Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help, PC can't open/install files due to virus [Solved]

Started by diegofba , Jan 06 2017 09:52 AM

  • This topic is locked This topic is locked

#16
Jr0x
Posted 09 January 2017 - 10:09 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi diegofba,

FRST.gifFix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:

Startup: C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-01-07]
ShortcutTarget: Start.lnk -> C:\Users\Felipe\AppData\Roaming\dfenqkn\qnaip.exe (Microsoft Corporation)

C:\Users\Felipe\AppData\Roaming\dfenqkn

Emptytemp:
Hosts:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.
 
Reboot to Normal Mode then try to run the instruction below in Normal Mode and let me know if it's working (If it still does not, then run on Safe Mode)

FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.
In your next reply, please include the following:
  • FRST fixlog
  • FRST log
  • FRST Addition log
  • Try to open application (FRST/Malwarebytes/etc) on normal mode and let me know if it is working

  • 0

Advertisements

#17
diegofba
Posted 09 January 2017 - 12:22 PM

diegofba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

jr0x, it finally works on normal mode! here are the logs from FRST, MALWAREBYTES and FSS on normal mode: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by Felipe (administrator) on FELIPE (09-01-2017 13:05:39)
Running from D:\User2016\Desktop
Loaded Profiles: Felipe (Available Profiles: Felipe)
Platform: Windows 7 Home Premium (X64) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Flux Software LLC) C:\Users\Felipe\AppData\Local\FluxSoftware\Flux\flux.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\...\Run: [f.lux] => C:\Users\Felipe\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\...\RunOnce: [Adobe Speed Launcher] => 1483984981
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{92B75EA1-5721-4377-9BB8-8BE2FE93959C}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A49E6196-757F-47AB-87CF-9D04061CDD5D}: [NameServer] 200.108.96.220,200.108.96.217
 
