Startup: C:\Users\Rosana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\atajo.lnk [2017-08-24] ShortcutTarget: atajo.lnk -> C:\Users\Rosana\AppData\Roaming\fneuwm\mjhnaukf32.exe (Microsoft Corporation) Startup: C:\Users\Rosana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-01-28] ShortcutTarget: MEGAsync.lnk -> C:\Users\no tocar\AppData\Local\MEGAsync\MEGAsync.exe (No File) Startup: C:\Users\Rosana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla y Selector de OneNote 2010.lnk [2016-04-04] ShortcutTarget: Recorte de pantalla y Selector de OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 200.49.130.41 200.42.4.203 Tcpip\..\Interfaces\{9741A571-DAC8-41F5-975B-7D8B11A05D30}: [DhcpNameServer] 200.42.4.210 200.49.130.41 Tcpip\..\Interfaces\{F85C7A4E-9F6C-4A42-96A5-2003D0C580CD}: [DhcpNameServer] 200.49.130.41 200.42.4.203 Internet Explorer: ================== SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2010-05-13] (Skype Technologies) FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-03-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default [2017-08-24] CHR Extension: (Presentaciones de Google) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-24] CHR Extension: (Google Docs) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-24] CHR Extension: (Google Drive) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-24] CHR Extension: (YouTube) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-24] CHR Extension: (Hojas de cálculo de Google) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-24] CHR Extension: (Documentos de Google sin conexión) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-24] CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24] CHR Extension: (Gmail) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-24] CHR Extension: (Chrome Media Router) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-24] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2010-06-15] () [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes) R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\ImpWiFiSvc.exe [201080 2011-06-14] (Telefónica) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 massfilter_hs; C:\windows\System32\drivers\massfilter_hs.sys [12800 2010-10-15] (ZTE Incorporated) R2 SGDrv; C:\windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) S3 USBZTECCID; C:\windows\System32\DRIVERS\ZTEusbccid.sys [18432 2010-10-15] (ZTE) S3 ZTEusbMB; C:\windows\System32\DRIVERS\ZTEusbnmeaext2.sys [123520 2010-10-15] (ZTE Incorporated) S3 ZTEusbwwan; C:\windows\System32\DRIVERS\ZTEusbwwan.sys [234496 2010-12-07] (ZTE Incorporated) S3 zte_massejct; C:\windows\System32\Drivers\zte_massejct.sys [19968 2010-11-19] (ZTE Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-24 20:52 - 2017-08-24 20:53 - 000010756 _____ C:\Users\no tocar\Downloads\FRST.txt 2017-08-24 20:51 - 2017-08-24 20:52 - 000000000 ____D C:\FRST 2017-08-24 20:51 - 2017-08-24 20:51 - 002395648 _____ (Farbar) C:\Users\no tocar\Downloads\FRST64.exe 2017-08-24 20:48 - 2017-08-24 20:48 - 000001397 _____ C:\Users\no tocar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-08-24 20:48 - 2017-08-24 20:48 - 000000000 ____D C:\Users\no tocar\AppData\Roaming\Adobe 2017-08-24 20:48 - 2017-08-24 20:48 - 000000000 ____D C:\Users\no tocar\AppData\Local\Google 2017-08-24 20:47 - 2017-08-24 20:48 - 000000000 ____D C:\Users\no tocar 2017-08-24 20:47 - 2017-08-24 20:47 - 000000020 ___SH C:\Users\no tocar\ntuser.ini 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Reciente 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Plantillas 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Mis documentos 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Menú Inicio 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Impresoras 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Entorno de red 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Documents\Mis vídeos 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Documents\Mis imágenes 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Documents\Mi música 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Datos de programa 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Configuración