jr0x, it finally works on normal mode! here are the logs from FRST, MALWAREBYTES and FSS on normal mode:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by Felipe (administrator) on FELIPE (09-01-2017 13:05:39)
Running from D:\User2016\Desktop
Loaded Profiles: Felipe (Available Profiles: Felipe)
Platform: Windows 7 Home Premium (X64) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Flux Software LLC) C:\Users\Felipe\AppData\Local\FluxSoftware\Flux\flux.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\...\Run: [f.lux] => C:\Users\Felipe\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\...\RunOnce: [Adobe Speed Launcher] => 1483984981
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{92B75EA1-5721-4377-9BB8-8BE2FE93959C}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A49E6196-757F-47AB-87CF-9D04061CDD5D}: [NameServer] 200.108.96.220,200.108.96.217
Internet Explorer:
==================
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.centamnetworks.com/
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.centamnetworks.com/
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-pe/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 793f1rku.default
FF ProfilePath: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\793f1rku.default [2017-01-09]
FF user.js: detected! => C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\793f1rku.default\user.js [2017-01-09]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3052470422-392353544-3589946678-1000: SkypePlugin -> C:\Users\Felipe\AppData\Local\SkypePlugin\7.17.0.44\npGatewayNpapi.dll [2016-03-31] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3052470422-392353544-3589946678-1000: SkypePlugin64 -> C:\Users\Felipe\AppData\Local\SkypePlugin\7.17.0.44\npGatewayNpapi-x64.dll [2016-03-31] (Skype Technologies S.A.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.google.com.pe/?gws_rd=ssl"
CHR DefaultSearchURL: Default -> hxxps://auth.gfx.ms/16.000.26210.00/favicon.ico?v=2
CHR Profile: C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default [2017-01-09]
CHR Extension: (HOTMAIL) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\alkekcgkpcoagcmachoigbfdghlbeoon [2016-04-02]
CHR Extension: (Google Docs) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-15]
CHR Extension: (Google Drive) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-15]
CHR Extension: (YouTube) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-15]
CHR Extension: (Búsqueda de Google) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-15]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-29]
CHR Extension: (Skype) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-12-10]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-15]
CHR Extension: (Chrome Media Router) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Extension: (Llamadas de Skype) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-04-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-09 09:17 - 2017-01-09 09:17 - 00002924 _____ C:\Windows\System32\Tasks\{C498CAA8-102A-4A43-BA37-517D9D364A79}
2017-01-07 18:37 - 2017-01-07 18:37 - 00002966 _____ C:\Windows\System32\Tasks\{2F4D14A0-D0A2-4BC3-A1FF-8275A53BFF7D}
2017-01-07 18:07 - 2017-01-07 18:07 - 00000207 _____ C:\Windows\tweaking.com-regbackup-FELIPE-Windows-7-Home-Premium-(64-bit).dat
2017-01-07 18:07 - 2017-01-07 18:07 - 00000000 ____D C:\RegBackup
2017-01-07 17:30 - 2017-01-07 17:30 - 00000000 ___DL C:\Users\Felipe\My Documents
2017-01-07 17:17 - 2017-01-07 17:18 - 00190158 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2017-01-07 17:17 - 2017-01-07 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-01-07 17:17 - 2017-01-07 17:17 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-01-07 12:23 - 2017-01-07 12:33 - 00651834 _____ C:\TDSSKiller.3.1.0.12_07.01.2017_12.23.34_log.txt
2017-01-07 12:21 - 2017-01-07 12:22 - 00004980 _____ C:\TDSSKiller.3.1.0.12_07.01.2017_12.21.00_log.txt
2017-01-07 08:27 - 2017-01-07 08:27 - 00002966 _____ C:\Windows\System32\Tasks\{84EAA28A-84F3-40AC-BC38-92B039DE4CC7}
2017-01-07 08:27 - 2017-01-07 08:27 - 00002966 _____ C:\Windows\System32\Tasks\{825DBA04-6D76-4639-8CD0-6232F6A22B26}
2017-01-07 08:24 - 2017-01-07 08:24 - 00002966 _____ C:\Windows\System32\Tasks\{98ABF077-10F8-4F0E-904F-BA1D8D5BAA2D}
2017-01-07 08:24 - 2017-01-07 08:24 - 00002966 _____ C:\Windows\System32\Tasks\{66711122-12EC-495F-8D76-8CEF457BCEAE}
2017-01-07 08:08 - 2017-01-07 08:08 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2017-01-07 08:08 - 2017-01-07 08:08 - 00000000 ____D C:\MGADiagToolOutput
2017-01-07 07:55 - 2017-01-07 07:55 - 00000085 _____ C:\Windows\wininit.ini
2017-01-07 07:55 - 2017-01-07 07:55 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-01-07 07:54 - 2009-06-10 16:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170107-075439.backup
2017-01-06 10:21 - 2017-01-09 13:05 - 00000000 ____D C:\FRST
