Jump to content

Can't open or install any antivirus


Recommended Posts

 Hi! i have the task to protect my mothers in law notebook. Last week she claimed her notebook was infected so i have to watch it, but when i tried to open Malwarebytes it wont open. I thought if i reinstall it it will work, but it doesn't. So i downloaded Avast, just to try, but it doesn't even install.

 I've tried the safe mode, in this case malwarebytes works but in the scans are clean, so i don't know what to do. if it was my notebook i would reinstall windows 7 and problem solved, but she have a lot of files she doesn't know if are backed up so is not an option.

Anything you need just say it and sorry for my bad english

Martín

Link to post
Share on other sites

Hi MartinR :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.
 
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
 
If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after. 

Link to post
Share on other sites

Hí Aura

 Here is the log of MBAR

 

Malwarebytes Anti-Rootkit BETA 1.9.4.1001
www.malwarebytes.org

Database version:
  main:    v2017.08.24.07
  rootkit: v2017.08.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
Rosana :: ROSANA-PC [administrator]

24/08/2017 08:06:36 p.m.
mbar-log-2017-08-24 (20-06-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 286203
Time elapsed: 15 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 Let me know anything

Martín

Link to post
Share on other sites

Weird. Let's see how your system looks with FRST.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Make sure the Addition.txt box is checked
  • Click on the Scan button
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

Link to post
Share on other sites

talking of weird, FRST doesn't work, even in adm mode, but when i open it again two windows open for a second and play the sound of task done but there is no .txt on desktop

 EDIT

i've managed to take a screenshot of the two windows. i attach it 

message.png

Edited by MartinR
Link to post
Share on other sites

it worked

FRST:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by no tocar (administrator) on ROSANA-PC (24-08-2017 20:52:30)
Running from C:\Users\no tocar\Downloads
Loaded Profiles: UpdatusUser & no tocar (Available Profiles: UpdatusUser & Rosana & no tocar)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Telefónica) C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\ImpWiFiSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
HKLM-x32\...\Run: [RemoteControl10] => "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk [2017-07-04]
ShortcutTarget: Windows Explorer.lnk -> C:\Users\no tocar\AppData\Roaming\fneuwm\amdhost.exe (No File)
Startup: C:\Users\Rosana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\atajo.lnk [2017-08-24]
ShortcutTarget: atajo.lnk -> C:\Users\Rosana\AppData\Roaming\fneuwm\mjhnaukf32.exe (Microsoft Corporation)
Startup: C:\Users\Rosana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-01-28]
ShortcutTarget: MEGAsync.lnk -> C:\Users\no tocar\AppData\Local\MEGAsync\MEGAsync.exe (No File)
Startup: C:\Users\Rosana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla y Selector de OneNote 2010.lnk [2016-04-04]
ShortcutTarget: Recorte de pantalla y Selector de OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 200.49.130.41 200.42.4.203
Tcpip\..\Interfaces\{9741A571-DAC8-41F5-975B-7D8B11A05D30}: [DhcpNameServer] 200.42.4.210 200.49.130.41
Tcpip\..\Interfaces\{F85C7A4E-9F6C-4A42-96A5-2003D0C580CD}: [DhcpNameServer] 200.49.130.41 200.42.4.203