local 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\AppData\Local\Historial 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\AppData\Local\Datos de programa 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\AppData\Local\Archivos temporales de Internet 2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 ____D C:\Users\no tocar\AppData\Local\VirtualStore 2017-08-24 20:28 - 2017-08-24 20:28 - 002395648 _____ (Farbar) C:\Users\Rosana\Downloads\FRST64.exe 2017-08-24 20:28 - 2017-08-24 20:28 - 002395648 _____ (Farbar) C:\Users\Rosana\Desktop\FRST64.exe 2017-08-24 20:06 - 2017-08-24 20:22 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-08-24 20:06 - 2017-08-24 20:06 - 000194776 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2017-08-24 20:05 - 2017-08-24 20:05 - 000109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys 2017-08-24 20:04 - 2017-08-24 20:22 - 000000000 ____D C:\Users\Rosana\Desktop\mbar 2017-08-24 20:03 - 2017-08-24 20:03 - 016564750 _____ (Malwarebytes Corp.) C:\Users\Rosana\Downloads\mbar-1.09.4.1001.exe 2017-08-24 19:31 - 2017-08-24 19:31 - 000000000 ____D C:\Users\Rosana\Desktop\Nueva carpeta 2017-08-24 19:30 - 2017-08-24 19:30 - 001305367 _____ C:\Users\Rosana\Downloads\Autoruns.zip 2017-08-24 19:20 - 2017-08-24 19:22 - 000002102 _____ C:\Users\Rosana\Desktop\Rkill.txt 2017-08-24 19:19 - 2017-08-24 19:20 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Rosana\Downloads\rkill.exe 2017-08-24 19:17 - 2017-08-24 19:17 - 006654960 _____ (AVAST Software) C:\Users\Rosana\Downloads\avast_free_antivirus_setup_online_cnet_2.exe 2017-08-24 19:07 - 2017-08-24 19:07 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-08-24 19:07 - 2017-08-24 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-08-24 19:07 - 2017-08-24 19:07 - 000000000 ____D C:\Program Files\Malwarebytes 2017-08-24 19:07 - 2017-08-21 07:20 - 000077440 _____ C:\windows\system32\Drivers\mbae64.sys 2017-08-24 19:05 - 2017-08-24 19:06 - 065942208 _____ (Malwarebytes ) C:\Users\Rosana\Downloads\mb3-setup-35891.35891-3.2.2.2018.exe 2017-08-24 17:57 - 2017-08-24 18:13 - 000093414 _____ C:\windows\ntbtlog.txt 2017-08-24 17:53 - 2017-08-24 17:53 - 006948656 _____ (AVAST Software) C:\Users\Rosana\Downloads\avast_free_antivirus_setup_online_a1h.exe 2017-08-24 17:53 - 2017-08-24 17:53 - 000000000 ____D C:\ProgramData\AVAST Software 2017-08-24 15:48 - 2017-08-24 15:48 - 000063719 _____ C:\Users\Rosana\Desktop\CBU SANTANDER.pdf 2017-08-23 12:32 - 2017-08-23 12:32 - 000009463 _____ C:\Users\Rosana\Downloads\201707_0009096004 (1).pdf 2017-08-23 12:31 - 2017-08-23 12:31 - 000009463 _____ C:\Users\Rosana\Downloads\201707_0009096004.pdf 2017-08-21 16:11 - 2017-08-24 09:38 - 000000000 ____D C:\Users\Rosana\Desktop\Fotos Viaje 2017-08-04 20:34 - 2017-08-04 20:34 - 000001420 _____ C:\Users\Rosana\Downloads\aanep-user-87-tests.csv 2017-08-04 18:32 - 2017-08-04 18:32 - 004875365 _____ C:\Users\Rosana\Downloads\1499358944_Pancreatitits (3).pdf 2017-08-04 18:32 - 2017-08-04 18:32 - 001028390 _____ C:\Users\Rosana\Downloads\1501532804_Módulo 4- _Soporte Nutricional al final de la vida_ _1_ (2).pdf 2017-08-04 18:31 - 2017-08-04 18:31 - 001904490 _____ C:\Users\Rosana\Downloads\1499358844_Hígado (8).pdf 2017-08-04 18:31 - 2017-08-04 18:31 - 001904490 _____ C:\Users\Rosana\Downloads\1499358844_Hígado (7).pdf 2017-08-04 18:31 - 2017-08-04 18:31 - 001157010 _____ C:\Users\Rosana\Downloads\1501532777_insuficiencia intestinal AANEP _1_.pdf 2017-08-04 18:31 - 2017-08-04 18:31 - 001157010 _____ C:\Users\Rosana\Downloads\1501532777_insuficiencia intestinal AANEP _1_ (1).pdf 2017-08-04 18:26 - 2017-08-04 18:26 - 002839162 _____ C:\Users\Rosana\Downloads\1497414040_M1 Senpe (5).pdf 2017-08-04 18:26 - 2017-08-04 18:26 - 002839162 _____ C:\Users\Rosana\Downloads\1497414040_M1 Senpe (4).pdf 2017-08-04 18:26 - 2017-08-04 18:26 - 000340374 _____ C:\Users\Rosana\Downloads\1497414009_M1 2014 ne precoz en pac critico con inestabilidad hemodinamica (3).pdf 2017-08-04 18:26 - 2017-08-04 18:26 - 000340374 _____ C:\Users\Rosana\Downloads\1497414009_M1 2014 ne precoz en pac critico con inestabilidad hemodinamica (2).pdf 2017-08-04 18:25 - 2017-08-04 18:25 - 000134260 _____ C:\Users\Rosana\Downloads\1497414000_M1 Summary Canadienses CPGs 2015 vs 2013 _1_ (5).pdf 2017-08-04 18:25 - 2017-08-04 18:25 - 000134260 _____ C:\Users\Rosana\Downloads\1497414000_M1 Summary Canadienses CPGs 2015 vs 2013 _1_ (4).pdf 2017-08-04 12:04 - 2017-08-04 12:04 - 001421429 _____ C:\Users\Rosana\Downloads\1498667080_CLASE 5 - VITAMINA D (2).pdf 2017-08-04 12:04 - 2017-08-04 12:04 - 001421429 _____ C:\Users\Rosana\Downloads\1498667080_CLASE 5 - VITAMINA D (1).pdf 2017-08-03 18:30 - 2017-08-03 18:30 - 001028390 _____ C:\Users\Rosana\Downloads\1501532804_Módulo 4- _Soporte Nutricional al final de la vida_ _1_.pdf 2017-08-03 18:30 - 2017-08-03 18:30 - 001028390 _____ C:\Users\Rosana\Downloads\1501532804_Módulo 4- _Soporte Nutricional al final de la vida_ _1_ (1).pdf 2017-08-01 18:26 - 2017-08-01 18:26 - 096282347 _____ C:\Users\Rosana\Downloads\15005677731978776078 (3).mp4 2017-08-01 17:40 - 2017-08-01 17:40 - 096282347 _____ C:\Users\Rosana\Downloads\15005677731978776078 (2).mp4 2017-07-31 10:08 - 2017-07-31 10:09 - 096282347 _____ C:\Users\Rosana\Downloads\15005677731978776078 (1).mp4 2017-07-27 19:47 - 2017-08-23 11:51 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-24 20:39 - 2009-07-14 00:20 - 000000000 ____D C:\windows\tracing 2017-08-24 20:38 - 2009-07-14 01:45 - 000016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-08-24 20:38 - 2009-07-14 01:45 - 000016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-08-24 20:36 - 2015-01-28 09:43 - 000001036 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2017-08-24 20:35 - 2012-01-13 22:49 - 000703840 _____ C:\windows\system32\perfh00A.dat 2017-08-24 20:35 - 2012-01-13 22:49 - 000137806 _____ C:\windows\system32\perfc00A.dat 2017-08-24 20:35 - 2009-07-14 02:13 - 001555646 _____ C:\windows\system32\PerfStringBackup.INI 2017-08-24 20:35 - 2009-07-14 00:20 - 000000000 ____D C:\windows\inf 2017-08-24 20:32 - 2016-10-19 14:58 - 000000000 ___HD C:\Users\Rosana\AppData\Roaming\fneuwm 2017-08-24 20:31 - 2009-07-14 02:08 - 000000006 ____H C:\windows\Tasks\SA.DAT 2017-08-24 20:06 - 2015-07-24 14:43 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-08-24 20:06 - 2015-02-07 11:31 - 000001036 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d042e2cc5a5e36.job 2017-08-24 20:03 - 2015-05-17 14:01 - 000001036 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d090c32168b5a5.job 2017-08-23 11:52 - 2015-06-28 17:20 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task 2017-08-21 15:22 - 2015-01-28 09:49 - 000002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-21 15:22 - 2015-01-28 09:49 - 000002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-08-01 21:03 - 2017-02-13 19:46 - 000000000 ____D C:\Users\Rosana\Desktop\Imagenes ==================== Files in the root of some directories ======= 2012-01-13 07:22 - 2012-01-13 07:23 - 000000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2012-01-13 07:14 - 2012-01-13 07:15 - 000000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log 2012-01-13 07:19 - 2012-01-13 07:20 - 000000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2012-01-13 07:16 - 2012-01-13 07:19 - 000000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log 2012-01-13 07:21 - 2012-01-13 07:22 - 000000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Some files in TEMP: ==================== 2015-11-22 18:49 - 2010-10-15 05:50 - 000169808 _____ () C:\Users\Rosana\AppData\Local\Temp\card_setup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-08-21 17:55 ==================== End of FRST.txt ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by no tocar (24-08-2017 20:53:27) Running from C:\Users\no tocar\Downloads Windows 7 Home Basic Service Pack 1 (X64) (2015-01-28 11:51:56) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-297820468-187987108-3971814952-500 - Administrator - Disabled) Invitado (S-1-5-21-297820468-187987108-3971814952-501 - Limited - Disabled) no tocar (S-1-5-21-297820468-187987108-3971814952-1002 - Administrator - Enabled) => C:\Users\no tocar Rosana (S-1-5-21-297820468-187987108-3971814952-1001 - Administrator - Enabled) => C:\Users\Rosana UpdatusUser (S-1-5-21-297820468-187987108-3971814952-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\{48DB5914-8772-472D-B8DF-E2092BE598F6}) (Version: 10.3.181.34 - Adobe Systems Incorporated) Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) Escritorio Movistar Latam (HKLM-x32\...