Internet Explorer:
==================
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.centamnetworks.com/
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.centamnetworks.com/
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-pe/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 793f1rku.default
FF ProfilePath: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\793f1rku.default [2017-01-09]
FF user.js: detected! => C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\793f1rku.default\user.js [2017-01-09]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3052470422-392353544-3589946678-1000: SkypePlugin -> C:\Users\Felipe\AppData\Local\SkypePlugin\7.17.0.44\npGatewayNpapi.dll [2016-03-31] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3052470422-392353544-3589946678-1000: SkypePlugin64 -> C:\Users\Felipe\AppData\Local\SkypePlugin\7.17.0.44\npGatewayNpapi-x64.dll [2016-03-31] (Skype Technologies S.A.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.google.com.pe/?gws_rd=ssl"
CHR DefaultSearchURL: Default -> hxxps://auth.gfx.ms/16.000.26210.00/favicon.ico?v=2
CHR Profile: C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default [2017-01-09]
CHR Extension: (HOTMAIL) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\alkekcgkpcoagcmachoigbfdghlbeoon [2016-04-02]
CHR Extension: (Google Docs) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-15]
CHR Extension: (Google Drive) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-15]
CHR Extension: (YouTube) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-15]
CHR Extension: (Búsqueda de Google) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-15]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-29]
CHR Extension: (Skype) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-12-10]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-15]
CHR Extension: (Chrome Media Router) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Extension: (Llamadas de Skype) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-04-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-09 09:17 - 2017-01-09 09:17 - 00002924 _____ C:\Windows\System32\Tasks\{C498CAA8-102A-4A43-BA37-517D9D364A79}
2017-01-07 18:37 - 2017-01-07 18:37 - 00002966 _____ C:\Windows\System32\Tasks\{2F4D14A0-D0A2-4BC3-A1FF-8275A53BFF7D}
2017-01-07 18:07 - 2017-01-07 18:07 - 00000207 _____ C:\Windows\tweaking.com-regbackup-FELIPE-Windows-7-Home-Premium-(64-bit).dat
2017-01-07 18:07 - 2017-01-07 18:07 - 00000000 ____D C:\RegBackup
2017-01-07 17:30 - 2017-01-07 17:30 - 00000000 ___DL C:\Users\Felipe\My Documents
2017-01-07 17:17 - 2017-01-07 17:18 - 00190158 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-01-07 17:17 - 2017-01-07 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-01-07 17:17 - 2017-01-07 17:17 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-01-07 12:23 - 2017-01-07 12:33 - 00651834 _____ C:\TDSSKiller.3.1.0.12_07.01.2017_12.23.34_log.txt
2017-01-07 12:21 - 2017-01-07 12:22 - 00004980 _____ C:\TDSSKiller.3.1.0.12_07.01.2017_12.21.00_log.txt
2017-01-07 08:27 - 2017-01-07 08:27 - 00002966 _____ C:\Windows\System32\Tasks\{84EAA28A-84F3-40AC-BC38-92B039DE4CC7}
2017-01-07 08:27 - 2017-01-07 08:27 - 00002966 _____ C:\Windows\System32\Tasks\{825DBA04-6D76-4639-8CD0-6232F6A22B26}
2017-01-07 08:24 - 2017-01-07 08:24 - 00002966 _____ C:\Windows\System32\Tasks\{98ABF077-10F8-4F0E-904F-BA1D8D5BAA2D}
2017-01-07 08:24 - 2017-01-07 08:24 - 00002966 _____ C:\Windows\System32\Tasks\{66711122-12EC-495F-8D76-8CEF457BCEAE}
2017-01-07 08:08 - 2017-01-07 08:08 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2017-01-07 08:08 - 2017-01-07 08:08 - 00000000 ____D C:\MGADiagToolOutput
2017-01-07 07:55 - 2017-01-07 07:55 - 00000085 _____ C:\Windows\wininit.ini
2017-01-07 07:55 - 2017-01-07 07:55 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-01-07 07:54 - 2009-06-10 16:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170107-075439.backup
2017-01-06 10:21 - 2017-01-09 13:05 - 00000000 ____D C:\FRST
2017-01-03 07:18 - 2017-01-07 07:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-03 07:18 - 2017-01-07 07:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-03 07:18 - 2017-01-03 07:18 - 00000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-01-03 07:18 - 2017-01-03 07:18 - 00000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-01-03 07:18 - 2017-01-03 07:18 - 00000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-01-03 07:15 - 2017-01-09 12:52 - 01590868 _____ C:\Windows\ntbtlog.txt
2016-12-29 12:04 - 2017-01-03 07:19 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-29 12:01 - 2016-12-29 12:02 - 00000000 __SHD C:\Config.Msi
2016-12-10 16:53 - 2016-12-10 16:53 - 00002144 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-12-10 16:53 - 2016-12-10 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-09 13:03 - 2016-04-09 21:38 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Skype
2017-01-09 13:03 - 2009-07-13 23:45 - 00018880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-09 13:03 - 2009-07-13 23:45 - 00018880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-09 13:02 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-09 12:57 - 2009-07-14 04:31 - 00733306 _____ C:\Windows\system32\perfh00A.dat
2017-01-09 12:57 - 2009-07-14 04:31 - 00154222 _____ C:\Windows\system32\perfc00A.dat
2017-01-09 12:57 - 2009-07-14 00:13 - 01675926 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-09 12:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-01-09 10:00 - 2016-04-02 01:07 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome
2017-01-09 10:00 - 2016-03-15 11:53 - 00000000 ____D C:\Windows\AutoKMS
2017-01-09 10:00 - 2016-03-15 11:31 - 00000000 ____D C:\Users\Felipe
2017-01-09 09:16 - 2016-03-15 11:53 - 00108840 _____ C:\Users\Felipe\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-07 18:23 - 2009-07-13 23:45 - 00416024 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-07 18:17 - 2009-07-13 21:34 - 00000514 _____ C:\Windows\win.ini
2017-01-07 17:14 - 2016-03-15 13:00 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-07 08:30 - 2016-06-29 11:35 - 00000000 ____D C:\Users\Felipe\AppData\Local\ElevatedDiagnostics
2017-01-03 07:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-29 12:02 - 2016-03-15 11:35 - 00000000 __SHD C:\Windows\Installer
2016-12-29 12:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\DriverStore
2016-12-17 20:26 - 2016-03-15 11:34 - 00000000 ____D C:\Users\Felipe\AppData\Local\Google
2016-12-17 04:00 - 2016-03-15 11:35 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-17 04:00 - 2016-03-15 11:35 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-17 03:53 - 2016-03-15 11:34 - 00003468 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 03:53 - 2016-03-15 11:34 - 00003340 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-14 06:13 - 2016-04-12 21:36 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\vlc
2016-12-14 05:35 - 2016-03-15 13:01 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-12-14 05:35 - 2016-03-15 13:01 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-12-13 23:00 - 2016-03-15 12:40 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Adobe
2016-12-13 05:02 - 2016-04-09 21:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-11 03:18 - 2009-07-14 00:08 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-10 16:52 - 2016-03-15 11:34 - 00000000 ____D C:\Program Files (x86)\Google
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe
[2009-07-13 18:52] - [2011-01-15 19:01] - 0389632 ____A (Microsoft Corporation) 81257415084B84F3C0D95C381A8D4C8F
 