Internet Explorer:
==================
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2010-05-13] (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-03-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default [2017-08-24]
CHR Extension: (Presentaciones de Google) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-24]
CHR Extension: (Google Docs) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-24]
CHR Extension: (Google Drive) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-24]
CHR Extension: (YouTube) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-24]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-24]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-24]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-24]
CHR Extension: (Chrome Media Router) - C:\Users\no tocar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-24]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2010-06-15] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\Movistar\Escritorio Movistar Latam\ImpWiFiSvc.exe [201080 2011-06-14] (Telefónica)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 massfilter_hs; C:\windows\System32\drivers\massfilter_hs.sys [12800 2010-10-15] (ZTE Incorporated)
R2 SGDrv; C:\windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 USBZTECCID; C:\windows\System32\DRIVERS\ZTEusbccid.sys [18432 2010-10-15] (ZTE)
S3 ZTEusbMB; C:\windows\System32\DRIVERS\ZTEusbnmeaext2.sys [123520 2010-10-15] (ZTE Incorporated)
S3 ZTEusbwwan; C:\windows\System32\DRIVERS\ZTEusbwwan.sys [234496 2010-12-07] (ZTE Incorporated)
S3 zte_massejct; C:\windows\System32\Drivers\zte_massejct.sys [19968 2010-11-19] (ZTE Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-24 20:52 - 2017-08-24 20:53 - 000010756 _____ C:\Users\no tocar\Downloads\FRST.txt
2017-08-24 20:51 - 2017-08-24 20:52 - 000000000 ____D C:\FRST
2017-08-24 20:51 - 2017-08-24 20:51 - 002395648 _____ (Farbar) C:\Users\no tocar\Downloads\FRST64.exe
2017-08-24 20:48 - 2017-08-24 20:48 - 000001397 _____ C:\Users\no tocar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-08-24 20:48 - 2017-08-24 20:48 - 000000000 ____D C:\Users\no tocar\AppData\Roaming\Adobe
2017-08-24 20:48 - 2017-08-24 20:48 - 000000000 ____D C:\Users\no tocar\AppData\Local\Google
2017-08-24 20:47 - 2017-08-24 20:48 - 000000000 ____D C:\Users\no tocar
2017-08-24 20:47 - 2017-08-24 20:47 - 000000020 ___SH C:\Users\no tocar\ntuser.ini
2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Reciente
2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Plantillas
2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Mis documentos
2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Menú Inicio
2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Impresoras
2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Entorno de red
2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Documents\Mis vídeos
2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Documents\Mis imágenes
2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Documents\Mi música
2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Datos de programa
2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\Configuración local
2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\AppData\Local\Historial
2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\AppData\Local\Datos de programa