\MovistarLATAM) (Version: 8.7.6.765 - Escritorio Movistar Latam) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version: - ) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) Malwarebytes versión 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) MEGAsync 1.0.22 (HKLM-x32\...\MEGAsync) (Version: 1.0.22 - Mega Limited) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) NVIDIA Graphics Driver 268.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.83 - NVIDIA Corporation) Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation) PASW Statistics 18 (HKLM-x32\...\{C25215FC-5900-48B0-B93C-8D3379027312}) (Version: 18.0.0 - SPSS Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.) Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung) Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.) User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - ) WHO Anthro (HKLM-x32\...\{AC66F0B8-8E0E-4106-AF80-3F8F1F93BE14}_is1) (Version: 3.2.2.1 - WHO) WHO AnthroPlus (HKLM-x32\...\{13A42C71-87A5-41F7-B7C9-5DC7D56038FC}_is1) (Version: 1.0.4 - WHO) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.31_TME - ZTE Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] () ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] () ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-10-18] (Intel Corporation) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (Alexander Roshal) ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] () ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2010-12-16] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\system32\nvshext.dll [2011-06-04] (NVIDIA Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07CB5A75-96E0-4D66-88C7-F2666F94077D} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC) Task: {121DE78F-183A-4F59-9AA5-1C57FA8A5136} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd) Task: {53F6F71F-4A3E-4176-8E94-27DBC07AFEC2} - System32\Tasks\GoogleUpdateTaskMachineUA1d090c32168b5a5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {5515514A-2CB2-4A60-91D7-37D4182B9151} - System32\Tasks\GoogleUpdateTaskMachineUA1d042e2cc5a5e36 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {5DABAC5F-FD17-44F4-90BC-394A0837F5D0} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy Task: {66D69F35-443E-40EF-93EC-C19FC4498399} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {7021709C-206D-4684-8AAA-2DCCED3157C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {7AFFE065-2FE6-4B8C-80C4-42DDA6B5644A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {F78D955E-7D98-4EA1-8766-B22A586EBB07} - System32\Tasks\GoogleUpdateTaskMachineUA1d0c0ba410d388d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d042e2cc5a5e36.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d090c32168b5a5.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-01-28 16:00 - 2010-06-15 20:44 - 000008192 _____ () C:\windows\SysWOW64\srvany.exe 2015-01-28 16:00 - 2013-02-14 10:44 - 000273920 _____ () C:\windows\KMService.exe 2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2014-05-01 11:13 - 2017-06-22 19:48 - 000598528 _____ () C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll 2011-07-21 02:51 - 2010-12-16 06:37 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-05-01 11:15 - 2017-06-22 19:48 - 000569856 _____ () C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX32.dll 2010-01-30 02:41 - 2010-01-30 02:41 - 004254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2017-08-21 15:22 - 2017-08-11 03:24 - 002881368 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll 2017-08-21 15:22 - 2017-08-11 03:24 - 000086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll 2012-01-13 06:25 - 2010-05-07 11:22 - 001636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 23:34 - 2009-06-10 18:00 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-297820468-187987108-3971814952-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\no tocar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 