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2009-07-13 18:38] - [2011-01-15 19:01] - 1008640 ____A (Microsoft Corporation) 0B864E15A0BADFF0E7BB8B59009FDDCF
 
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-06 15:03
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Felipe (09-01-2017 13:06:09)
Running from D:\User2016\Desktop
Windows 7 Home Premium (X64) (2016-03-15 16:31:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-3052470422-392353544-3589946678-500 - Administrator - Disabled)
Felipe (S-1-5-21-3052470422-392353544-3589946678-1000 - Administrator - Enabled) => C:\Users\Felipe
HomeGroupUser$ (S-1-5-21-3052470422-392353544-3589946678-1002 - Limited - Enabled)
Invitado (S-1-5-21-3052470422-392353544-3589946678-501 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.10) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Brother MFL-Pro Suite DCP-J105 (HKLM-x32\...\{B742757A-7658-4E09-A51A-085CF0F7F4D3}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
f.lux (HKU\S-1-5-21-3052470422-392353544-3589946678-1000\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 es-ES)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Nero 7.10.1.0 (HKLM-x32\...\Nero7_is1) (Version: 7.10.1.0 - Nero AG)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Photoshop CS5 Extended 12.0 (HKLM-x32\...\Photoshop CS5 Extended 12.0) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{7E4C8063-6644-4580-B27F-6B70B1A51F0E}) (Version: 7.17.0.44 - Skype Technologies S.A.)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.21 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3052470422-392353544-3589946678-1000_Classes\CLSID\{0BFBE3EE-00BF-49F9-BC19-26B42AF261C1}\InprocServer32 -> C:\Users\Felipe\AppData\Local\SkypePlugin\7.17.0.44\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3052470422-392353544-3589946678-1000_Classes\CLSID\{AC4E242D-28FB-40A2-9C2E-150FF1EE5B49}\localserver32 -> C:\Users\Felipe\AppData\Local\SkypePlugin\7.17.0.44\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3052470422-392353544-3589946678-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Felipe\AppData\Local\SkypePlugin\7.17.0.44\EdgeCalling.exe (Skype Technologies S.A.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0AAF7B7C-9470-4709-BC24-8C7670897B1F} - System32\Tasks\{C498CAA8-102A-4A43-BA37-517D9D364A79} => D:\User2016\Desktop\FRST64.exe [2017-01-09] (Farbar)
Task: {0F9E67F2-1EA6-455D-B5CC-1B225E67753C} - System32\Tasks\{825DBA04-6D76-4639-8CD0-6232F6A22B26} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Task: {1E47880E-A52F-43D1-A6D0-19DB28ABD0B6} - System32\Tasks\{66711122-12EC-495F-8D76-8CEF457BCEAE} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Task: {33169B47-AB22-475D-BC94-709705FA9AB0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {416A9E47-9103-4E84-A49B-00F3C923D1AE} - System32\Tasks\{98ABF077-10F8-4F0E-904F-BA1D8D5BAA2D} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Task: {514C1404-F5D3-47D1-B2C4-21EAEDDD1FFD} - System32\Tasks\{05E27C9C-E88B-48F5-9203-A9BDA03CB4E5} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe [2016-10-06] (Google)
Task: {64294FA9-8452-40D6-8638-7F4B744BEF29} - System32\Tasks\{2F4D14A0-D0A2-4BC3-A1FF-8275A53BFF7D} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Task: {91DFAED2-827F-4215-BD0F-9E9D34FBEB14} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {B202AEC0-ACF8-468B-8A25-10598C67828C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-15] (Google Inc.)
Task: {C7887804-832B-4E55-81DC-7033D8AB298B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-15] (Google Inc.)
Task: {DB8FBF19-927E-4BE7-9391-AE3AC7A14FCA} - System32\Tasks\{84EAA28A-84F3-40AC-BC38-92B039DE4CC7} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Task: {E9812601-D2D0-4931-9F02-C9DB9EE64386} - System32\Tasks\{0D61BCCA-A4BB-48B1-90E2-B05B0F8F3FD8} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe [2016-10-06] (Google)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-04-09 21:51 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-12-17 04:00 - 2016-12-08 02:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-17 04:00 - 2016-12-08 02:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-03-15 12:07 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\35849799.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\35849799.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2017-01-09 12:52 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 200.108.96.220 - 200.108.96.217
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{55EDC9DB-7EE8-4173-8250-6FE0FAF53DB5}] => C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C724532D-5422-495F-9E85-4CBF405EB01A}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E4B67E3E-14D4-4F85-9F8E-83F07C886A39}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EC4D0ECA-D192-45B2-A1A1-74C3D8293D39}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B965BF6E-08D5-4A6A-BABB-A42A3BCA24BE}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E35DBD8E-668C-40F6-8F3B-D2BCD455FFDE}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{59FDAC0C-9F84-46E6-BFC3-386B3BF57D47}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CE074DA9-8640-40CB-8DF4-0E0DC2FFD80B}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{096DB4C0-F0F7-40C7-896B-EBA1A0053764}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{79688221-6C69-437C-817B-63A606014028}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{01B05AF3-BDC1-4D74-8CF6-41A31EFF9021}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
09-01-2017 10:42:20 Punto de control programado
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/09/2017 01:00:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\CCleaner\CCleaner64.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error: (01/09/2017 01:00:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\CCleaner\CCleaner64.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error: (01/09/2017 10:35:50 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "c:\program files\CCleaner\CCleaner.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error: (01/09/2017 10:05:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\CCleaner\CCleaner64.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error: (01/09/2017 10:05:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\CCleaner\CCleaner64.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error: (01/09/2017 09:50:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa mbamtray.exe, versión 3.0.0.865, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador de proceso: 2cc
 