2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 _SHDL C:\Users\no tocar\AppData\Local\Archivos temporales de Internet
2017-08-24 20:47 - 2017-08-24 20:47 - 000000000 ____D C:\Users\no tocar\AppData\Local\VirtualStore
2017-08-24 20:28 - 2017-08-24 20:28 - 002395648 _____ (Farbar) C:\Users\Rosana\Downloads\FRST64.exe
2017-08-24 20:28 - 2017-08-24 20:28 - 002395648 _____ (Farbar) C:\Users\Rosana\Desktop\FRST64.exe
2017-08-24 20:06 - 2017-08-24 20:22 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-24 20:06 - 2017-08-24 20:06 - 000194776 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-24 20:05 - 2017-08-24 20:05 - 000109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2017-08-24 20:04 - 2017-08-24 20:22 - 000000000 ____D C:\Users\Rosana\Desktop\mbar
2017-08-24 20:03 - 2017-08-24 20:03 - 016564750 _____ (Malwarebytes Corp.) C:\Users\Rosana\Downloads\mbar-1.09.4.1001.exe
2017-08-24 19:31 - 2017-08-24 19:31 - 000000000 ____D C:\Users\Rosana\Desktop\Nueva carpeta
2017-08-24 19:30 - 2017-08-24 19:30 - 001305367 _____ C:\Users\Rosana\Downloads\Autoruns.zip
2017-08-24 19:20 - 2017-08-24 19:22 - 000002102 _____ C:\Users\Rosana\Desktop\Rkill.txt
2017-08-24 19:19 - 2017-08-24 19:20 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Rosana\Downloads\rkill.exe
2017-08-24 19:17 - 2017-08-24 19:17 - 006654960 _____ (AVAST Software) C:\Users\Rosana\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2017-08-24 19:07 - 2017-08-24 19:07 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-24 19:07 - 2017-08-24 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-24 19:07 - 2017-08-24 19:07 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-24 19:07 - 2017-08-21 07:20 - 000077440 _____ C:\windows\system32\Drivers\mbae64.sys
2017-08-24 19:05 - 2017-08-24 19:06 - 065942208 _____ (Malwarebytes ) C:\Users\Rosana\Downloads\mb3-setup-35891.35891-3.2.2.2018.exe
2017-08-24 17:57 - 2017-08-24 18:13 - 000093414 _____ C:\windows\ntbtlog.txt
2017-08-24 17:53 - 2017-08-24 17:53 - 006948656 _____ (AVAST Software) C:\Users\Rosana\Downloads\avast_free_antivirus_setup_online_a1h.exe
2017-08-24 17:53 - 2017-08-24 17:53 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-24 15:48 - 2017-08-24 15:48 - 000063719 _____ C:\Users\Rosana\Desktop\CBU SANTANDER.pdf
2017-08-23 12:32 - 2017-08-23 12:32 - 000009463 _____ C:\Users\Rosana\Downloads\201707_0009096004 (1).pdf
2017-08-23 12:31 - 2017-08-23 12:31 - 000009463 _____ C:\Users\Rosana\Downloads\201707_0009096004.pdf
2017-08-21 16:11 - 2017-08-24 09:38 - 000000000 ____D C:\Users\Rosana\Desktop\Fotos Viaje
2017-08-04 20:34 - 2017-08-04 20:34 - 000001420 _____ C:\Users\Rosana\Downloads\aanep-user-87-tests.csv
2017-08-04 18:32 - 2017-08-04 18:32 - 004875365 _____ C:\Users\Rosana\Downloads\1499358944_Pancreatitits (3).pdf
2017-08-04 18:32 - 2017-08-04 18:32 - 001028390 _____ C:\Users\Rosana\Downloads\1501532804_Módulo 4- _Soporte Nutricional al final de la vida_ _1_ (2).pdf
2017-08-04 18:31 - 2017-08-04 18:31 - 001904490 _____ C:\Users\Rosana\Downloads\1499358844_Hígado (8).pdf
2017-08-04 18:31 - 2017-08-04 18:31 - 001904490 _____ C:\Users\Rosana\Downloads\1499358844_Hígado (7).pdf
2017-08-04 18:31 - 2017-08-04 18:31 - 001157010 _____ C:\Users\Rosana\Downloads\1501532777_insuficiencia intestinal AANEP _1_.pdf
2017-08-04 18:31 - 2017-08-04 18:31 - 001157010 _____ C:\Users\Rosana\Downloads\1501532777_insuficiencia intestinal AANEP _1_ (1).pdf