200.49.130.41 - 200.42.4.203 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{1A418863-A2F1-4E6B-A310-D8D0E6EE09CF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{176B72BE-1CBA-436D-9BBB-BF94541B379F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{DE375D98-2F97-4D92-A1F9-2C623D8D052A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{587907F4-564A-4122-81DE-302FF871D30B}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe FirewallRules: [{6ADCB451-128C-478C-8210-50FFE451A385}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe FirewallRules: [{E7013C7A-65D6-4113-84EA-8D3A1C1DC5A0}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com FirewallRules: [{061CA267-62E6-4F7A-932C-4C8EA076148B}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe FirewallRules: [{675287DB-5E90-4F15-9E6A-4DD5BA57BDA6}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe FirewallRules: [{23B1AD8B-1924-4BBF-AF9A-4250F8F48D86}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com FirewallRules: [TCP Query User{6080E1D4-5A0B-41B3-9251-25771FA4C916}C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe] => (Block) C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe FirewallRules: [UDP Query User{E5B41267-9043-431B-9B4F-51B6638F9951}C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe] => (Block) C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe FirewallRules: [TCP Query User{B3278673-BA8F-4884-B2CA-63FE94D1B5B2}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe FirewallRules: [UDP Query User{4F784418-C4E8-4E03-8DC9-5B3B9CE4E0CF}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe FirewallRules: [{8B38C1FB-CC6C-4ADA-A087-F0A8C3BA8C53}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 21-05-2017 10:28:39 Windows Update 11-06-2017 17:13:19 Windows Update 28-06-2017 18:47:56 Punto de control programado 06-07-2017 20:12:25 Punto de control programado 27-07-2017 21:12:40 Punto de control programado 23-08-2017 10:00:05 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/24/2017 08:32:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema. Error: (08/24/2017 07:23:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1169, marca de tiempo: 0x599723f1 Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x001a9fd6 Id. del proceso con errores: 0x108 Hora de inicio de la aplicación con errores: 0x01d31d2793c6d1a7 Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Id. del informe: d18ac517-891a-11e7-bf77-e8039a50c695 Error: (08/24/2017 07:16:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1169, marca de tiempo: 0x599723f1 Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x001a9fd6 Id. del proceso con errores: 0x13ac Hora de inicio de la aplicación con errores: 0x01d31d26a27a5598 Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Id. del informe: e03966f6-8919-11e7-bf77-e8039a50c695 Error: (08/24/2017 07:15:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1169, marca de tiempo: 0x599723f1 Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x001a9fd6 Id. del proceso con errores: 0x10c4 Hora de inicio de la aplicación con errores: 0x01d31d2680cfad65 Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Id. del informe: be8bd889-8919-11e7-bf77-e8039a50c695 Error: (08/24/2017 07:13:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: assistant.exe, versión: 3.0.0.1169, marca de tiempo: 0x5997238a Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x001a9fd6 Id. del proceso con errores: 0x1248 Hora de inicio de la aplicación con errores: 0x01d31d263b4e4d1c Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Id. del informe: 7907b915-8919-11e7-bf77-e8039a50c695 Error: (08/24/2017 07:13:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1169, marca de tiempo: 0x599723f1 Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x001a9fd6 Id. del proceso con errores: 0xef8 Hora de inicio de la aplicación con errores: 0x01d31d262936d75b Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Id. del informe: 670f1668-8919-11e7-bf77-e8039a50c695 Error: (08/24/2017 07:09:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1169, marca de tiempo: 0x599723f1 Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411 Código de