Hora de inicio: 01d26a8745ca7bad
 
Hora de finalización: 60000
 
Ruta de acceso de la aplicación: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
 
Identificador de informe: cdb352e1-d67a-11e6-b4f0-50e5492444fa
 
Error: (01/09/2017 09:49:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: AutoKMS.exe, versión: 2.5.2.0, marca de tiempo: 0x53c9a9a0
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000007fe992be270
Id. del proceso con errores: 0x58c
Hora de inicio de la aplicación con errores: 0x01d26a8736fa8b98
Ruta de acceso de la aplicación con errores: C:\Windows\AutoKMS\AutoKMS.exe
Ruta de acceso del módulo con errores: unknown
Id. del informe: cd87121b-d67a-11e6-b4f0-50e5492444fa
 
Error: (01/09/2017 09:49:13 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at ..(System.String, System.String, ., System.String)
   at ...ctor()
   at ..(.)
   at ..()
 
Error: (01/09/2017 08:56:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: AutoKMS.exe, versión: 2.5.2.0, marca de tiempo: 0x53c9a9a0
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000007fe9931e270
Id. del proceso con errores: 0x590
Hora de inicio de la aplicación con errores: 0x01d26a7fd0630b03
Ruta de acceso de la aplicación con errores: C:\Windows\AutoKMS\AutoKMS.exe
Ruta de acceso del módulo con errores: unknown
Id. del informe: 6130d25e-d673-11e6-b528-50e5492444fa
 
Error: (01/09/2017 08:56:09 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at ..(System.String, System.String, ., System.String)
   at ...ctor()
   at ..(.)
   at ..()
 