2017-01-03 07:18 - 2017-01-07 07:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-03 07:18 - 2017-01-07 07:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-03 07:18 - 2017-01-03 07:18 - 00000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-01-03 07:18 - 2017-01-03 07:18 - 00000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-01-03 07:18 - 2017-01-03 07:18 - 00000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-01-03 07:15 - 2017-01-09 12:52 - 01590868 _____ C:\Windows\ntbtlog.txt
2016-12-29 12:04 - 2017-01-03 07:19 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-29 12:01 - 2016-12-29 12:02 - 00000000 __SHD C:\Config.Msi
2016-12-10 16:53 - 2016-12-10 16:53 - 00002144 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-12-10 16:53 - 2016-12-10 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-09 13:03 - 2016-04-09 21:38 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Skype
2017-01-09 13:03 - 2009-07-13 23:45 - 00018880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-09 13:03 - 2009-07-13 23:45 - 00018880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-09 13:02 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-09 12:57 - 2009-07-14 04:31 - 00733306 _____ C:\Windows\system32\perfh00A.dat
2017-01-09 12:57 - 2009-07-14 04:31 - 00154222 _____ C:\Windows\system32\perfc00A.dat
2017-01-09 12:57 - 2009-07-14 00:13 - 01675926 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-09 12:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-01-09 10:00 - 2016-04-02 01:07 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome
2017-01-09 10:00 - 2016-03-15 11:53 - 00000000 ____D C:\Windows\AutoKMS
2017-01-09 10:00 - 2016-03-15 11:31 - 00000000 ____D C:\Users\Felipe
2017-01-09 09:16 - 2016-03-15 11:53 - 00108840 _____ C:\Users\Felipe\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-07 18:23 - 2009-07-13 23:45 - 00416024 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-07 18:17 - 2009-07-13 21:34 - 00000514 _____ C:\Windows\win.ini
2017-01-07 17:14 - 2016-03-15 13:00 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-07 08:30 - 2016-06-29 11:35 - 00000000 ____D C:\Users\Felipe\AppData\Local\ElevatedDiagnostics
2017-01-03 07:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-29 12:02 - 2016-03-15 11:35 - 00000000 __SHD C:\Windows\Installer
2016-12-29 12:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\DriverStore
2016-12-17 20:26 - 2016-03-15 11:34 - 00000000 ____D C:\Users\Felipe\AppData\Local\Google
2016-12-17 04:00 - 2016-03-15 11:35 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-17 04:00 - 2016-03-15 11:35 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-17 03:53 - 2016-03-15 11:34 - 00003468 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 03:53 - 2016-03-15 11:34 - 00003340 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-14 06:13 - 2016-04-12 21:36 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\vlc
2016-12-14 05:35 - 2016-03-15 13:01 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-12-14 05:35 - 2016-03-15 13:01 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-12-13 23:00 - 2016-03-15 12:40 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Adobe
2016-12-13 05:02 - 2016-04-09 21:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-11 03:18 - 2009-07-14 00:08 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-10 16:52 - 2016-03-15 11:34 - 00000000 ____D C:\Program Files (x86)\Google
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe
[2009-07-13 18:52] - [2011-01-15 19:01] - 0389632 ____A (Microsoft Corporation) 81257415084B84F3C0D95C381A8D4C8F
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2009-07-13 18:38] - [2011-01-15 19:01] - 1008640 ____A (Microsoft Corporation) 0B864E15A0BADFF0E7BB8B59009FDDCF
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-06 15:03
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Felipe (09-01-2017 13:06:09)
Running from D:\User2016\Desktop
Windows 7 Home Premium (X64) (2016-03-15 16:31:26)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-3052470422-392353544-3589946678-500 - Administrator - Disabled)
Felipe (S-1-5-21-3052470422-392353544-3589946678-1000 - Administrator - Enabled) => C:\Users\Felipe
HomeGroupUser$ (S-1-5-21-3052470422-392353544-3589946678-1002 - Limited - Enabled)
Invitado (S-1-5-21-3052470422-392353544-3589946678-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.10) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Brother MFL-Pro Suite DCP-J105 (HKLM-x32\...\{B742757A-7658-4E09-A51A-085CF0F7F4D3}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