2017-08-04 18:26 - 2017-08-04 18:26 - 002839162 _____ C:\Users\Rosana\Downloads\1497414040_M1 Senpe (5).pdf
2017-08-04 18:26 - 2017-08-04 18:26 - 002839162 _____ C:\Users\Rosana\Downloads\1497414040_M1 Senpe (4).pdf
2017-08-04 18:26 - 2017-08-04 18:26 - 000340374 _____ C:\Users\Rosana\Downloads\1497414009_M1 2014 ne precoz en pac critico con    inestabilidad hemodinamica (3).pdf
2017-08-04 18:26 - 2017-08-04 18:26 - 000340374 _____ C:\Users\Rosana\Downloads\1497414009_M1 2014 ne precoz en pac critico con    inestabilidad hemodinamica (2).pdf
2017-08-04 18:25 - 2017-08-04 18:25 - 000134260 _____ C:\Users\Rosana\Downloads\1497414000_M1 Summary Canadienses CPGs 2015 vs    2013 _1_ (5).pdf
2017-08-04 18:25 - 2017-08-04 18:25 - 000134260 _____ C:\Users\Rosana\Downloads\1497414000_M1 Summary Canadienses CPGs 2015 vs    2013 _1_ (4).pdf
2017-08-04 12:04 - 2017-08-04 12:04 - 001421429 _____ C:\Users\Rosana\Downloads\1498667080_CLASE 5 - VITAMINA D (2).pdf
2017-08-04 12:04 - 2017-08-04 12:04 - 001421429 _____ C:\Users\Rosana\Downloads\1498667080_CLASE 5 - VITAMINA D (1).pdf
2017-08-03 18:30 - 2017-08-03 18:30 - 001028390 _____ C:\Users\Rosana\Downloads\1501532804_Módulo 4- _Soporte Nutricional al final de la vida_ _1_.pdf
2017-08-03 18:30 - 2017-08-03 18:30 - 001028390 _____ C:\Users\Rosana\Downloads\1501532804_Módulo 4- _Soporte Nutricional al final de la vida_ _1_ (1).pdf
2017-08-01 18:26 - 2017-08-01 18:26 - 096282347 _____ C:\Users\Rosana\Downloads\15005677731978776078 (3).mp4
2017-08-01 17:40 - 2017-08-01 17:40 - 096282347 _____ C:\Users\Rosana\Downloads\15005677731978776078 (2).mp4
2017-07-31 10:08 - 2017-07-31 10:09 - 096282347 _____ C:\Users\Rosana\Downloads\15005677731978776078 (1).mp4
2017-07-27 19:47 - 2017-08-23 11:51 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-24 20:39 - 2009-07-14 00:20 - 000000000 ____D C:\windows\tracing
2017-08-24 20:38 - 2009-07-14 01:45 - 000016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-24 20:38 - 2009-07-14 01:45 - 000016752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-24 20:36 - 2015-01-28 09:43 - 000001036 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-08-24 20:35 - 2012-01-13 22:49 - 000703840 _____ C:\windows\system32\perfh00A.dat
2017-08-24 20:35 - 2012-01-13 22:49 - 000137806 _____ C:\windows\system32\perfc00A.dat
2017-08-24 20:35 - 2009-07-14 02:13 - 001555646 _____ C:\windows\system32\PerfStringBackup.INI
2017-08-24 20:35 - 2009-07-14 00:20 - 000000000 ____D C:\windows\inf
2017-08-24 20:32 - 2016-10-19 14:58 - 000000000 ___HD C:\Users\Rosana\AppData\Roaming\fneuwm
2017-08-24 20:31 - 2009-07-14 02:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-08-24 20:06 - 2015-07-24 14:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-24 20:06 - 2015-02-07 11:31 - 000001036 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d042e2cc5a5e36.job
2017-08-24 20:03 - 2015-05-17 14:01 - 000001036 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d090c32168b5a5.job
2017-08-23 11:52 - 2015-06-28 17:20 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-21 15:22 - 2015-01-28 09:49 - 000002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-21 15:22 - 2015-01-28 09:49 - 000002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-01 21:03 - 2017-02-13 19:46 - 000000000 ____D C:\Users\Rosana\Desktop\Imagenes