 
System errors:
=============
Error: (01/09/2017 01:03:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Agrupación de red del mismo nivel depende del servicio Protocolo de resolución de nombres de mismo nivel, el cual no pudo iniciarse debido al siguiente error: 
%%-2140993535
 
Error: (01/09/2017 01:03:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Protocolo de resolución de nombres de mismo nivel se cerró con el siguiente error: 
%%-2140993535
 
Error: (01/09/2017 01:03:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Agrupación de red del mismo nivel depende del servicio Protocolo de resolución de nombres de mismo nivel, el cual no pudo iniciarse debido al siguiente error: 
%%-2140993535
 
Error: (01/09/2017 01:03:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Protocolo de resolución de nombres de mismo nivel se cerró con el siguiente error: 
%%-2140993535
 
Error: (01/09/2017 01:03:37 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: El Protocolo de resolución de nombres de mismo nivel no se inició debido a un error de creación de la identidad predeterminada con código de error: 0x80630801.
 
Error: (01/09/2017 01:03:37 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: El Protocolo de resolución de nombres de mismo nivel no se inició debido a un error de creación de la identidad predeterminada con código de error: 0x80630801.
 
Error: (01/09/2017 01:03:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Agrupación de red del mismo nivel depende del servicio Protocolo de resolución de nombres de mismo nivel, el cual no pudo iniciarse debido al siguiente error: 
%%-2140993535
 
Error: (01/09/2017 01:03:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Protocolo de resolución de nombres de mismo nivel se cerró con el siguiente error: 
%%-2140993535
 
Error: (01/09/2017 01:03:28 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: El Protocolo de resolución de nombres de mismo nivel no se inició debido a un error de creación de la identidad predeterminada con código de error: 0x80630801.
 
Error: (01/09/2017 01:03:26 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80004005" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-09 13:02:37.306
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2017-01-09 12:53:16.009
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2017-01-09 12:50:11.935
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2017-01-09 10:01:19.947
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2017-01-09 09:46:48.524
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2017-01-09 09:42:28.717
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2017-01-09 09:25:26.460
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2017-01-09 09:06:49.606
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2017-01-09 08:53:50.223
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2017-01-07 19:09:39.894
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 36%
Total physical RAM: 4079.43 MB
Available physical RAM: 2598.23 MB
Total Virtual: 8157.01 MB
Available Virtual: 6529.04 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:29.19 GB) (Free:6.95 GB) NTFS
Drive d: (DATOS) (Fixed) (Total:203.58 GB) (Free:96.75 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 9A9D9A9D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=29.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=203.6 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/9/17
Scan Time: 1:09 PM
Logfile: 
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.962
License: Trial
 
-System Information-
OS: Windows 7
CPU: x64
File System: NTFS
User: FELIPE\Felipe
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339372
Time Elapsed: 4 min, 40 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
Farbar Service Scanner Version: 27-01-2016
Ran by Felipe (administrator) on 09-01-2017 at 13:21:54
Running from "D:\User2016\Desktop"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 

Attached Files


  • 0

#18
Jr0x
Posted 10 January 2017 - 06:54 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi diegofba,

You're missing the FRST fixlog.
  • 0

#19
diegofba
Posted 10 January 2017 - 08:32 AM

diegofba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

hi Jr0x, sorry my bad, here's the fixlog. Please tell me how to proceed

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Felipe (09-01-2017 12:52:33) Run:2
Running from D:\User2016\Desktop
Loaded Profiles: Felipe (Available Profiles: Felipe)
Boot Mode: Safe Mode (minimal)
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
 
Startup: C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2017-01-07]
ShortcutTarget: Start.lnk -> C:\Users\Felipe\AppData\Roaming\dfenqkn\qnaip.exe (Microsoft Corporation)
 
C:\Users\Felipe\AppData\Roaming\dfenqkn
 
Emptytemp:
Hosts:
End
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk => moved successfully
C:\Users\Felipe\AppData\Roaming\dfenqkn\qnaip.exe => not found.
C:\Users\Felipe\AppData\Roaming\dfenqkn => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14744800 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 16990732 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 66228 B
NetworkService => 0 B
Felipe => 637752 B
 
RecycleBin => 0 B
EmptyTemp: => 30.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:52:36 ====

Attached Files


  • 0

#20
Jr0x
Posted 10 January 2017 - 09:21 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi diegofba,

That's great news. Any other issue with your machine now?