f.lux (HKU\S-1-5-21-3052470422-392353544-3589946678-1000\...\Flux) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 es-ES)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Nero 7.10.1.0 (HKLM-x32\...\Nero7_is1) (Version: 7.10.1.0 - Nero AG)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Photoshop CS5 Extended 12.0 (HKLM-x32\...\Photoshop CS5 Extended 12.0) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{7E4C8063-6644-4580-B27F-6B70B1A51F0E}) (Version: 7.17.0.44 - Skype Technologies S.A.)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.21 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3052470422-392353544-3589946678-1000_Classes\CLSID\{0BFBE3EE-00BF-49F9-BC19-26B42AF261C1}\InprocServer32 -> C:\Users\Felipe\AppData\Local\SkypePlugin\7.17.0.44\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3052470422-392353544-3589946678-1000_Classes\CLSID\{AC4E242D-28FB-40A2-9C2E-150FF1EE5B49}\localserver32 -> C:\Users\Felipe\AppData\Local\SkypePlugin\7.17.0.44\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3052470422-392353544-3589946678-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Felipe\AppData\Local\SkypePlugin\7.17.0.44\EdgeCalling.exe (Skype Technologies S.A.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0AAF7B7C-9470-4709-BC24-8C7670897B1F} - System32\Tasks\{C498CAA8-102A-4A43-BA37-517D9D364A79} => D:\User2016\Desktop\FRST64.exe [2017-01-09] (Farbar)
Task: {0F9E67F2-1EA6-455D-B5CC-1B225E67753C} - System32\Tasks\{825DBA04-6D76-4639-8CD0-6232F6A22B26} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Task: {1E47880E-A52F-43D1-A6D0-19DB28ABD0B6} - System32\Tasks\{66711122-12EC-495F-8D76-8CEF457BCEAE} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Task: {33169B47-AB22-475D-BC94-709705FA9AB0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {416A9E47-9103-4E84-A49B-00F3C923D1AE} - System32\Tasks\{98ABF077-10F8-4F0E-904F-BA1D8D5BAA2D} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Task: {514C1404-F5D3-47D1-B2C4-21EAEDDD1FFD} - System32\Tasks\{05E27C9C-E88B-48F5-9203-A9BDA03CB4E5} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe [2016-10-06] (Google)
Task: {64294FA9-8452-40D6-8638-7F4B744BEF29} - System32\Tasks\{2F4D14A0-D0A2-4BC3-A1FF-8275A53BFF7D} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Task: {91DFAED2-827F-4215-BD0F-9E9D34FBEB14} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {B202AEC0-ACF8-468B-8A25-10598C67828C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-15] (Google Inc.)
Task: {C7887804-832B-4E55-81DC-7033D8AB298B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-15] (Google Inc.)
Task: {DB8FBF19-927E-4BE7-9391-AE3AC7A14FCA} - System32\Tasks\{84EAA28A-84F3-40AC-BC38-92B039DE4CC7} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Task: {E9812601-D2D0-4931-9F02-C9DB9EE64386} - System32\Tasks\{0D61BCCA-A4BB-48B1-90E2-B05B0F8F3FD8} => C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe [2016-10-06] (Google)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-04-09 21:51 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-12-17 04:00 - 2016-12-08 02:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-17 04:00 - 2016-12-08 02:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-03-15 12:07 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\35849799.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\35849799.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2017-01-09 12:52 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3052470422-392353544-3589946678-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 200.108.96.220 - 200.108.96.217
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{55EDC9DB-7EE8-4173-8250-6FE0FAF53DB5}] => C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C724532D-5422-495F-9E85-4CBF405EB01A}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E4B67E3E-14D4-4F85-9F8E-83F07C886A39}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EC4D0ECA-D192-45B2-A1A1-74C3D8293D39}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B965BF6E-08D5-4A6A-BABB-A42A3BCA24BE}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E35DBD8E-668C-40F6-8F3B-D2BCD455FFDE}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{59FDAC0C-9F84-46E6-BFC3-386B3BF57D47}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CE074DA9-8640-40CB-8DF4-0E0DC2FFD80B}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{096DB4C0-F0F7-40C7-896B-EBA1A0053764}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{79688221-6C69-437C-817B-63A606014028}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{01B05AF3-BDC1-4D74-8CF6-41A31EFF9021}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
09-01-2017 10:42:20 Punto de control programado
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/09/2017 01:00:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\CCleaner\CCleaner64.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error: (01/09/2017 01:00:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\CCleaner\CCleaner64.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error: (01/09/2017 10:35:50 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "c:\program files\CCleaner\CCleaner.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Error: (01/09/2017 10:05:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\CCleaner\CCleaner64.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error: (01/09/2017 10:05:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files\CCleaner\CCleaner64.exe". Error en el archivo de manifiesto o directiva "" en la línea .