==================== Files in the root of some directories =======

2012-01-13 07:22 - 2012-01-13 07:23 - 000000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-01-13 07:14 - 2012-01-13 07:15 - 000000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-01-13 07:19 - 2012-01-13 07:20 - 000000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-01-13 07:16 - 2012-01-13 07:19 - 000000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-01-13 07:21 - 2012-01-13 07:22 - 000000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some files in TEMP:
====================
2015-11-22 18:49 - 2010-10-15 05:50 - 000169808 _____ () C:\Users\Rosana\AppData\Local\Temp\card_setup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-21 17:55

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by no tocar (24-08-2017 20:53:27)
Running from C:\Users\no tocar\Downloads
Windows 7 Home Basic Service Pack 1 (X64) (2015-01-28 11:51:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-297820468-187987108-3971814952-500 - Administrator - Disabled)
Invitado (S-1-5-21-297820468-187987108-3971814952-501 - Limited - Disabled)
no tocar (S-1-5-21-297820468-187987108-3971814952-1002 - Administrator - Enabled) => C:\Users\no tocar
Rosana (S-1-5-21-297820468-187987108-3971814952-1001 - Administrator - Enabled) => C:\Users\Rosana
UpdatusUser (S-1-5-21-297820468-187987108-3971814952-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{48DB5914-8772-472D-B8DF-E2092BE598F6}) (Version: 10.3.181.34 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Escritorio Movistar Latam (HKLM-x32\...\MovistarLATAM) (Version: 8.7.6.765 - Escritorio Movistar Latam)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Malwarebytes versión 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
MEGAsync 1.0.22 (HKLM-x32\...\MEGAsync) (Version: 1.0.22 - Mega Limited)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Graphics Driver 268.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.83 - NVIDIA Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PASW Statistics 18 (HKLM-x32\...\{C25215FC-5900-48B0-B93C-8D3379027312}) (Version: 18.0.0 - SPSS Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
WHO Anthro (HKLM-x32\...\{AC66F0B8-8E0E-4106-AF80-3F8F1F93BE14}_is1) (Version: 3.2.2.1 - WHO)
WHO AnthroPlus (HKLM-x32\...\{13A42C71-87A5-41F7-B7C9-5DC7D56038FC}_is1) (Version: 1.0.4 - WHO)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.31_TME - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] ()
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] ()
ContextMenuHandlers1: [BTMSentToExt] -> {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-10-18] (Intel Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (Alexander Roshal)
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-22] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2010-12-16] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\system32\nvshext.dll [2011-06-04] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07CB5A75-96E0-4D66-88C7-F2666F94077D} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {121DE78F-183A-4F59-9AA5-1C57FA8A5136} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {53F6F71F-4A3E-4176-8E94-27DBC07AFEC2} - System32\Tasks\GoogleUpdateTaskMachineUA1d090c32168b5a5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5515514A-2CB2-4A60-91D7-37D4182B9151} - System32\Tasks\GoogleUpdateTaskMachineUA1d042e2cc5a5e36 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5DABAC5F-FD17-44F4-90BC-394A0837F5D0} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {66D69F35-443E-40EF-93EC-C19FC4498399} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7021709C-206D-4684-8AAA-2DCCED3157C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {7AFFE065-2FE6-4B8C-80C4-42DDA6B5644A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F78D955E-7D98-4EA1-8766-B22A586EBB07} - System32\Tasks\GoogleUpdateTaskMachineUA1d0c0ba410d388d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d042e2cc5a5e36.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d090c32168b5a5.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-01-28 16:00 - 2010-06-15 20:44 - 000008192 _____ () C:\windows\SysWOW64\srvany.exe
2015-01-28 16:00 - 2013-02-14 10:44 - 000273920 _____ () C:\windows\KMService.exe
2010-01-30 02:40 - 2010-01-30 02:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-01 11:13 - 2017-06-22 19:48 - 000598528 _____ () C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX64.dll
2011-07-21 02:51 - 2010-12-16 06:37 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-01 11:15 - 2017-06-22 19:48 - 000569856 _____ () C:\Users\Rosana\AppData\Local\MEGAsync\ShellExtX32.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 004254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2017-08-21 15:22 - 2017-08-11 03:24 - 002881368 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
2017-08-21 15:22 - 2017-08-11 03:24 - 000086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll
2012-01-13 06:25 - 2010-05-07 11:22 - 001636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2009-06-10 18:00 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-297820468-187987108-3971814952-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\no tocar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.49.130.41 - 200.42.4.203
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1A418863-A2F1-4E6B-A310-D8D0E6EE09CF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{176B72BE-1CBA-436D-9BBB-BF94541B379F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{DE375D98-2F97-4D92-A1F9-2C623D8D052A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{587907F4-564A-4122-81DE-302FF871D30B}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{6ADCB451-128C-478C-8210-50FFE451A385}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [{E7013C7A-65D6-4113-84EA-8D3A1C1DC5A0}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{061CA267-62E6-4F7A-932C-4C8EA076148B}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{675287DB-5E90-4F15-9E6A-4DD5BA57BDA6}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [{23B1AD8B-1924-4BBF-AF9A-4250F8F48D86}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [TCP Query User{6080E1D4-5A0B-41B3-9251-25771FA4C916}C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe] => (Block) C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe
FirewallRules: [UDP Query User{E5B41267-9043-431B-9B4F-51B6638F9951}C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe] => (Block) C:\program files (x86)\spssinc\paswstatistics18\paswstat.exe
FirewallRules: [TCP Query User{B3278673-BA8F-4884-B2CA-63FE94D1B5B2}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe
FirewallRules: [UDP Query User{4F784418-C4E8-4E03-8DC9-5B3B9CE4E0CF}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe
FirewallRules: [{8B38C1FB-CC6C-4ADA-A087-F0A8C3BA8C53}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-05-2017 10:28:39 Windows Update
11-06-2017 17:13:19 Windows Update
28-06-2017 18:47:56 Punto de control programado
06-07-2017 20:12:25 Punto de control programado
27-07-2017 21:12:40 Punto de control programado
23-08-2017 10:00:05 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2017 08:32:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (08/24/2017 07:23:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1169, marca de tiempo: 0x599723f1
Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x001a9fd6
Id. del proceso con errores: 0x108
Hora de inicio de la aplicación con errores: 0x01d31d2793c6d1a7
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Id. del informe: d18ac517-891a-11e7-bf77-e8039a50c695