FRST.gifSearch with FRST
  • Run FRST
  • In the Search: box
  • Copy and paste the following text into it

    35849799.*

  • Click on Search Files button
Once the search is completed, a Search.txt log is saved at the same location that FRST.exe is located.


FRST.gifFix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 

Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-3052470422-392353544-3589946678-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.centamnetworks.com/
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.centamnetworks.com/
FF user.js: detected! => C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\793f1rku.default\user.js [2017-01-09]
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
Task: {0AAF7B7C-9470-4709-BC24-8C7670897B1F} - System32\Tasks\{C498CAA8-102A-4A43-BA37-517D9D364A79} => D:\User2016\Desktop\FRST64.exe [2017-01-09] (Farbar)

C:\system32\drivers\MBAMChameleon.sys

Emptytemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.


adwcleaner_new.png Scan with AdwCleaner

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    post-235300-0-92853400-1471390762_thumb.
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Do not click the Cleaning button.
  • Click the Logfile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
In your next reply, please include the following:
  • FRST search log
  • FRST fixlog
  • AdwCleaner scan log

  • 0

#21
diegofba
Posted 10 January 2017 - 10:00 AM

diegofba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hi, here are the logs but i have a problem with adwcleaner (I first searched on FRST, then i scanned succesfully on adwcleaner and it showed me 4 founds, but then i fixed with FRST and when i tried to scan again using adwcleaner theres a error: *sqlite3.dll is corrupted or has been replaced but i'm attaching the previous one 

 

LOGS: 

Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Felipe (10-01-2017 10:41:19)
Running from D:\User2016\Desktop
Boot Mode: Normal
 
================== Search Files: "35849799.*" =============
 
====== End of Search ======
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Felipe (10-01-2017 10:46:17) Run:3
Running from D:\User2016\Desktop
Loaded Profiles: Felipe (Available Profiles: Felipe)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
 
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.centamnetworks.com/
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.centamnetworks.com/
FF user.js: detected! => C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\793f1rku.default\user.js [2017-01-09]
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
Task: {0AAF7B7C-9470-4709-BC24-8C7670897B1F} - System32\Tasks\{C498CAA8-102A-4A43-BA37-517D9D364A79} => D:\User2016\Desktop\FRST64.exe [2017-01-09] (Farbar)
 
C:\system32\drivers\MBAMChameleon.sys
 
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\793f1rku.default\user.js => moved successfully
C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\793f1rku.default\user.js => not found.
HKLM\System\CurrentControlSet\Services\MBAMChameleon => key removed successfully
MBAMChameleon => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AAF7B7C-9470-4709-BC24-8C7670897B1F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AAF7B7C-9470-4709-BC24-8C7670897B1F} => key removed successfully
C:\Windows\System32\Tasks\{C498CAA8-102A-4A43-BA37-517D9D364A79} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C498CAA8-102A-4A43-BA37-517D9D364A79} => key removed successfully
"C:\system32\drivers\MBAMChameleon.sys" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5445661 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 30710628 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 66228 B
NetworkService => 0 B
Felipe => 3318600 B
 
RecycleBin => 0 B
EmptyTemp: => 45.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:46:27 ====
 
AND here is the previous report before i could scan again(adwcleaner)
 
# AdwCleaner v6.042 - Archivo de registro creado 10/01/2017 en 10:45:50
# Actualizado en 06/01/2017 por Malwarebytes
# Base de datos : 2017-01-10.1 [Local]
# Sistema Operativo : Windows 7 Home Premium  (X64)
# Nombre de usuario : Felipe - FELIPE
# Ejecutado desde : D:\User2016\Desktop\AdwCleaner.exe
# Modo: Escanear
 
 
 
***** [ Servicios ] *****
 
No se han encontrado servicios maliciosos.
 