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error: (01/09/2017 09:50:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa mbamtray.exe, versión 3.0.0.865, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
Identificador de proceso: 2cc
Hora de inicio: 01d26a8745ca7bad
Hora de finalización: 60000
Ruta de acceso de la aplicación: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Identificador de informe: cdb352e1-d67a-11e6-b4f0-50e5492444fa
Error: (01/09/2017 09:49:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: AutoKMS.exe, versión: 2.5.2.0, marca de tiempo: 0x53c9a9a0
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000007fe992be270
Id. del proceso con errores: 0x58c
Hora de inicio de la aplicación con errores: 0x01d26a8736fa8b98
Ruta de acceso de la aplicación con errores: C:\Windows\AutoKMS\AutoKMS.exe
Ruta de acceso del módulo con errores: unknown
Id. del informe: cd87121b-d67a-11e6-b4f0-50e5492444fa
Error: (01/09/2017 09:49:13 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at ..(System.String, System.String, ., System.String)
at ...ctor()
at ..(.)
at ..()
Error: (01/09/2017 08:56:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: AutoKMS.exe, versión: 2.5.2.0, marca de tiempo: 0x53c9a9a0
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000007fe9931e270
Id. del proceso con errores: 0x590
Hora de inicio de la aplicación con errores: 0x01d26a7fd0630b03
Ruta de acceso de la aplicación con errores: C:\Windows\AutoKMS\AutoKMS.exe
Ruta de acceso del módulo con errores: unknown
Id. del informe: 6130d25e-d673-11e6-b528-50e5492444fa
Error: (01/09/2017 08:56:09 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at ..(System.String, System.String, ., System.String)
at ...ctor()
at ..(.)
at ..()
System errors:
=============
Error: (01/09/2017 01:03:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Agrupación de red del mismo nivel depende del servicio Protocolo de resolución de nombres de mismo nivel, el cual no pudo iniciarse debido al siguiente error:
%%-2140993535
Error: (01/09/2017 01:03:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Protocolo de resolución de nombres de mismo nivel se cerró con el siguiente error:
%%-2140993535
Error: (01/09/2017 01:03:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Agrupación de red del mismo nivel depende del servicio Protocolo de resolución de nombres de mismo nivel, el cual no pudo iniciarse debido al siguiente error:
%%-2140993535
Error: (01/09/2017 01:03:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Protocolo de resolución de nombres de mismo nivel se cerró con el siguiente error:
%%-2140993535
Error: (01/09/2017 01:03:37 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: El Protocolo de resolución de nombres de mismo nivel no se inició debido a un error de creación de la identidad predeterminada con código de error: 0x80630801.
Error: (01/09/2017 01:03:37 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: El Protocolo de resolución de nombres de mismo nivel no se inició debido a un error de creación de la identidad predeterminada con código de error: 0x80630801.
Error: (01/09/2017 01:03:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Agrupación de red del mismo nivel depende del servicio Protocolo de resolución de nombres de mismo nivel, el cual no pudo iniciarse debido al siguiente error:
%%-2140993535
Error: (01/09/2017 01:03:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Protocolo de resolución de nombres de mismo nivel se cerró con el siguiente error:
%%-2140993535
Error: (01/09/2017 01:03:28 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: El Protocolo de resolución de nombres de mismo nivel no se inició debido a un error de creación de la identidad predeterminada con código de error: 0x80630801.
Error: (01/09/2017 01:03:26 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: El servicio "WMPNetworkSvc" no se puede iniciar correctamente debido al error "0x80004005" en CoCreateInstance(CLSID_UPnPDeviceFinder). Compruebe que el servicio UPnPHost esté en ejecución y que el componente UPnPHost de Windows esté instalado correctamente.
CodeIntegrity:
===================================
Date: 2017-01-09 13:02:37.306
Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2017-01-09 12:53:16.009
Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2017-01-09 12:50:11.935
Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2017-01-09 10:01:19.947
Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2017-01-09 09:46:48.524
Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2017-01-09 09:42:28.717
Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2017-01-09 09:25:26.460
Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2017-01-09 09:06:49.606
Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2017-01-09 08:53:50.223
Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
Date: 2017-01-07 19:09:39.894
Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\user32.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
==================== Memory info ===========================
Processor: Intel® Core i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 36%
Total physical RAM: 4079.43 MB
Available physical RAM: 2598.23 MB
Total Virtual: 8157.01 MB
Available Virtual: 6529.04 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:29.19 GB) (Free:6.95 GB) NTFS
Drive d: (DATOS) (Fixed) (Total:203.58 GB) (Free:96.75 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 9A9D9A9D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=29.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=203.6 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 1/9/17
Scan Time: 1:09 PM
Logfile:
Administrator: Yes
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.962
License: Trial
-System Information-
OS: Windows 7
CPU: x64
File System: NTFS
User: FELIPE\Felipe
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339372
Time Elapsed: 4 min, 40 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
(end)
Farbar Service Scanner Version: 27-01-2016
Ran by Felipe (administrator) on 09-01-2017 at 13:21:54
Running from "D:\User2016\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****