Error: (08/24/2017 07:16:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1169, marca de tiempo: 0x599723f1
Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x001a9fd6
Id. del proceso con errores: 0x13ac
Hora de inicio de la aplicación con errores: 0x01d31d26a27a5598
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Id. del informe: e03966f6-8919-11e7-bf77-e8039a50c695

Error: (08/24/2017 07:15:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1169, marca de tiempo: 0x599723f1
Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x001a9fd6
Id. del proceso con errores: 0x10c4
Hora de inicio de la aplicación con errores: 0x01d31d2680cfad65
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Id. del informe: be8bd889-8919-11e7-bf77-e8039a50c695

Error: (08/24/2017 07:13:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: assistant.exe, versión: 3.0.0.1169, marca de tiempo: 0x5997238a
Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x001a9fd6
Id. del proceso con errores: 0x1248
Hora de inicio de la aplicación con errores: 0x01d31d263b4e4d1c
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Id. del informe: 7907b915-8919-11e7-bf77-e8039a50c695

Error: (08/24/2017 07:13:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1169, marca de tiempo: 0x599723f1
Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x001a9fd6
Id. del proceso con errores: 0xef8
Hora de inicio de la aplicación con errores: 0x01d31d262936d75b
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Id. del informe: 670f1668-8919-11e7-bf77-e8039a50c695

Error: (08/24/2017 07:09:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: mbam.exe, versión: 3.0.0.1169, marca de tiempo: 0x599723f1
Nombre del módulo con errores: Qt5Core.dll, versión: 5.6.2.0, marca de tiempo: 0x594d4411
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x001a9fd6
Id. del proceso con errores: 0x850
Hora de inicio de la aplicación con errores: 0x01d31d25a23cb5d7
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Ruta de acceso del módulo con errores: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Id. del informe: dffdea1d-8918-11e7-bf77-e8039a50c695

Error: (08/24/2017 07:03:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (08/24/2017 05:59:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (08/24/2017 09:26:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


System errors:
=============
Error: (08/24/2017 07:20:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio KMService terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.

Error: (08/24/2017 07:16:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Malwarebytes Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.

Error: (08/24/2017 06:05:12 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1068" al intentar iniciar el servicio BITS con argumentos "" para ejecutar el servidor:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (08/24/2017 05:58:44 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1084" al intentar iniciar el servicio NVSvc con argumentos "" para ejecutar el servidor:
{DCAB0989-1301-4319-BE5F-ADE89F88581C}

Error: (08/24/2017 05:58:24 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/24/2017 05:58:24 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/24/2017 05:58:22 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1084" al intentar iniciar el servicio EventSystem con argumentos "" para ejecutar el servidor:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/24/2017 05:58:16 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "" para ejecutar el servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/24/2017 05:57:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: 
discache
SABI
spldr
Wanarpv6

Error: (08/21/2017 05:27:40 PM) (Source: Disk) (EventID: 11) (User: )
Description: El controlador detectó un error de controladora en \Device\Harddisk1\DR5.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 72%
Total physical RAM: 1961.55 MB
Available physical RAM: 545.38 MB
Total Virtual: 3923.09 MB
Available Virtual: 2305.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:443.58 GB) (Free:375.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 16C5B7BC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.1 GB) - (Type=27)

==================== End of Addition.txt ============================

 

 

Link to post
Share on other sites

I don't see anything malicious really. Let's try this.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

 

fixlist.txt

Link to post
Share on other sites

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.