 
***** [ Carpetas ] *****
 
No se encontraron carpetas maliciosas.
 
 
***** [ Archivos ] *****
 
No se encontraron archivos maliciosos.
 
 
***** [ DLL ] *****
 
No se han encontrado DLLs maliciosas.
 
 
***** [ WMI ] *****
 
No se han encontrado claves maliciosas.
 
 
***** [ Accesos directos ] *****
 
No se ha encontrado ningún acceso directo infectado.
 
 
***** [ Tareas programadas ] *****
 
No se ha encontrado ninguna tarea maliciosa.
 
 
***** [ Registro ] *****
 
Llave Encontrada HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Llave Encontrada HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Llave Encontrada [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Llave Encontrada [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
 
 
***** [ Navegadores Web ] *****
 
No se han encontrado elementos de navegador maliciosos basados en Firefox.
No se han encontrado elementos de navegador maliciosos basados en Chromium.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [1446 Bytes] - [10/01/2017 10:45:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1519 Bytes] ##########
 

 

Attached Files


  • 0

#22
Jr0x
Posted 11 January 2017 - 07:13 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi diegofba,
 
Apologies for the delay. I am consulting my instructor with regards to your log.
 
Will be back to you as soon as possible.

  • 0

#23
diegofba
Posted 11 January 2017 - 07:38 AM

diegofba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

 

Hi diegofba,
 
Apologies for the delay. I am consulting my instructor with regards to your log.
 
Will be back to you as soon as possible.

 

Hi Jr0x, no problem I understand 


  • 0

#24
Jr0x
Posted 12 January 2017 - 06:18 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi diegofba,

Apologies for the long delay.
 
In the event that you hit with the AdwCleaner error again, please try to uninstall it by Selecting File > Uninstall on AdwCleaner. After which, please re-download AdwCleaner again and try.

JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


adwcleaner_new.pngRe-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to finish.
  • Everything left checked will be deleted.
  • Now click the Cleaning button.
  • Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C1].txt
In your next reply, please include the following:
  • JRT log
  • AdwCleaner clean log
  • How's your machine running now?

  • 0

#25
diegofba
Posted 12 January 2017 - 07:46 AM

diegofba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hi Jr0x

No worries, thanks a lot;

pc is running much better and I haven't found more problems opening/installing files anymore, so it's working great

 

Here are the logs: 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Felipe (Administrator) on 12/01/2017 at  8:24:33.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 9 
 
Failed to delete: C:\Users\Felipe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH9E38K4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Users\Felipe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BS8IY569 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Felipe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPV2JC2B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Felipe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UD409QL9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BS8IY569 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH9E38K4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPV2JC2B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UD409QL9 (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/01/2017 at  8:27:27.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v6.042 - Archivo de registro creado 12/01/2017 en 08:38:30
# Actualizado en 06/01/2017 por Malwarebytes
# Base de datos : 2017-01-11.1 [Local]
# Sistema Operativo : Windows 7 Home Premium  (X64)
# Nombre de usuario : Felipe - FELIPE
# Ejecutado desde : D:\User2016\Desktop\AdwCleaner.exe
# Modo: Limpiar
 
 
 
***** [ Servicios ] *****
 
 
 
***** [ Carpetas ] *****
 
 
 
***** [ Archivos ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Accesos directos ] *****
 
 
 
***** [ Tareas programadas ] *****
 
 
 
***** [ Registro ] *****
 
[-] Llave eliminada: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Llave eliminada: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Llave eliminada al reiniciar: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Llave eliminada al reiniciar: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
 
 
***** [ Navegadores ] *****
 
 
 
*************************
 
:: Llaves "Tracing" eliminadas
:: Se han borrado los ajustes de Winsock
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1132 Bytes] - [12/01/2017 08:38:30]
C:\AdwCleaner\AdwCleaner[S0].txt - [1606 Bytes] - [12/01/2017 08:38:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1278 Bytes] ##########
 

 

Attached Files


  • 0

Advertisements

#26
Jr0x
Posted 13 January 2017 - 07:03 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
OK! Well done. :thumbsup: Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please complete the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

Tools CleanUp with DelFix

Download Delfix and save it to the Desktop.
  • Right click the 34079650-4cb0ca87s.jpg and click Run as Administrator.
  • Ensure ALL boxes are checked.
    delfix.JPG
  • Click the Run button.
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Delete the following Files and Folders (If Present):

Delete any other .bat, .log, .reg, .txt, and any other files created or downloaded during this process, and left on the desktop and empty the Recycle Bin.