excepción: 0xc0000005 Desplazamiento de errores: 0x001a9fd6 Id. del proceso con errores: 0x850 Hora de inicio de la aplicación con errores: 0x01d31d25a23cb5d7 Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Id. del informe: dffdea1d-8918-11e7-bf77-e8039a50c695 Error: (08/24/2017 07:03:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema. Error: (08/24/2017 05:59:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema. Error: (08/24/2017 09:26:13 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema. System errors: ============= Error: (08/24/2017 07:20:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio KMService terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio. Error: (08/24/2017 07:16:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio Malwarebytes Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio. Error: (08/24/2017 06:05:12 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: Error de DCOM "1068" al intentar iniciar el servicio BITS con argumentos "" para ejecutar el servidor: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (08/24/2017 05:58:44 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: Error de DCOM "1084" al intentar iniciar el servicio NVSvc con argumentos "" para ejecutar el servidor: {DCAB0989-1301-4319-BE5F-ADE89F88581C} Error: (08/24/2017 05:58:24 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor: {9E175B6D-F52A-11D8-B9A5-505054503030} Error: (08/24/2017 05:58:24 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (08/24/2017 05:58:22 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: Error de DCOM "1084" al intentar iniciar el servicio EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (08/24/2017 05:58:16 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "" para ejecutar el servidor: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/24/2017 05:57:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: discache SABI spldr Wanarpv6 Error: (08/21/2017 05:27:40 PM) (Source: Disk) (EventID: 11) (User: ) Description: El controlador detectó un error de controladora en \Device\Harddisk1\DR5. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Percentage of memory in use: 72% Total physical RAM: 1961.55 MB Available physical RAM: 545.38 MB Total Virtual: 3923.09 MB Available Virtual: 2305.49 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:443.58 GB) (Free:375.2 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 16C5B7BC) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=443.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=22.1 GB) - (Type=27) ==================== End of Addition.txt ============================ -
Can't open or install any antivirus
MartinR replied to MartinR's topic in Resolved Malware Removal Logs
talking of weird, FRST doesn't work, even in adm mode, but when i open it again two windows open for a second and play the sound of task done but there is no .txt on desktop EDIT i've managed to take a screenshot of the two windows. i attach it -
Can't open or install any antivirus
MartinR replied to MartinR's topic in Resolved Malware Removal Logs
Hí Aura Here is the log of MBAR Malwarebytes Anti-Rootkit BETA 1.9.4.1001 www.malwarebytes.org Database version: main: v2017.08.24.07 rootkit: v2017.08.02.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17633 Rosana :: ROSANA-PC [administrator] 24/08/2017 08:06:36 p.m. mbar-log-2017-08-24 (20-06-36).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 286203 Time elapsed: 15 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Let me know anything Martín -
Hi! i have the task to protect my mothers in law notebook. Last week she claimed her notebook was infected so i have to watch it, but when i tried to open Malwarebytes it wont open. I thought if i reinstall it it will work, but it doesn't. So i downloaded Avast, just to try, but it doesn't even install. I've tried the safe mode, in this case malwarebytes works but in the scans are clean, so i don't know what to do. if it was my notebook i would reinstall windows 7 and problem solved, but she have a lot of files she doesn't know if are backed up so is not an option. Anything you need just say it and sorry for my bad english Martín