Keeping your software updated

Windows Updates

It is extremely important for you to keep your Windows updated especially that you're not running on Service Pack 1.
Please download and install all Windows update.
  • Please go to Start Menu -> Control Panel
  • Under View by: select Large Icons, then tap or click Windows Update.
  • Click on Change Settings

    CheckForUpdates.JPG[/b]
  • Select "Install updates automatically (recommended)" from the Important updates drop-down.

    WUChangeSettings.JPG
  • Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
  • Ensure that all of the other check boxes are checked.
  • Click OK.
Malwarebytes Anti-Malware

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

Keep Java Updated

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.
If you do have software that requires it, then disable it until such time as it's needed by those programs.
Please click the link below for instructions to disable and uninstall Java.

How to Disable Java in your Web Browser

How to Completely Remove and Uninstall Java From Windows PC

Filehippo Updatechecker

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker

Tips, Information, and Optional Installation

Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.

To help protect yourself while on the web, I recommend you read Answers to common security questions - Best Practices

Installation of Unchecky (Optional)

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.

eF6qWPr.jpg

Then click Finish

1YmbKwi.jpg

Unchecky is now installed and will help you keep unwanted check boxes unchecked.

Installation of CryptoPrevent (Optional)

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You may read more about this here.

To download and install:
  • Click CryptoPrevent
  • Under the Free Edition column, click on Download button to request for a download link and download to your Desktop
  • Extract the content of the zip file to your Desktop and right-click and select Run as Administrator
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.
Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.

If you have any other questions, please feel free to ask me.
  • 0

#27
diegofba
Posted 13 January 2017 - 09:30 AM

diegofba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hi Jr0x, here's the delfix log and thank you and your instructor for all your support I appreciate it a lot. Have a nice day  :spoton:

Best regards

 

# DelFix v1.010 - Logfile created 13/01/2017 at 10:23:21
# Updated 26/04/2015 by Xplode
# Username : Felipe - FELIPE
# Operating System : Windows 7 Home Premium  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : D:\User2016\Desktop\FRST-OlderVersion
Deleted : C:\TDSSKiller.3.1.0.12_07.01.2017_12.21.00_log.txt
Deleted : C:\TDSSKiller.3.1.0.12_07.01.2017_12.23.34_log.txt
Deleted : D:\User2016\Desktop\Addition.txt
Deleted : D:\User2016\Desktop\AdwCleaner.exe
Deleted : D:\User2016\Desktop\AdwCleaner[C0].txt
Deleted : D:\User2016\Desktop\AdwCleaner[S0]dd.txt
Deleted : D:\User2016\Desktop\CKScanner.exe
Deleted : D:\User2016\Desktop\Fixlog.txt
Deleted : D:\User2016\Desktop\Fixloggg2..txt
Deleted : D:\User2016\Desktop\Fixlogggg3.txt
Deleted : D:\User2016\Desktop\FRST.txt
Deleted : D:\User2016\Desktop\FRST64.exe
Deleted : D:\User2016\Desktop\FSS.exe
Deleted : D:\User2016\Desktop\FSS.txt
Deleted : D:\User2016\Desktop\JRT.exe
Deleted : D:\User2016\Desktop\JRT.txt
Deleted : D:\User2016\Desktop\Search.txt
Deleted : D:\User2016\Desktop\tdsskiller.exe
Deleted : D:\User2016\Desktop\WVCheck_1440_06-01-2017.txt
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

Attached Files


Edited by diegofba, 13 January 2017 - 09:31 AM.

  • 0

#28
Jr0x
Posted 13 January 2017 - 10:15 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Glad that we could help.

 

Stay safe and have a nice day too.


  • 0

#29
azarl
Posted 13 January 2017 - 01:09 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0

#30
azarl
Posted 13 January 2017 - 01:09 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP